Terima kasih atas kunjungan berharga anda. Jadikan ia berharga dengan bermain di column kempen saya (saya akan balas jasa anda).
Blog ini di'maintain'oleh blogger yang masih ayam dalam teknik editing. So kalo berat sgt nak load page tu, sila inform. Owner akan cuba buangkan any load yang tak perlu. Kalo ada sebarang cadangan lagi bagus. Send dekat pakcoh@gmail.com

Monday, October 11, 2010

Fretsweb Multiple SQL Injection Vulnerabilities 

Released on 08-10-2010 Source page: SecurityFocus 
==========================================================
FretsWeb 1.2 Multiple Local File Inclusion Vulnerabilities
==========================================================


----------------------------------------------------------------------------------------------
|                MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES               |
|--------------------------------------------------------------------------------------------|
|                                    |      FretsWeb 1.2      |                    |
|  CMS INFORMATION:                 ------------------------                              |
|                       |
|-->WEB: http://sourceforge.net/projects/fretsweb/                 |
|-->DOWNLOAD: http://sourceforge.net/projects/fretsweb/                               |
|-->DEMO: N/A               |
|-->CATEGORY: CMS / Games/Entertainment            |
|-->DESCRIPTION: Fretsweb is a Contest or Chart Server for Frets on Fire. It...              |
|  is an improved version of FoFCS.It is meant for...                 |
|-->RELEASED: 2009-05-30             |
|                |
|  CMS VULNERABILITY:              |
|                |
|-->TESTED ON: firefox 3                           |
|-->DORK: N/A                      |
|-->CATEGORY: LOCAL FILE INCLUSION (LFI) / INSECURE COOKIE HANDLING (LFI)              |
|-->AFFECT VERSION: CURRENT (MAYBE <= ?)            |
|-->Discovered Bug date: 2009-06-02            |
|-->Reported Bug date: 2009-06-02            |
|-->Fixed bug date: 2009-06-14             |
|-->Info patch: http://sourceforge.net/projects/fretsweb/         |
|-->Author: YEnH4ckEr              |
|-->WEB/BLOG: N/A              |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)        |
----------------------------------------------------------------------------------------------



Note: Of course use null byte () when you want to include a file with different extension to "php"



###########################
///////////////////////////

LOCAL FILE INCLUSION (LFI):

///////////////////////////
###########################



<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>



[++] GET var --> 'language'



~~~> http://[HOST]/[PATH]/charts.php?language=[LFI]



###############################
///////////////////////////////

INSECURE COOKIE HANDLING (LFI):

///////////////////////////////
###############################



[++] Cookie --> 'fretsweb_language'



~~~> fretsweb_language=[LFI]











Posted by
Pakcoh


at
9:06 AM



















Labels:
,
,

















0
comments:
        
















Post a Comment



















        

      









Subscribe to:
Post Comments (Atom)







Related Posts Plugin for WordPress, Blogger...