<<< Date Index >>>     <<< Thread Index >>>

bug of script injection in shoutcast servers

Vulnerable Systems:
All shoutcast servers!!

I found an error in shoutcast server.
 Then I'm connecting to the server I type in the DJ columns( you can type in 
all columns) for exmple script pvz.:
<script>alert("boo");</script>
<script>location.href="google.com";</script>
or else...
So then you go to http://radio.com:port and will be executed script.



Mantas Jadzevi&#269;ius a.k.a UZUZZ
mantasjadzevicius@xxxxxxxx
irc: irc.data.lt #security
2006