header-logo
Suggest Exploit
vendor:
Ignition
by:
Sina Yazdanmehr (R3d.W0rm)
7,5
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Ignition
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:ignition:ignition
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Ignition Remote Code Execution

A vulnerability in Ignition allows an attacker to inject a PHP code in the comment section and execute it when the page is refreshed.

Mitigation:

Upgrade to the latest version of Ignition
Source

Exploit-DB raw data:

#####################################################################################
####                   Ignition Remote Code Execution                            ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : http://IrCrash.com                                                      #
#My Official WebSite : http://R3dW0rm.ir                                            #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr)            #
#####################################################################################
#                                                                                   #
#Download : http://launchpadlibrarian.net/27567060/ignition_1.2.zip                 #
#                                                                                   #
#Dork :  :(                                                                           #
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#Send a comment and inject a php code in name such as : z"include $f;/*             #
#Then refresh the page,now u see the code compile.                                  #
#                                                                                   #
###################################### TNX GOD ######################################

# milw0rm.com [2009-08-14]