Joomla! < 4.2.8 - Unauthenticated information disclosure
Exploit for CVE-2023-23752 (4.0.0 <= Joomla <= 4.2.7).
Example using gem:
gem install httpx docopt paint # or bundle install
docker-compose up --build
Then reach the installation page http://127.0.0.1:4242/installation/index.php.
Complete the installation (db credentials are
root / MYSQL_ROOT_PASSWORD (cf.
docker-compose.yml) and host is
mysql not localhost).
Warning: of course this setup is not suited for production usage!
Nice resources about the vulnerability:
For more details see exploit.rb.
ACCEIS does not promote or encourage any illegal activity, all content provided by this repository is meant for research, educational, and threat detection purpose only.