[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    bug of script injection in shoutcast servers
From:       mantasjadzevicius () vecro ! lt
Date:       2006-06-08 13:29:11
Message-ID: 20060608132911.15498.qmail () securityfocus ! com
[Download RAW message or body]

Vulnerable Systems:
All shoutcast servers!!

I found an error in shoutcast server.
 Then I'm connecting to the server I type in the DJ columns( you can type in all \
columns) for exmple script pvz.: <script>alert("boo");</script>
<script>location.href="google.com";</script>
or else...
So then you go to http://radio.com:port and will be executed script.



Mantas Jadzevi&#269;ius a.k.a UZUZZ
mantasjadzevicius@vecro.lt
irc: irc.data.lt #security
2006


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic