Hi Daniel Lorch and the rest of Bugtraq, it seems like Winamp staff just fixed the problem at server level to correctly filter out/convert html tags. Nice to see they so quickly adressed the problem. Less than 30 minutes? I want to thank Wolfgang Schemmel MfG thE_iNviNciblE for confirming the vulnerability and giving info. Daniel Lorch, I am very curious about the "ID3v1 URL Comment support" you are talking about. Can you show that it's still a feature in Winamp? According to some sites I searched the feature is achieved by adding: "!/URL" or "^/URL" in the comment field of the ID3v1 tag. Am I wrong? But it didn't work for me. If it should work I think it is a very dangerous feature. Specially given all the vulnerabilites in IE recently. (cookie bug etc...) Sincerely, Andreas Sandblad On Wed, 3 Apr 2002, Daniel Lorch wrote: > Hi, > > > Title: Winamp: Mp3 file can control the minibrowser > > Date: [2002-04-3] > > Actually, this is meant to be a feature. Starting from version 2.10 > winamp has a "ID3v1 URL Comment support": > > http://www.winamp.com/download/newfeatures.jhtml > > This basically requires you to put a certain prefix + URL in the ID3v1 > comment field which will automatically redirect the minibrowser to > this site. > > I wouldn't call this a "bug" as it only applies as long as the > minibrowser is *visible*. Most people anyway automatically switch it off > as it is quite disturbing. > > Kind Regards, > Daniel Lorch > http://daniel.lorch.cc/ > > -- _ _ o' \,=./ `o (o o) -ooO--(_)--Ooo-
