Title: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2017-09-07 |
CVE-ID:[CVE-2017-2550] |
CWE: |
Download Site: https://joomla-extensions.kubik-rubik.de/ejb-easy-joomla-backup |
Vendor: kubik-rubik |
Vendor Notified: 2017-09-07 |
Vendor Contact: |
Advisory: http://www.vapidlabs.com/advisory.php?v=200 |
Description: Easy Joomla Backup creates 'old-school' backups without any frills. |
Vulnerability: The software creates a copy of the backup in the web root. The file name is easily guessable as it's just a time stamp:
http://example.com/administrator/components/com_easyjoomlabackup/backups/DOMAIN_YEAR-MONTH-DAY_H-M-S.zip |
Export: JSON TEXT XML |
Exploit Code:
|
Screen Shots: |
Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory