LFI to RCE via access_log injection

My Cloud Player is a SoundCloud client with ChromeCast and XBMC support


It seems only a matter of time until a large company buys SoundCloud, a large music community site that brings together music and audio creators with listeners and people working in the music industry.
For end users, it is offering a large repository of free music and audio that it makes available. It is possible to explore trending music or audio, browse by genre, search for specific tracks or follow artists.
SoundCloud has created apps for mobile platforms such as Android, and while it works fine, it lacks certain features such as offline play.
Cloud Player is a SoundCloud client for Google's Android operating system that adds this functionality and a lot more including XBMC and ChromeCast support.
After you have installed the application on your device you can get started right away. While you can associate a SoundCloud account with the app, it is not a requirement. If you just want to browse and listen to music and audio tracks, that is possible without logging in.
cloud player
The app offers quite a few options to get started. It displays a track right away that you can play, and if you open the settings icon, you can use the search or explore functionality instead.
You can search for tracks, playlists, users or groups , with results being displayed as you type. A tap on a search result displays a selection menu that you can use to play all or only the selected track in the application.
The explore feature on the other hand lists popular stations and genres that you can tune into right away. You can not only explore those two sections but also browse user tracks, likes, sets or groups.
cloud player soundcloud
The app allows you to download tracks that have been authorized by their creators. Another interesting feature in regards to playback is that tracks can be cached locally.
To cache a song tap on the three dots in the upper right corner and select the cache option from here. The app will always prefer cached versions regardless of network status. Instead of using the menu at the top it is also possible to long tap on the song that is playing and use the cache option on the page that is opened then.
The player supports the usual set of options including shuffle and repeat but also easy back and forward buttons to jump to the previous or next song in line.
You can move songs around in the playlist or use the playback widget that is provided to control the music even if the application is not running in the foreground.
What else? A lot actually. The app recognizes headphones and calls automatically and will pause and play music based on that.
You can sign in with a SoundCloud account to get access to your account including tracks, likes, groups and more.  And if you run XMBC or own a ChromeCast, you can connect the app with those as well.

Verdict

If you use SoundCloud regularly and have used the official app on Android until now, then you may be surprised how much better Cloud Player actually is.
It works really well even if you do not sign in to a SoundCloud account, and features such as caching or downloading of songs make it an attractive choice.


Comments