14 DAY TRIAL // Do you remember Shoutcast, the powerful program provided by Nullsoft, the developer of the well-known audio player Winamp? Well, it was quite popular in the past and it is currently one of the best solutions that allow you to build and host your own online radio station using a simple connection to the Internet. The application was very simple to use and helped you stream on the Internet using your audio files in MP3 or AAC formats and is currently available for multiple platforms including Windows, FreeBSD, GNU/Linux, Mac OS X, Solaris and Windows Mobile (client only).
At this time, many of the well known Internet radio stations are based on Shoutcast but it seems like a simple security flaw in the application can cause many damages to the host computer. Security company Secunia published a security advisory to announce a new vulnerability discovered in the version 1.9.7 of Shoutcast.
"Muschiemann has discovered a vulnerability in SHOUTcast, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the URL to the "incoming interface" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrative user's browser session in context of an affected site when the logfiles are viewed," security company Secunia reported in an advisory.
The vulnerability can be exploited with ease because it is based on malicious characters sent to the Shoutcast log using an Internet proxy server. Secunia rated the flaw as moderately critical and sustained the only solution is to "filter malicious characters and character sequences in a web proxy."
The Shoutcast Server version 1.9.7 was also tested by Softpedia and is available as a free download on this link.