{"id":18464866,"url":"https://github.com/acceis/exploit-cve-2023-23752","last_synced_at":"2025-04-08T08:31:30.284Z","repository":{"id":147937163,"uuid":"618403324","full_name":"Acceis/exploit-CVE-2023-23752","owner":"Acceis","description":"Joomla! \u003c 4.2.8 - Unauthenticated information disclosure","archived":false,"fork":false,"pushed_at":"2023-12-27T11:30:46.000Z","size":78,"stargazers_count":82,"open_issues_count":0,"forks_count":17,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T09:24:05.897Z","etag":null,"topics":["cve","cve-2023-23752","exploit","information-disclosure","joomla","vulnerability"],"latest_commit_sha":null,"homepage":"https://www.acceis.fr/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Acceis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-24T11:50:16.000Z","updated_at":"2025-01-15T22:38:05.000Z","dependencies_parsed_at":"2024-11-06T09:11:27.265Z","dependency_job_id":"91fd0e3c-34ee-4f99-b685-4fc6f61b29b7","html_url":"https://github.com/Acceis/exploit-CVE-2023-23752","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Acceis%2Fexploit-CVE-2023-23752","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Acceis%2Fexploit-CVE-2023-23752/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Acceis%2Fexploit-CVE-2023-23752/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Acceis%2Fexploit-CVE-2023-23752/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Acceis","download_url":"https://codeload.github.com/Acceis/exploit-CVE-2023-23752/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247804472,"owners_count":20998990,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","cve-2023-23752","exploit","information-disclosure","joomla","vulnerability"],"created_at":"2024-11-06T09:11:21.601Z","updated_at":"2025-04-08T08:31:29.979Z","avatar_url":"https://github.com/Acceis.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Joomla! information disclosure - CVE-2023-23752 exploit\n\n\u003e Joomla! \u003c 4.2.8 - Unauthenticated information disclosure\n\nExploit for [CVE-2023-23752][CVE-2023-23752] (4.0.0 \u003c= Joomla \u003c= 4.2.7).\n\n[[EDB-51334](https://www.exploit-db.com/exploits/51334)] [[PacketStorm](https://packetstormsecurity.com/files/171474/Joomla-4.2.7-Unauthenticated-Information-Disclosure.html)] [[WLB-TODO](https://cxsecurity.com/issue/WLB-TODO)]\n\n## Usage\n\n![help message](assets/help.png)\n\n## Example\n\n![example of exploitation](assets/example.png)\n\n## Requirements\n\n- [httpx](https://gitlab.com/honeyryderchuck/httpx)\n- [docopt.rb](https://github.com/docopt/docopt.rb)\n- [paint](https://github.com/janlelis/paint)\n\nExample using gem:\n\n```bash\ngem install httpx docopt paint\n# or\nbundle install\n```\n\n## Deployment of a vulnerable environment\n\nv4.2.7\n\n```bash\ndocker-compose up --build\n```\n\nThen reach the installation page http://127.0.0.1:4242/installation/index.php.\n\nComplete the installation (db credentials are `root` / MYSQL_ROOT_PASSWORD (cf. `docker-compose.yml`) and host is `mysql` not localhost).\n\n**Warning**: of course this setup is not suited for production usage!\n\n## References\n\nThis is an exploit for the vulnerability [CVE-2023-23752][CVE-2023-23752] found by Zewei Zhang from [NSFOCUS TIANJI Lab][1].\n\nNice resources about the vulnerability:\n\n- [Discoverer advisory][2]\n- [Joomla Advisory][3]\n- [AttackerKB topic][4]\n- [Vulnerability analysis][5]\n- [Nuclei template][6]\n\nFor more details see [exploit.rb](exploit.rb).\n\n## Disclaimer\n\nACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.\n\n[CVE-2023-23752]: https://nvd.nist.gov/vuln/detail/CVE-2023-23752\n[1]:https://nsfocusglobal.com/company-overview/nsfocus-security-labs/\n[2]:https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/\n[3]:https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html\n[4]:https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752\n[5]:https://vulncheck.com/blog/joomla-for-rce\n[6]:https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2023/CVE-2023-23752.yaml\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facceis%2Fexploit-cve-2023-23752","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facceis%2Fexploit-cve-2023-23752","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facceis%2Fexploit-cve-2023-23752/lists"}