EUVD-2006-4308

Malware in sbrugna...

Joomla OpenSEF Component mosConfig_absolute_path远程文件包含漏洞

Joomla OpenSEF是一款基于PHP的WEB应用程序。 Joomla OpenSEF不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'sef.php'脚本对用户提交的'mosConfigabsolutepath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 OpenSEF Project OpenSEF 2.0-beta3 OpenSEF Project OpenSEF 2.0 RC5 SP2 OpenSEF Project OpenSEF 2.0 RC5 SP1 OpenSEF Proje...

opensef.txt

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: OpenSEF Attack method: Remote File Inclusion Description : OpenSEF is a Joomla component that extends the built-in SEF Search Engine Friendly Source: requireonce $mosConfigabsolutepath...

CVE-2006-4320

PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4320

PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4320

The CVE-2006-4320 entry describes a PHP remote file inclusion vulnerability in the OpenSEF 2.0.0 component for Joomla! via the sef.php file. The underlying issue is exploitation through a URL in the mosConfig_absolute_path parameter, allowing an attacker to execute arbitrary PHP code on the affec...

Modification For OpenSEF Remote file Inclusion

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: OpenSEF Attack method: Remote File Inclusion Description : OpenSEF is a Joomla component that extends the built-in SEF Search Engine Friendly Source: requireonce...