Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Joomify: CVE-2023-23752

Max room.

Learn how to exploit a Joomla CMS using CVE-2023-23752 and understand various mitigation techniques.

medium

40 min

4,608

User profile photo.
User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

Joomla is a free and open-source Content Management System () that is widely used to build blogging websites. At the time of writing (opens in new tab), the platform ranks 5th, surpassing other vital platforms like Bitrix, Drupal, etc. In Feb 2023, the platform identified a vulnerability that allowed unauthorized users to fetch information from various web endpoints without prior authentication. The vulnerability was identified by Zewei Zhang from NSFOCUS TIANJI Lab and was assigned the severity Medium  and CVE-ID 2023-23752 .

 

Learning Objective
  • Primary techniques to exploit a Joomla CMS through 2023-23752
  • How medium-level vulnerabilities can lead from information disclosure to complete Remote Code Execution (RCE)
  • Protection and mitigation measures

Course Pre-requisites
Understanding the following topics is recommended before starting the course:-

Connecting to the Machine
We will use a Ubuntu-based machine to demonstrate the room's red and blue team perspective. L et’s start the Lab Machine by pressing the Start Lab Machine button at the top of this task. You may access the VM using the AttackBox or your VPN connection . Please wait 1-2 minutes after the system boots completely to let the auto scripts run successfully.

 

You can access the vulnerable Joomla application hosted at http://MACHINE_IP for the red teaming exercise.

For the blue team exercise and prevention from the attack, we have installed an AWS OpenSearch SIEM solution that will allow detection of the vulnerability and attack through pre-defined rules.

 

  • IP:  http://MACHINE_IP:5601/  
  • Username:    admin
  • Password:    admin

Let's begin!

Answer the questions below
I can successfully connect with the machine.