AI prompts
base on Joomla! < 4.2.8 - Unauthenticated information disclosure # Joomla! information disclosure - CVE-2023-23752 exploit
> Joomla! < 4.2.8 - Unauthenticated information disclosure
Exploit for [CVE-2023-23752][CVE-2023-23752] (4.0.0 <= Joomla <= 4.2.7).
[[EDB-51334](https://www.exploit-db.com/exploits/51334)] [[PacketStorm](https://packetstormsecurity.com/files/171474/Joomla-4.2.7-Unauthenticated-Information-Disclosure.html)] [[WLB-TODO](https://cxsecurity.com/issue/WLB-TODO)]
## Usage
## Example
## Requirements
- [httpx](https://gitlab.com/honeyryderchuck/httpx)
- [docopt.rb](https://github.com/docopt/docopt.rb)
- [paint](https://github.com/janlelis/paint)
Example using gem:
```bash
gem install httpx docopt paint
# or
bundle install
```
## Deployment of a vulnerable environment
v4.2.7
```bash
docker-compose up --build
```
Then reach the installation page http://127.0.0.1:4242/installation/index.php.
Complete the installation (db credentials are `root` / MYSQL_ROOT_PASSWORD (cf. `docker-compose.yml`) and host is `mysql` not localhost).
**Warning**: of course this setup is not suited for production usage!
## References
This is an exploit for the vulnerability [CVE-2023-23752][CVE-2023-23752] found by Zewei Zhang from [NSFOCUS TIANJI Lab][1].
Nice resources about the vulnerability:
- [Discoverer advisory][2]
- [Joomla Advisory][3]
- [AttackerKB topic][4]
- [Vulnerability analysis][5]
- [Nuclei template][6]
For more details see [exploit.rb](exploit.rb).
## Disclaimer
ACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.
[CVE-2023-23752]: https://nvd.nist.gov/vuln/detail/CVE-2023-23752
[1]:https://nsfocusglobal.com/company-overview/nsfocus-security-labs/
[2]:https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/
[3]:https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
[4]:https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752
[5]:https://vulncheck.com/blog/joomla-for-rce
[6]:https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2023/CVE-2023-23752.yaml
", Assign "at most 3 tags" to the expected json: {"id":"7922","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"