[Icecast-dev] metadata update - possible to send adminpass in

Karl Heyes karl
Mon Aug 2 09:53:47 PDT 2004


update string?
In-Reply-To: <6.0.1.1.2.20040802110227.03523cb8 at www.oddsock.org>
References: <02b501c4788b$e1df6dc0$a601a8c0 at recorder>
<1091461406.2970.15.camel at bogus.hackers.club>
<6.0.1.1.2.20040802110227.03523cb8 at www.oddsock.org>
Message-ID: <1091465627.2970.27.camel at bogus.hackers.club>

On Mon, 2004-08-02 at 17:06, oddsock wrote:
> At 10:43 AM 8/2/2004, you wrote:
>
> >icecast2 uses http auth so you should be able to use
> >
> >http://user:pass@host:8000/admin/....
> it is interesting to note that IE6 has patched their current release to not
> support URLs of the http://user:pass@host/ variety...It still responds
> properly to the HTTP AUTHORIZED response by popping a user/password window,
> but you can no longer bypass that via the user:pass at host syntax in the URL
> field.  I'm not entirely sure why this was a security issue that they
> needed to address, but hey, who am I to question Microsoft... ;)

probably because it accepted weird stuff like

http://www.microsoft.com:80@123456/

and they got paranoid of look-alike sites

karl.




More information about the Icecast-dev mailing list