PHP-Fusion Information Disclosure

2018.05.17

Nir Yehoshua (IL)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: 200

# Title: PHP-Fusion Information Disclosure
# Date: 16/05/18
# Author: Nir Yehoshua
# Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php
# Version: All
# Tested on: Windows 10
# PoC: https://github.com/niryehoshua/Projects/blob/master/PHP-Fusion_Information-Disclosure.py
# The websites that tested:
http://freguesia.espite.pt, http://tel-clan.net, http://k12online.info, http://trivillagerc.com, http://mech.net, http://www.online-keys.net, http://ti99ers.org, http://maps4u.lt/en and more...

# Script output example: (tested on www.bucks8ball.com)

PHP-Fusion Information-Disclosure
by Nir Yehoshua
Enter URL [http://url.com] > http://www.bucks8ball.com
Vulnerable

[*] Administrator username: Koopa

[*] Group Members:
Markt
maria mezza lewis
maria mezza lewis
maria mezza lewis
carl allum1
whatafcukinliberty
whatafcukinliberty
whatafcukinliberty
big col
carl allum1
Sledgehammer
Koopa
Hammer
Koopa
plodder
ryan
maria mezza lewis
maria mezza lewis
maria mezza lewis
Hammer
NitrousOxide
Hammer
smithy
Hammer
Hammer
Knightrider
Hammer
Deano
Hammer
Deano
Hammer
Hammer
Hammer
MACABREKAYNE
InTheMix
chappers
Hammer
Hammer
Deano
Koopa

See this note in RAW Version

Vote for this issue:

77%

23%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP-Fusion Information Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.