Oddsock Gen Song Request Plugin (Winamp)
I noticed a post on the Winamp forums where someone was asking for a song request plugin for the program.
Another user suggested they should use the Oddsock Gen Song Request Plugin.
While the Oddsock Gen Song Request Plugin was great for interacting with listeners years ago.
Things have moved on somewhat especially in the world of Internet radio request scripts for websites.
The Oddsock Gen Song Request Plugin is full of Security holesHeres the report that I found online while looking stuff up.Which in turn means the person using it could easily have their copy of Winamp hacked
Advisory Name: Oddsock Playlist Generator Multiple BufferOverlow vulnerability Software : Song Requester Version : 2.1 Platform: Windows NT/XP/95/98/2000 Severity: DoS Vulnerability that terminates Winamp Summary: Oddsock Playlist generator is used by Radio DJs to allow listeners to choose a song to play from the Winamp Playlist.Song Requester Version 2.1 contains multiple buffer overflows, which will result in a DoS attack against the Winamp/Shoutcast service. The DJ will have to restart Winamp in order to make it work again. There are two major kinds of DoS attacks against this software: the first will display an error message, and inform the user that a logfile has been created. The second attack closes down Winamp and restores the playlist from the previous state, so that any newly added songs will not be displayed in the playlist.It also restores the admin password to what is was previously, if it has been changed without restarting Winamp. Technical Details: By parsing long names or characters to the CGI files in the Song Requester, a DoS is avalible, closing down Winamp and / or leaving a error log. You could try to parse http://<musicserver>/request.cgi?listpos=9999999999999999999999999999 (9x256) This will cause Winamp to crash. If you parse: http://<musicserver>/request.cgi?psearch=999999999999999999999999999999 (9x254) Winamp will die without any error messages. Oddsock overflows the playlist and crashes Winamp. All the CGI files in Song Requester are vulnerable to DoS attacks, even the 'admin.cgi'
Theres better software than Winamp for streaming with and better website scripts with RadioDJ.
If you really need to have a song request page on your website then look no further than RadioDJ free radio playout software.
Reasons to Use RadioDJ:
- Once installed it's stable and works for days/weeks without needing to keep an eye on it
- Great Music library support add as many categories & subcategories you require
- RadioDJ doesn't require online activations or registration keys
- RadioDJ sounds Professional with the BASS sound engine
- RadioDJ is 100% FREE and has ZERO restrictions on what YOU use it for
- The Database is really stable. Plus RadioDJ comes with a Database Backup Tool
- Easy to manage Playlists, Rotations & Events for all your automation needs
- Great Technical Support should something go wrong with your installation via the Forums
- Customisable Interface with the Color Editor
Website request scripts (PHP) aren't that difficult to incorporate into your website if you take your time and learn how to.
RadioDJ website request scripts can be found On The Forums
You just need a website host that allows port 3306 access so the web scripts can talk to the MySQL database on your PC.
It's got to be better that than leaving your PC at the mercy of being hacked?
As long as you choose a strong password for your MySQL server when you set it up you shouldn't have any issues with hackers.
If you do decide to use the Oddsock song request plugin then GOOD LUCK! Because you'll need it.
You'll only regret it when someone hacks the website scripts and manages to crash Winamp!
Don't say you weren't warned!!