0xvoodoo/PoCs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reformat the repo to store all my PoCs and add CVE-2025-24893

Browse Source
This commit is contained in:
0xVoodoo
2025-08-18 13:56:34 -06:00
parent 14c0141694
commit 9788148d65
5 changed files with 179 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+6 -22
View File
@@ -1,27 +1,11 @@
# CVE-2023-23752 - Joomla Information Disclosure
# PoCs
Yo, I needed to use this exploit in a HTB machine and the only other PoC I could find was written in ruby...
This repo contains proof of concept exploits for vulnerabilities I've come across in pentests and CTFs. This goes without saying but I am not liable for any misuse of these scripts, please be responsible.
I didn't wanna mess with the ruby dependancies so I just re-wrote it in python "real quick".
---
This is basically just a parser for the JSON returned by the open API endpoints, this can be replicated easily with CURL or a web browser by hitting the following endpoints:
#### User Info
`/api/index.php/v1/config/applicaton?public=true`
#### Config Info
`/api/index.php/v1/config/application?public=true"`
## Usage
`python3 CVE-2023-23752.py -t <target_url>`
---
# Exploits
- [CVE-2023-23752](https://github.com/0xVoodoo/PoCs/CVE-2023-23752) - Information disclosure in Joomla CMS.
- [CVE-2025-24893](https://github.com/0xVoodoo/PoCs/CVE-2025-24893) - RCE in XWiki.
# License
GPL v3.0 - as all good software should be
Remember - don't be a skid :)
GPLv3 as all good software (or exploits I guess) should be.