[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug of script injection in shoutcast servers

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: bug of script injection in shoutcast servers
From: mantasjadzevicius@xxxxxxxx
Date: 8 Jun 2006 13:29:11 -0000

Vulnerable Systems:
All shoutcast servers!!

I found an error in shoutcast server.
 Then I'm connecting to the server I type in the DJ columns( you can type in 
all columns) for exmple script pvz.:
<script>alert("boo");</script>
<script>location.href="google.com";</script>
or else...
So then you go to http://radio.com:port and will be executed script.



Mantas Jadzevi&#269;ius a.k.a UZUZZ
mantasjadzevicius@xxxxxxxx
irc: irc.data.lt #security
2006

Prev by Date: Re: phpBannerExchange 2.0 Directory Traversal Vulnerability
Next by Date: Re: IRM 019: MailMarshal 6.1 SMTP MTA Content Filter Bypass
Previous by thread: Re: phpBannerExchange 2.0 Directory Traversal Vulnerability
Next by thread: Re: Tiny Web Gallery <= 1.4 XSS
Index(es):
- Date
- Thread