关联漏洞
标题:
Joomla 安全漏洞
(CVE-2023-23752)
描述:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla 4.0.0版本至4.2.7版本存在安全漏洞,该漏洞源于不正确的访问检查,允许对web服务端点进行未经授权的访问。
描述
Joomla Unauthenticated Information Disclosure (CVE-2023-23752) exploit
介绍
# Joomla Unauthenticated Information Disclosure Exploit (CVE-2023-23752)
#### Exploit
## <u>Description</u>
This repository contains an exploit for a vulnerability named "Joomla Unauthenticated Information Disclosure" (CVE-2023-23752). Please note that this is merely a proof-of-concept script created for educational purposes and should be used responsibly.
This exploit is designed to demonstrate how an unauthenticated information disclosure vulnerability could potentially be exploited.
### <u>Disclaimer</u>
This repository is intended for educational purposes only. Do not use this code or any information contained within for malicious purposes. Always follow ethical guidelines and respect the law.
Usage:
python3 juid.py [option] URL
Example:
python3 juid.py -a http://vulnerable-website.com
Options:
-u dump users
-U dump users in full JSON format
-c dump configs
-C dump configs in full JSON format
-a dump users and configs
-A dump users and configs in full JSON format
Prerequisites:
>• A local development environment
>
>• Python installed (python version should be 3.10 or higher)
>
>• To run this exploit, you can follow these steps:
Clone this repository to your local machine.
```
git clone https://github.com/AlissonFaoli/CVE-2023-23752.git
```
Navigate to the project directory.
```
cd CVE-2023-23752
```
Run the juid.py script.
```
python3 juid.py -a http://vulnerable-website.com
```
###### Please remember that this exploit should never be used against real software or systems you're not authorized to test. Unauthorized access or any malicious activity is illegal.
#### <u>License</u>
_This exploit is released under the MIT License. You can find more information about this in the LICENSE file._
# Author: Alisson Faoli
#### Github: https://github.com/AlissonFaoli
#### LinkedIn: https://linkedin.com/in/alisson-faoli
<b>If you have any questions or concerns about this exploit, please feel free to contact the author</b>
文件快照
[4.0K] /data/pocs/f2a8009d11a39d860e8b10604d8c4db1856d31cc
├── [2.8K] juid.py
├── [1.0K] LICENSE
└── [2.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。