9 lines
No EOL
767 B
Text
9 lines
No EOL
767 B
Text
source: http://www.securityfocus.com/bid/2933/info
|
|
|
|
Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems.
|
|
|
|
Icecast does not sufficiently sanitize user-supplied input, or sanely handle unexpected input. Upon receiving a request from a user for a file that ends with a slash or period, the server will crash. The behaviour occurs when the remote attacker adds an '/', '\' or '.' to the end the URL they craft to request the file. The request of an existing file is not necessary, as the Icecast server will fail regardless.
|
|
|
|
http://localhost:8000/file//
|
|
|
|
NOTE: File is interpreted by Icecast as the 'root' directory and anything after 'file/' indicates the file request. The character '/' triggers the denial of service. |