FreeLyrics Remote Source Code Disclosure Vulnerability

vendor:

FreeLyrics

by:

Piker

6.4

CVSS

MEDIUM

Source Code Disclosure

200

CWE

Product Name: FreeLyrics

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: lyrics.sourceforge.net

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

FreeLyrics Remote Source Code Disclosure Vulnerability

FreeLyrics is vulnerable to a remote source code disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a parameter (p) which specifies the file to be disclosed. An attacker can use this vulnerability to view the source code of any file on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of FreeLyrics.

Source

Exploit-DB raw data:

################## Piker #######################################
#
#
#    FreeLyrics Remote Source Code Disclosure Vulnerability
#

#
#    Affected software: FreeLyrics
#    Vendor: http://lyrics.sourceforge.net/
#    Risk: Medium
#
################################################################

#
#    http://[target]/[path]/source.php?p=[FILE]
#
#   PoC: http://[target]/[path]/source.php?p=config.php
#
#   
################################################################
#
#         Found by Piker [piker0x90(at)gmail(dot)com]

#            D.O.M Labs - Security Researchers
#           www.domlabs.org
#
#
################################################################

# milw0rm.com [2008-12-19]