Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-23752 PoC — [20230201] - Core - Improper access check in webservice endpoints

Source
https://github.com/AlissonFaoli/CVE-2023-23752
Associated Vulnerability
Title:[20230201] - Core - Improper access check in webservice endpoints (CVE-2023-23752)
Description:An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Description
Joomla Unauthenticated Information Disclosure (CVE-2023-23752) exploit
Readme
# Joomla Unauthenticated Information Disclosure Exploit (CVE-2023-23752)

#### Exploit

## <u>Description</u>
This repository contains an exploit for a vulnerability named "Joomla Unauthenticated Information Disclosure" (CVE-2023-23752). Please note that this is merely a proof-of-concept script created for educational purposes and should be used responsibly.

This exploit is designed to demonstrate how an unauthenticated information disclosure vulnerability could potentially be exploited.


### <u>Disclaimer</u>
This repository is intended for educational purposes only. Do not use this code or any information contained within for malicious purposes. Always follow ethical guidelines and respect the law.

Usage:

    python3 juid.py [option] URL

Example:

    python3 juid.py -a http://vulnerable-website.com

Options:

    -u  dump users

    -U  dump users in full JSON format

    -c  dump configs

    -C  dump configs in full JSON format

    -a  dump users and configs

    -A  dump users and configs in full JSON format


Prerequisites:
>• A local development environment
>
>• Python installed (python version should be 3.10 or higher)
>
>• To run this exploit, you can follow these steps:

  

Clone this repository to your local machine.

```
git clone https://github.com/AlissonFaoli/CVE-2023-23752.git
```

Navigate to the project directory.

```
cd CVE-2023-23752
```

  

Run the juid.py script.

```
python3 juid.py -a http://vulnerable-website.com
```

  

###### Please remember that this exploit should never be used against real software or systems you're not authorized to test. Unauthorized access or any malicious activity is illegal.

  

#### <u>License</u>
_This exploit is released under the MIT License. You can find more information about this in the LICENSE file._

  

# Author: Alisson Faoli

#### Github: https://github.com/AlissonFaoli
#### LinkedIn: https://linkedin.com/in/alisson-faoli

  

<b>If you have any questions or concerns about this exploit, please feel free to contact the author</b>
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →