- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20973
- Проверка EDB
-
- Пройдено
- Автор
- GOLLUM
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2001-1083
- Дата публикации
- 2001-06-26
Код:
source: https://www.securityfocus.com/bid/2933/info
Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems.
Icecast does not sufficiently sanitize user-supplied input, or sanely handle unexpected input. Upon receiving a request from a user for a file that ends with a slash or period, the server will crash. The behaviour occurs when the remote attacker adds an '/', '\' or '.' to the end the URL they craft to request the file. The request of an existing file is not necessary, as the Icecast server will fail regardless.
http://localhost:8000/file//
NOTE: File is interpreted by Icecast as the 'root' directory and anything after 'file/' indicates the file request. The character '/' triggers the denial of service.- Источник
- www.exploit-db.com
