Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/acceis/exploit-cve-2023-23752

Joomla! < 4.2.8 - Unauthenticated information disclosure
https://github.com/acceis/exploit-cve-2023-23752

cve cve-2023-23752 exploit information-disclosure joomla vulnerability

Last synced: 3 months ago
JSON representation

Joomla! < 4.2.8 - Unauthenticated information disclosure

Host: GitHub
URL: https://github.com/acceis/exploit-cve-2023-23752
Owner: Acceis
License: mit
Created: 2023-03-24T11:50:16.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2023-12-27T11:30:46.000Z (about 1 year ago)
Last Synced: 2024-04-21T03:52:17.397Z (9 months ago)
Topics: cve, cve-2023-23752, exploit, information-disclosure, joomla, vulnerability
Language: Ruby
Homepage: https://www.acceis.fr/
Size: 76.2 KB
Stars: 75
Watchers: 2
Forks: 15
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Joomla! information disclosure - CVE-2023-23752 exploit

> Joomla! < 4.2.8 - Unauthenticated information disclosure

Exploit for [CVE-2023-23752][CVE-2023-23752] (4.0.0 <= Joomla <= 4.2.7).

[[EDB-51334](https://www.exploit-db.com/exploits/51334)] [[PacketStorm](https://packetstormsecurity.com/files/171474/Joomla-4.2.7-Unauthenticated-Information-Disclosure.html)] [[WLB-TODO](https://cxsecurity.com/issue/WLB-TODO)]

## Usage

![help message](assets/help.png)

## Example

![example of exploitation](assets/example.png)

## Requirements

- [httpx](https://gitlab.com/honeyryderchuck/httpx)

- [docopt.rb](https://github.com/docopt/docopt.rb)

- [paint](https://github.com/janlelis/paint)

Example using gem:

```bash

gem install httpx docopt paint

# or

bundle install

```

## Deployment of a vulnerable environment

v4.2.7

```bash

docker-compose up --build

```

Then reach the installation page http://127.0.0.1:4242/installation/index.php.

Complete the installation (db credentials are `root` / MYSQL_ROOT_PASSWORD (cf. `docker-compose.yml`) and host is `mysql` not localhost).

**Warning**: of course this setup is not suited for production usage!

## References

This is an exploit for the vulnerability [CVE-2023-23752][CVE-2023-23752] found by Zewei Zhang from [NSFOCUS TIANJI Lab][1].

Nice resources about the vulnerability:

- [Discoverer advisory][2]

- [Joomla Advisory][3]

- [AttackerKB topic][4]

- [Vulnerability analysis][5]

- [Nuclei template][6]

For more details see [exploit.rb](exploit.rb).

## Disclaimer

ACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.

[CVE-2023-23752]: https://nvd.nist.gov/vuln/detail/CVE-2023-23752

[1]:https://nsfocusglobal.com/company-overview/nsfocus-security-labs/

[2]:https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/

[3]:https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html

[4]:https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752

[5]:https://vulncheck.com/blog/joomla-for-rce

[6]:https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2023/CVE-2023-23752.yaml