This is a proof-of-concept code for the CVE-2023-23752 vulnerability. It allows an attacker to extract sensitive information such as usernames, passwords, and database names from a target application.
To use this code, you can follow these steps:
- Clone this repository or download the
CVE-2023-23752.py
file. - Make sure you have Python 3 and the required packages (
argparse
andrequests
) installed on your system. - Open a terminal or command prompt and navigate to the directory where the
CVE-2023-23752.py
file is located. - Run the script with the following command:
python CVE-2023-23752.py -u <target_url> -o <output_file>
Replace <target_url>
with the URL of the target application and <output_file>
with the path to the output file where the results will be saved.
Alternatively, you can provide a file containing a list of URLs to scan with the following command:
python CVE-2023-23752.py -f <input_file> -o <output_file>
Replace <input_file>
with the path to the file containing a list of URLs to scan.
The following arguments are available:
-u
,--url
: The URL of the target application to scan.-f
,--file
: The path to the file containing a list of URLs to scan.-o
,--output_file
: The path to the output file where the results will be saved. This argument is optional.-e
,--endpoint
: The endpoint to scan. The default value is/api/index.php/v1/config/application?public=true
.-t
,--timeout
: The timeout in seconds for each request. The default value is2
.-m
,--max_threads
: The maximum number of threads to use for scanning. The default value is10
.
This code is for educational purposes only and should not be used for illegal activities. The author is not responsible for any damage or harm caused by the use or misuse of this code.