An access control flaw was identified, potentially leading to unauthorized access to critical webservice endpoints within Joomla! CMS versions 4.0.0 through 4.2.7. This vulnerability could be exploited by attackers to gain unauthorized access to sensitive information or perform unauthorized actions.# CVE-2023-23752
## Description
This repository contains Python and Bash scripts that serve as ports of the original Proof of Concept (PoC) written in Ruby for the vulnerability CVE-2023-23752 in Joomla! CMS versions 4.0.0 through 4.2.7 made by 'noraj' (Alexandre ZANNI). An access control flaw was identified, potentially leading to unauthorized access to critical webservice endpoints. This vulnerability could be exploited by attackers to gain unauthorized access to sensitive information or perform unauthorized actions.
## Usage:
### Bash script syntax:
```bash
./CVE-2023-23752.sh http://example.com
```
### Python script syntax:
```bash
python CVE-2023-23752.py -u example.com
```
| Option | Description |
|--------------------|---------------------------------------------------|
| `-u`, `--url` | URL to scan |
| `-f`, `--file` | Path to the file containing URLs to scan |
| `-o`, `--output_file` | Path to the output file (optional) |
| `-e`, `--endpoint` | Endpoint to scan (default: /api/index.php/v1/config/application?public=true) |
| `-t`, `--timeout` | Timeout in seconds (default: 2) |
| `-m`, `--max_threads` | Maximum number of threads (default: 10) |
## Disclaimer
Important: These scripts are provided for educational purposes only. Use them at your own risk. The author assumes no responsibility for any misuse or damage caused by these scripts. Ensure that you have explicit permission to test the target system for vulnerabilities before using these scripts in any environment.
[4.0K] /data/pocs/28d59488e79d00da2f01c6d117183e211843064c
├── [4.7K] CVE-2023-23752.py
├── [2.7K] CVE-2023-23752.sh
├── [ 34K] LICENSE
└── [1.6K] README.md
0 directories, 4 files