CVE-2023-23752 PoC — [20230201] - Core - Improper access check in webservice endpoints

Source

https://github.com/z3n70/CVE-2023-23752

Associated Vulnerability

Title:[20230201] - Core - Improper access check in webservice endpoints (CVE-2023-23752)
Description:An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

Description

simple program for joomla CVE-2023-23752 scanner for pentesting and educational purpose

Readme

# CVE-2023-23752
simple program for joomla CVE-2023-23752 scanner, This is a simple Ruby script that checks if a list of targets is vulnerable to CVE-2023-23752, a critical security vulnerability in a web application. The script sends a HTTP GET request to a specified endpoint, and extracts information from the response to determine if the target is vulnerable.

![](https://github.com/z3n70/CVE-2023-23752/blob/main/Screen%20Shot%202023-02-24%20at%2008.26.46.png)

# Usage
```
ruby scanner.rb list.txt output.txt
```
list.txt is a file that contains a list of target domains or IPs, separated by newlines. output.txt is the output file where the results will be saved.

# Requirements
This script requires the following Ruby gems:

```
httparty
colorize
timeout
```

# Disclaimer
This tool is provided for educational purposes only. The author is not responsible for any damages or illegal actions caused by the use of this tool. Use at your own risk.

File Snapshot


 [4.0K]  /data/pocs/1d2901ab97961133f9a98ddc08f5c39708927bf3
├── [3.1K]  joomla.rb
├── [ 955]  README.md
├── [415K]  Screen Shot 2023-02-24 at 08.26.46.png
└── [ 653]  target.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!