关联漏洞
标题:
Joomla 安全漏洞
(CVE-2023-23752)
描述:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla 4.0.0版本至4.2.7版本存在安全漏洞,该漏洞源于不正确的访问检查,允许对web服务端点进行未经授权的访问。
描述
Joomla! < 4.2.8 - Unauthenticated information disclosure
介绍
# Joomla! information disclosure - CVE-2023-23752 exploit
> Joomla! < 4.2.8 - Unauthenticated information disclosure
Exploit for [CVE-2023-23752][CVE-2023-23752] (4.0.0 <= Joomla <= 4.2.7).
[[EDB-51334](https://www.exploit-db.com/exploits/51334)] [[PacketStorm](https://packetstormsecurity.com/files/171474/Joomla-4.2.7-Unauthenticated-Information-Disclosure.html)] [[WLB-TODO](https://cxsecurity.com/issue/WLB-TODO)]
## Usage

## Example

## Requirements
- [httpx](https://gitlab.com/honeyryderchuck/httpx)
- [docopt.rb](https://github.com/docopt/docopt.rb)
- [paint](https://github.com/janlelis/paint)
Example using gem:
```bash
gem install httpx docopt paint
# or
bundle install
```
## Deployment of a vulnerable environment
v4.2.7
```bash
docker-compose up --build
```
Then reach the installation page http://127.0.0.1:4242/installation/index.php.
Complete the installation (db credentials are `root` / MYSQL_ROOT_PASSWORD (cf. `docker-compose.yml`) and host is `mysql` not localhost).
**Warning**: of course this setup is not suited for production usage!
## References
This is an exploit for the vulnerability [CVE-2023-23752][CVE-2023-23752] found by Zewei Zhang from [NSFOCUS TIANJI Lab][1].
Nice resources about the vulnerability:
- [Discoverer advisory][2]
- [Joomla Advisory][3]
- [AttackerKB topic][4]
- [Vulnerability analysis][5]
- [Nuclei template][6]
For more details see [exploit.rb](exploit.rb).
## Disclaimer
ACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.
[CVE-2023-23752]: https://nvd.nist.gov/vuln/detail/CVE-2023-23752
[1]:https://nsfocusglobal.com/company-overview/nsfocus-security-labs/
[2]:https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/
[3]:https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
[4]:https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752
[5]:https://vulncheck.com/blog/joomla-for-rce
[6]:https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2023/CVE-2023-23752.yaml
文件快照
[4.0K] /data/pocs/9804579eebcc4cc981740d12f8cd76cb3bb317be
├── [4.0K] assets
│ ├── [ 32K] example.png
│ └── [ 44K] help.png
├── [ 394] docker-compose.yml
├── [4.4K] exploit.rb
├── [ 102] Gemfile
├── [ 274] Gemfile.lock
├── [1.1K] LICENSE
└── [2.2K] README.md
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。