To access material, start machines and answer questions login.
Set up your virtual environment
Joomla is a free and open-source Content Management System () that is widely used to build blogging websites. At the time of writing (opens in new tab), the platform ranks 5th, surpassing other vital platforms like Bitrix, Drupal, etc. In Feb 2023, the platform identified a vulnerability that allowed unauthorized users to fetch information from various web endpoints without prior authentication. The vulnerability was identified by Zewei Zhang from NSFOCUS TIANJI Lab and was assigned the severity Medium
and CVE-ID 2023-23752
.
- Primary techniques to exploit a Joomla CMS through 2023-23752
- How medium-level vulnerabilities can lead from information disclosure to complete Remote Code Execution (RCE)
- Protection and mitigation measures
Course Pre-requisites
Understanding the following topics is recommended before starting the course:-
Connecting to the Machine
We will use a Ubuntu-based machine to demonstrate the room's red and blue team perspective. L et’s start the Lab Machine by pressing the Start Lab Machine
button at the top of this task. You may access the VM using the AttackBox or your VPN connection . Please wait 1-2 minutes after the system boots completely to let the auto scripts run successfully.
You can access the vulnerable Joomla application hosted at http://MACHINE_IP
for the red teaming exercise.
For the blue team exercise and prevention from the attack, we have installed an AWS OpenSearch SIEM solution that will allow detection of the vulnerability and attack through pre-defined rules.
- IP:
http://MACHINE_IP:5601/ - Username:
admin - Password:
admin
Let's begin!
Ready to learn Cyber Security?
The Joomify: CVE-2023-23752 room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in

