BugTraq
Back to list
|
Post reply
bug of script injection in shoutcast servers
Jun 08 2006 01:29PM
mantasjadzevicius vecro lt
Vulnerable Systems:
All shoutcast servers!!
I found an error in shoutcast server.
Then I'm connecting to the server I type in the DJ columns( you can type in all columns) for exmple script pvz.:
<script>alert("boo");</script>
<script>location.href="google.com";</script>
or else...
So then you go to http://radio.com:port and will be executed script.
Mantas Jadzevičius a.k.a UZUZZ
mantasjadzevicius (at) vecro (dot) lt [email concealed]
irc: irc.data.lt #security
2006
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
All shoutcast servers!!
I found an error in shoutcast server.
Then I'm connecting to the server I type in the DJ columns( you can type in all columns) for exmple script pvz.:
<script>alert("boo");</script>
<script>location.href="google.com";</script>
or else...
So then you go to http://radio.com:port and will be executed script.
Mantas Jadzevičius a.k.a UZUZZ
mantasjadzevicius (at) vecro (dot) lt [email concealed]
irc: irc.data.lt #security
2006
[ reply ]