Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-23752 PoC — [20230201] - Core - Improper access check in webservice endpoints

Source
https://github.com/AlissoftCodes/CVE-2023-23752
Associated Vulnerability
Title:[20230201] - Core - Improper access check in webservice endpoints (CVE-2023-23752)
Description:An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Description
Joomla Unauthenticated Information Disclosure (CVE-2023-23752) exploit
Readme
# Joomla Unauthenticated Information Disclosure Exploit (CVE-2023-23752)

#### Exploit

## <u>Description</u>
This repository contains an exploit for a vulnerability named "Joomla Unauthenticated Information Disclosure" (CVE-2023-23752). Please note that this is merely a proof-of-concept script created for educational purposes and should be used responsibly.

This exploit is designed to demonstrate how an unauthenticated information disclosure vulnerability could potentially be exploited.


### <u>Disclaimer</u>
This repository is intended for educational purposes only. Do not use this code or any information contained within for malicious purposes. Always follow ethical guidelines and respect the law.

Usage:

    python3 juid.py [option] URL

Example:

    python3 juid.py -a http://vulnerable-website.com

Options:

    -u  dump users

    -U  dump users in full JSON format

    -c  dump configs

    -C  dump configs in full JSON format

    -a  dump users and configs

    -A  dump users and configs in full JSON format


Prerequisites:
>• A local development environment
>
>• Python installed (python version should be 3.10 or higher)
>
>• To run this exploit, you can follow these steps:

  

Clone this repository to your local machine.

```
git clone https://github.com/AlissonFaoli/CVE-2023-23752.git
```

Navigate to the project directory.

```
cd CVE-2023-23752
```

  

Run the juid.py script.

```
python3 juid.py -a http://vulnerable-website.com
```

  

###### Please remember that this exploit should never be used against real software or systems you're not authorized to test. Unauthorized access or any malicious activity is illegal.

  

#### <u>License</u>
_This exploit is released under the MIT License. You can find more information about this in the LICENSE file._

  

# Author: Alisson Faoli

#### Github: https://github.com/AlissonFaoli
#### LinkedIn: https://linkedin.com/in/alisson-faoli

  

<b>If you have any questions or concerns about this exploit, please feel free to contact the author</b>
File Snapshot

 [4.0K]  /data/pocs/f2a8009d11a39d860e8b10604d8c4db1856d31cc
├── [2.8K]  juid.py
├── [1.0K]  LICENSE
└── [2.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →