[Icecast-dev] metadata update - possible to send adminpass in

Karl Heyes karl
Mon Aug 2 09:53:47 PDT 2004

update string?
In-Reply-To: < at www.oddsock.org>
References: <02b501c4788b$e1df6dc0$a601a8c0 at recorder>
<1091461406.2970.15.camel at bogus.hackers.club>
< at www.oddsock.org>
Message-ID: <1091465627.2970.27.camel at bogus.hackers.club>

On Mon, 2004-08-02 at 17:06, oddsock wrote:
> At 10:43 AM 8/2/2004, you wrote:
> >icecast2 uses http auth so you should be able to use
> >
> >http://user:pass@host:8000/admin/....
> it is interesting to note that IE6 has patched their current release to not
> support URLs of the http://user:pass@host/ variety...It still responds
> properly to the HTTP AUTHORIZED response by popping a user/password window,
> but you can no longer bypass that via the user:pass at host syntax in the URL
> field.  I'm not entirely sure why this was a security issue that they
> needed to address, but hey, who am I to question Microsoft... ;)

probably because it accepted weird stuff like


and they got paranoid of look-alike sites


More information about the Icecast-dev mailing list