Home page logo
/

bugtraq logo Bugtraq mailing list archives

Audiogalaxy again
From: "big bon" <vulndev () hotmail com>
Date: Tue, 27 Nov 2001 08:04:52 -0800

Well I will keep this to the point.
Nudehackers.com is down so forgive me for sending from my mailing list acct.


Sometime ago I released a statement about Audiogalaxy keeping usernames and passwords in clear text in a file on the users system. Well, shortly after that they fixed it, or so it seemed. I notified the good people over at Audiogalaxy about this months ago and I see nothing has changed. Audiogalaxy has started storing username and passwords in cookie. A sample cookie entry looks like this:

cookieUsername
USERNAMEHERE
audiogalaxy.com/
0
367281152
29529638
3457234544
29456211
*
cookiePassword
CLEARTEXTPASSHERE
audiogalaxy.com

Well the obivous problem is that someone exploiting the recent IE bug and stealing cookies could get the cookie and thus have the username and password. Now before the arguement was that nothing destructive could be done with this information and my comments didnt all make it to bugtraq. Well, here is what someone might do. Steal the username/password, using audiogalaxy software set an mp3 for download that the attacker has wrapped with a trjoan, oh say BO2K. Now, the arguement was that the file would have a .mp3 extension and thus bo2k would not work, THIS IS WRONG. Back orifice does not have to have a .exe entension thus whent he victim ran the mp3 to enjoy the music they would be infected.

To conclude this should be fixed.

Special "shout outs" to michael over at audiogalaxy. :)

altomo
Nudehackers.com

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]