CVE-2023-23752 PoC — Joomla 安全漏洞

Source

https://github.com/z3n70/CVE-2023-23752

Associated Vulnerability

Title:Joomla 安全漏洞 (CVE-2023-23752)
Description:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla 4.0.0版本至4.2.7版本存在安全漏洞，该漏洞源于不正确的访问检查，允许对web服务端点进行未经授权的访问。

Description

simple program for joomla CVE-2023-23752 scanner for pentesting and educational purpose

Readme

# CVE-2023-23752
simple program for joomla CVE-2023-23752 scanner, This is a simple Ruby script that checks if a list of targets is vulnerable to CVE-2023-23752, a critical security vulnerability in a web application. The script sends a HTTP GET request to a specified endpoint, and extracts information from the response to determine if the target is vulnerable.

![](https://github.com/z3n70/CVE-2023-23752/blob/main/Screen%20Shot%202023-02-24%20at%2008.26.46.png)

# Usage
```
ruby scanner.rb list.txt output.txt
```
list.txt is a file that contains a list of target domains or IPs, separated by newlines. output.txt is the output file where the results will be saved.

# Requirements
This script requires the following Ruby gems:

```
httparty
colorize
timeout
```

# Disclaimer
This tool is provided for educational purposes only. The author is not responsible for any damages or illegal actions caused by the use of this tool. Use at your own risk.

File Snapshot


 [4.0K]  /data/pocs/1d2901ab97961133f9a98ddc08f5c39708927bf3
├── [3.1K]  joomla.rb
├── [ 955]  README.md
├── [415K]  Screen Shot 2023-02-24 at 08.26.46.png
└── [ 653]  target.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!