Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-23752 PoC — [20230201] - Core - Improper access check in webservice endpoints

Source
https://github.com/0xVoodoo/CVE-2023-23752
Associated Vulnerability
Title:[20230201] - Core - Improper access check in webservice endpoints (CVE-2023-23752)
Description:An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Description
 CVE-2023-23752 - Joomla Information Disclosure Vulnerability
Readme
# CVE-2023-23752 - Joomla Information Disclosure

Yo, I needed to use this exploit in a HTB machine and the only other PoC I could find was written in ruby...

I didn't wanna mess with the ruby dependancies so I just re-wrote it in python "real quick".

---
This is basically just a parser for the JSON returned by the open API endpoints, this can be replicated easily with CURL or a web browser by hitting the following endpoints:

#### User Info

`/api/index.php/v1/config/applicaton?public=true`

#### Config Info

`/api/index.php/v1/config/application?public=true"`

## Usage
`python3 CVE-2023-23752.py -t <target_url>`

---


# License
GPL v3.0 - as all good software should be

Remember - don't be a skid :)
File Snapshot

 [4.0K]  /data/pocs/7ef5b27161bbf4165bb275d70f8a9905ebb95702
├── [2.5K]  CVE-2023-23752.py
├── [ 34K]  LICENSE
└── [ 714]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →