Joomla! information disclosure - CVE-2023-23752 exploit

Joomla! < 4.2.8 - Unauthenticated information disclosure

Exploit for CVE-2023-23752 (4.0.0 <= Joomla <= 4.2.7).

[EDB-51334] [PacketStorm] [WLB-TODO]

Usage

Example

Requirements

• httpx
• docopt.rb
• paint

Example using gem:

gem install httpx docopt paint
# or
bundle install

Deployment of a vulnerable environment

v4.2.7

docker-compose up --build

Then reach the installation page http://127.0.0.1:4242/installation/index.php.

Complete the installation (db credentials are root / MYSQL_ROOT_PASSWORD (cf. docker-compose.yml) and host is mysql not localhost).

Warning: of course this setup is not suited for production usage!

References

This is an exploit for the vulnerability CVE-2023-23752 found by Zewei Zhang from NSFOCUS TIANJI Lab.

Nice resources about the vulnerability:

• Discoverer advisory
• Joomla Advisory
• AttackerKB topic
• Vulnerability analysis
• Nuclei template

For more details see exploit.rb.

Disclaimer

ACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.