TUCoPS :: Windows Apps :: win5610.htm

WinAmp ID3v2 tag cross site scripting
7th Aug 2002 [SBWID-5610]
COMMAND

	WinAmp ID3v2 tag cross site scripting

SYSTEMS AFFECTED

	Tested on: Winamp 2.76 and 2.79 (Windows 98)

PROBLEM

	DownBload  [downbload@hotmail.com]  of  Illegal   Instruction   Security
	Research Labs advisory :
	

	ID3v2 tag in mp3 file contains some information about mp3 file  (artist,
	title, album, commet, etc.). Winamp supports creation of  html  playlist
	from winamp playlist. During generation process in html file is  written
	only 'artist' and 'title' section of ID3v2 tag. In 'artist' and  'title'
	section, we can put arbitrary CSS code,  which  will  be  executed  when
	html playlist will be generated, and shown with default web browser.
	

	 ------[ Example

	

	Open 'view file info' on some mp3 file (read  only  flag  on  that  file
	must be removed), and edit ID3v2 tag. Put some text in 'artist'  section
	(if you wanna fool somebody, it is the best to write  the  name  of  the
	artist and song name in 'artist' section.  After  that  put  some  blank
	space characters (around 100) and . after  that),  and  CSS  code  which
	will be executed in 'title' section. For  testing  purpose,  in  'title'
	section, you can put:
	

	-----cut here-----

	<script> alert ("HI!!!"); </script>

	-----cut here-----

	

	You can put some blank space (in 'title' section) before CSS  code  too.
	After that generate html file from playlist, and you  will  see  msgbox,
	with text HI!!!

SOLUTION

	?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH