Oddsock Gen Song Request Plugin (Security Risk)

I noticed a post on the Winamp forums where someone was asking for a song request plugin for the program.

Another user suggested they should use the Oddsock Gen Song Request Plugin.

While the Oddsock Gen Song Request Plugin was great for interacting with listeners years ago.

Things have moved on somewhat especially in the world of Internet radio request scripts for websites.

“The Oddsock Gen Song Request Plugin is full of “Security holes” which in turn means the person using it could easily have their copy of Winamp hacked or worse their computer”


######## Start report ########
Outpost24 Advisory
                                                      
www.outpost24.com

Advisory Name: Oddsock Playlist Generator Multiple
BufferOverlow vulnerability
Release date: 15/07-02
Software : Song Requester Version : 2.1
Platform: Windows NT/XP/95/98/2000
Severity: DoS Vulnerability, that terminates Winamp,
and restart

Author: Lucas Lundgren (ll@outpost24.com)
Reference: http://www.outpost24.com/news/
Vedor Status:  No response


Summary:

Oddsock Playlist generator is used by Radio DJs to
allow listeners to choose a song to play from the
Winamp Playlist.Song Requester Version
2.1 contains multiple buffer overflows, which will
result in a DoS attack against the Winamp/Shoutcast
service. The DJ will have to restart Winamp in order to
make it work again. 

There are two major kinds of DoS attacks against this
software: the first will display an error message, and
inform the user that a logfile has been created.  The
second  attack closes down Winamp and restores the
playlist from the previous state, so that any newly
added songs will not be displayed in the playlist.It
also restores the admin password to what
is was previously, if it has been changed without
restarting Winamp.

Technical Details:

By parsing long names or characters to the CGI files in
the Song Requester, a DoS is avalible, closing down
Winamp and / or leaving  a error log.  You could try to
parse

http://<musicserver>/request.cgi?listpos=9999999999999999999999999999
(9x256)

This will cause Winamp to crash, and makes Dr Watson
dump a logfile.

But if you parse: 
 http://<musicserver>/request.cgi?psearch=999999999999999999999999999999
(9x254) 

Winamp will die without any error messages.

Oddsock overflows the playlist and crashes the Winamp
player. If you want to check it out, please look at Dr
Watson  logs for more details. All the CGI files in
Song Requester are vulnerable to DoS attacks, even
the 'admin.cgi'. Please note that the password you type
in is in clear text; no asterix signs replace the
characters.

Outpost24
Contact: Lucas Lundgren (ll@outpost24.com)
######## End report ########

If you really need to have a song request page on your website then you should look no further than RadioDJ free radio automation software.

With RadioDJ you can use either a Demo Request script or a WordPress plugin

How To Install RadioDJ

The (PHP) request script allow users to request songs from your website. These scripts aren’t that difficult to incorporate into your website if you take your time and learn how to.

You just need a web host that allows port 3306 access so the web scripts can talk to the MySQL database on your PC.

It’s gotta be better that than leaving your PC at the mercy of being hacked? As long as you choose a strong password for your SQL server when you set it up you shouldn’t have any issues with being hacked.

A Dutch Winamp fan site is still recommending the Oddsock song request plugin to anyone who visits their site.

They’ve obviously never heard about the security issues with the scripts…

If you do decide to use the Oddsock song request plugin then GOOD LUCK! You’ll only regret it when someone hacks the scripts and manages to crash Winamp!

Don’t say you weren’t warned!!

Last updated on: 17th August 2018
at 13:19 PM Europe/London

  Translate