CVE-2023-23752

This exploit leverages an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.7. It queries the API endpoints to retrieve user details and database configuration, including sensitive credentials.

This repository contains a functional Ruby exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.7. The exploit fetches user details and database configuration via exposed API endpoints.

This repository contains a Python script that exploits CVE-2023-23752, an authentication bypass vulnerability in Joomla! leading to information leakage. The script appears functional and includes a list of endpoints for testing.

The repository contains a Python script (`joomla.py`) that exploits CVE-2023-23752, an authentication bypass vulnerability in Joomla! leading to information leakage. The script appears functional and includes a list of API endpoints targeted by the exploit.

This repository contains a Ruby script that scans for CVE-2023-23752, an information disclosure vulnerability in Joomla. The script sends HTTP GET requests to a specific endpoint and checks the response for exposed credentials and database information.

This PoC exploits CVE-2023-23752, an improper access check in Joomla, by querying unauthenticated API endpoints to leak user data and credentials. It demonstrates the vulnerability by fetching sensitive information via HTTP GET requests.

The repository contains a functional Python script that exploits CVE-2023-23752, an unauthorized access vulnerability in Joomla's REST API. The script sends a crafted request to the `/api/index.php/v1/config/application?public=true` endpoint to extract sensitive information, including usernames and passwords.

The repository contains a Python script that scans for CVE-2023-23752 by sending HTTP requests to a specific endpoint and extracting sensitive information (usernames, passwords, database names) from the response. It does not exploit the vulnerability but detects it by checking for exposed credentials.

This repository contains a bulk scanner for CVE-2023-23752, which targets Joomla's API endpoint to extract sensitive configuration data. It does not include exploit code for active exploitation but scans for vulnerable instances and retrieves exposed database information.

This repository contains a functional Bash script that exploits an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.8. The exploit fetches user details and configuration data via exposed API endpoints.

This repository contains a functional exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.7. The exploit leverages improper access checks in the Joomla! API to retrieve sensitive user and configuration data, including database credentials.

This repository contains a functional Python exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! < 4.2.8. The exploit fetches sensitive user and configuration data via exposed API endpoints.

This repository contains a functional exploit for CVE-2023-23752, an unauthorized access vulnerability in Joomla. The script checks for the presence of sensitive data (username and password) in the response from the `/api/index.php/v1/config/application?public=true` endpoint, indicating successful exploitation.

This repository provides a Dockerized environment to demonstrate CVE-2023-23752, an unauthorized access vulnerability in Joomla 4.2.6. The setup script automates the installation and exploitation, revealing database credentials via an API endpoint.

This repository contains a functional C++ exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! 4.2.7. The exploit sends a crafted HTTP request to the Joomla API endpoint to retrieve sensitive database configuration details, including credentials.

This repository contains a functional C++ exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions up to 4.2.7. The exploit sends a crafted HTTP request to the Joomla API endpoint to retrieve sensitive configuration data, including database credentials.

The repository contains a Python script that scans for CVE-2023-23752, an unauthorized access vulnerability in Joomla. The script checks for exposed API endpoints and does not include exploit code for achieving RCE or other offensive actions.

This repository provides a detailed analysis of CVE-2023-23752, an unauthorized access vulnerability in Joomla's REST API. It lists affected versions (Joomla 4.0.0 to 4.2.7) and enumerates API endpoints exposed when the `public=true` parameter is used, including sensitive information disclosure via `/api/index.php/v1/config/application?public=true`.

The repository contains a Nuclei template for detecting CVE-2023-23752, an unauthorized access vulnerability in Joomla's REST API. It includes a YAML file with a request template to probe the vulnerable endpoint and a README with technical details about affected versions and endpoints.

This repository contains a functional exploit script for CVE-2023-23752, an authentication bypass vulnerability in Joomla versions 4.00 to 4.28. The exploit leverages an API endpoint to leak administrator credentials and MySQL configuration details.

This repository contains a functional Go-based exploit for CVE-2023-23752, which targets an information disclosure vulnerability in Joomla. The exploit sends crafted HTTP requests to exposed API endpoints to extract sensitive configuration data, including database credentials.

The repository contains a Nuclei template for detecting CVE-2023-23752, an improper access check vulnerability in Joomla 4.0.0-4.2.7. It sends a crafted HTTP request to the `/api/index.php/v1/config/application?public=True` endpoint to check for unauthorized access.

The repository contains a Go-based multi-threaded scanner for CVE-2023-23752, which checks for the presence of sensitive configuration data exposure in Joomla! APIs. It sends HTTP requests to a specific endpoint and checks for the presence of 'dbtype' in the response to determine vulnerability.

This repository contains a Nuclei template for detecting CVE-2023-23752, an unauthorized access vulnerability in Joomla. The template sends a crafted HTTP request to the Joomla API endpoint and checks for the presence of sensitive data (e.g., 'password', 'user') in the response.

The repository provides a functional proof-of-concept for CVE-2023-23752, an unauthorized access vulnerability in Joomla!. The exploit leverages an API endpoint to bypass authentication and retrieve sensitive configuration data.

This repository contains a functional Ruby exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions prior to 4.2.8. The exploit fetches sensitive user and configuration data via exposed API endpoints.

This repository contains a functional Python exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla. The script queries Joomla's API endpoints to dump user and configuration data without authentication.

The repository contains a bulk scanner for CVE-2023-23752, which targets Joomla's API endpoint to retrieve configuration information. It does not include exploit code for achieving RCE or other offensive actions, but rather scans for vulnerable instances and extracts database information.

The repository contains a functional PoC for CVE-2023-23752, which exploits an unauthenticated information disclosure vulnerability in Joomla CMS versions 4.0.0 to 4.2.7. The PoC script extracts the MySQL database credentials by querying the Joomla API endpoint.

The repository contains a functional Python exploit for CVE-2023-23752, which targets an information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.8. The exploit sends a crafted API request to retrieve sensitive configuration data, including user credentials.

This repository contains a functional Python script that exploits CVE-2023-23752, an authentication bypass vulnerability in Joomla versions 4.0.0 to 4.2.7. The exploit leaks sensitive configuration data, including MySQL database credentials, by sending a crafted HTTP request to the Joomla API endpoint.

The repository contains a functional Go-based PoC for CVE-2023-23752, an information disclosure vulnerability in Joomla. The exploit checks for exposed API endpoints that leak sensitive configuration data, including database credentials and user information.

The repository contains a functional Python script that exploits CVE-2023-23752, an authentication bypass vulnerability in Joomla. The script sends a crafted request to the `/api/index.php/v1/config/application?public=true` endpoint to leak database credentials (username and password) from the response.

This repository provides a detailed technical walkthrough of a penetration test on Joomla 4.2.5, including lab setup, vulnerability analysis, and exploitation of CVE-2023-23752 (an improper access control issue in the Joomla Core API). It includes steps for post-exploitation and remediation but does not contain functional exploit code.

The repository contains a functional exploit for CVE-2023-23752, an authentication bypass vulnerability in Joomla CMS versions 4.0.0 to 4.2.7. The exploit script checks the Joomla version and retrieves sensitive information via exposed API endpoints.

The repository contains a functional bash script that exploits CVE-2023-23752, an authentication bypass vulnerability in Joomla! API versions 4.0 to 4.2.7. The script automates the extraction of sensitive information such as user details, application configuration, and contact details by leveraging vulnerable API endpoints.

The exploit script demonstrates an information disclosure vulnerability in Joomla! by querying public API endpoints to retrieve usernames and passwords from the application configuration. It uses simple curl commands to fetch and parse JSON responses.

This repository contains a functional Python script that exploits CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions prior to 4.2.8. The script fetches and displays user details and database configuration by making HTTP requests to exposed API endpoints.

This repository contains a functional Python exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.7. The exploit fetches sensitive user and configuration data via exposed API endpoints.

The repository contains only a README.md file with a brief description of CVE-2023-23752 and mentions an exploit written in C++, but no actual exploit code or technical details are provided.

This repository contains a functional Go-based exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla. The tool queries the Joomla API endpoint to extract database configuration details (type, host, user, password, and prefix) and supports concurrent scanning with proxy functionality.

This repository contains a functional Go-based exploit for CVE-2023-23752, which targets an information disclosure vulnerability in Joomla. The exploit sends a crafted GET request to the vulnerable endpoint `/api/index.php/v1/config/application?public=true` to extract sensitive configuration data, including database credentials.

The repository contains functional Python and Bash scripts that exploit CVE-2023-23752, an access control flaw in Joomla! CMS versions 4.0.0 through 4.2.7. The scripts retrieve sensitive information such as user data and database credentials by querying unauthenticated API endpoints.

The repository contains a functional Python exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions 4.0.0 to 4.2.7. The exploit queries the Joomla API to extract user details and database configuration without authentication.

This repository contains a Python conversion of an existing Ruby exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! v4.2.8. The original Ruby exploit is referenced from Exploit-DB (51334), and the Python version is described as functionally equivalent.

The repository contains a Python script that fetches and displays user and configuration data from a Joomla API endpoint. It does not exploit the vulnerability but scans for exposed information, which is part of the CVE-2023-23752 vulnerability context.

This repository contains a functional Python script that exploits CVE-2023-23752, an unauthorized access vulnerability in Joomla! CMS versions 4.0.0 to 4.2.7. The script sends a crafted request to the Joomla API endpoint to leak sensitive database configuration details, including credentials, and supports both single-target and batch scanning with output to an Excel file.

This repository contains a functional proof-of-concept exploit for CVE-2023-23752, targeting Joomla's API endpoint to extract sensitive configuration data such as database credentials. The script includes a bulk scanner, thread-based execution, and result logging.

This repository contains a Python-based scanner for CVE-2023-23752, which checks for an information disclosure vulnerability in Joomla! by querying a specific API endpoint and extracting database credentials from the response.

The repository contains a Python script that scans Joomla instances for CVE-2023-23752, an unauthorized access vulnerability, by querying the API endpoint to extract database credentials. It does not exploit the vulnerability but detects exposed configurations.

The repository contains a functional Python script that exploits CVE-2023-23752, an improper access check vulnerability in Joomla! 4.0.0 through 4.2.7. The script sends a crafted request to the `/api/index.php/v1/config/application?public=true` endpoint to leak database credentials (host, database name, username, and password).

This exploit PoC checks for CVE-2023-23752, an information disclosure vulnerability in Joomla. It sends a GET request to a specific endpoint to retrieve sensitive configuration data, including credentials, and writes vulnerable URLs to a file.

The repository contains a bash script that scans for CVE-2023-23752, an information disclosure vulnerability in Joomla CMS. It sends HTTP requests to the vulnerable endpoint and parses responses for sensitive data like credentials.

The repository contains a functional Python script that exploits CVE-2023-23752, an information disclosure vulnerability in Joomla < 4.2.8. The script queries unauthenticated API endpoints to retrieve user and configuration data, demonstrating the vulnerability.

This repository contains a functional Python exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! 4.2.8. The exploit queries the `/api/index.php/v1/config/application?public=true` endpoint to extract sensitive credentials from the JSON response.

This repository contains a functional C++ exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions up to 4.2.7. The exploit sends a crafted request to the Joomla API endpoint to retrieve sensitive configuration data, including database credentials.

This repository contains a functional Ruby exploit for CVE-2023-23752, an unauthenticated information disclosure vulnerability in Joomla! versions prior to 4.2.8. The exploit fetches sensitive user and configuration data via exposed API endpoints.

The repository contains functional exploit code for CVE-2007-2447, targeting Samba's usermap script vulnerability. The exploit leverages command injection via the username field to execute a reverse shell payload.

This Metasploit module exploits an improper access check vulnerability in Joomla's API endpoints to enumerate user and configuration data without authentication. It targets Joomla versions 4.0.0 to 4.2.7 by querying the `/api/index.php/v1/users` and `/api/index.php/v1/config/application` endpoints with `public=true` to retrieve sensitive information.