Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@Muslim:~# joomscan -u http://theilgaards-selskabslokaler.dk
- ..|''|| '|| '||' '|' | .|'''.| '||''|.
- .|' || '|. '|. .' ||| ||.. ' || ||
- || || || || | | || ''|||. ||...|'
- '|. || ||| ||| .''''|. . '|| ||
- ''|...|' | | .|. .||. |'....|' .||.
- =================================================================
- OWASP Joomla! Vulnerability Scanner v0.0.4
- (c) Aung Khant, aungkhant]at[yehg.net
- YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
- Update by: Web-Center, http://web-center.si (2011)
- =================================================================
- Vulnerability Entries: 611
- Last update: February 2, 2012
- Use "update" option to update the database
- Use "check" option to check the scanner update
- Use "download" option to download the scanner latest version package
- Use svn co to update the scanner and the database
- svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
- Target: http://theilgaards-selskabslokaler.dk
- Server: - Meebox Web acceleration -
- X-Powered-By: PHP/5.4.25
- ## Checking if the target has deployed an Anti-Scanner measure
- [!] Scanning Passed ..... OK
- ## Detecting Joomla! based Firewall ...
- [!] .htaccess shipped with Joomla! is being deployed for SEO purpose
- [!] It contains some defensive mod_rewrite rules
- [!] Payloads that contain strings (mosConfig,base64_encode,<script>
- GLOBALS,_REQUEST) wil be responsed with 403.
- ## Fingerprinting in progress ...
- Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
- ~Generic version family ....... [1.5.x]
- * Deduced version range is : [1.5.? - 1.5.?]
- ## Fingerprinting done.
- ## 3 Components Found in front page ##
- com_content com_imageshow%26view=show%26showcase_id=2%26format=showcase
- com_imageshow%26view=show%26showlist_id=2%26format=showlist
- Vulnerabilities Discovered
- ==========================
- # 1
- Info -> Generic: Unprotected Administrator directory
- Versions Affected: Any
- Check: /joomla/administrator/
- Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
- Vulnerable? Yes
- # 2
- Info -> Core: Multiple XSS/CSRF Vulnerability
- Versions Affected: 1.5.9 <=
- Check: /?1.5.9-x
- Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
- Vulnerable? N/A
- # 3
- Info -> Core: JSession SSL Session Disclosure Vulnerability
- Versions effected: Joomla! 1.5.8 <=
- Check: /?1.5.8-x
- Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session.
- Vulnerable? N/A
- # 4
- Info -> Core: Frontend XSS Vulnerability
- Versions effected: 1.5.10 <=
- Check: /?1.5.10-x
- Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
- Vulnerable? N/A
- # 5
- Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
- Versions effected: 1.5.11 <=
- Check: /?1.5.11-x-http_ref
- Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
- Vulnerable? N/A
- # 6
- Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
- Versions effected: 1.5.11 <=
- Check: /?1.5.11-x-php-s3lf
- Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
- Vulnerable? N/A
- # 7
- Info -> Core: Authentication Bypass Vulnerability
- Versions effected: Joomla! 1.5.3 <=
- Check: /joomla/administrator/
- Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled
- Vulnerable? N/A
- # 8
- Info -> Core: Path Disclosure Vulnerability
- Versions effected: Joomla! 1.5.3 <=
- Check: /?1.5.3-path-disclose
- Exploit: Crafted URL can disclose absolute path
- Vulnerable? N/A
- # 9
- Info -> Core: User redirected Spamming Vulnerability
- Versions effected: Joomla! 1.5.3 <=
- Check: /?1.5.3-spam
- Exploit: User redirect spam
- Vulnerable? N/A
- # 10
- Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
- Versions effected: 1.0.13 <=
- Check: /joomla/administrator/
- Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
- Vulnerable? N/A
- # 11
- Info -> CoreComponent: com_admin File Inclusion Vulnerability
- Versions Affected: N/A
- Check: /joomla/administrator/components/com_admin/admin.admin.html.php
- Exploit: /administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
- Vulnerable? No
- # 12
- Info -> CoreComponent: com_installer CSRF Vulnerability
- Versions effected: Joomla! 1.5.0 Beta
- Check: /joomla/administrator/components/com_installer/
- Exploit: N/A
- Vulnerable? N/A
- # 13
- Info -> Component: Dada Mail Manager Component Remote File Inclusion Vulnerability
- Version Affected: 2.6 <=
- Check: /joomla/administrator/components/
- Exploit: /administrator/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=
- Vulnerable? No
- # 14
- Info -> Component: Joomla Component com_searchlog SQL Injection
- Versions Affected: 3.1.0 <=
- Check: /joomla/administrator/index.php?option=com_searchlog&act=log
- Exploit: /administrator/index.php?option=com_searchlog&act=log
- Vulnerable? No
- # 15
- Info -> Component: Joomla Component com_djartgallery Multiple Vulnerabilities
- Versions Affected: 0.9.1 <=
- Check: /joomla/administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
- Exploit: /administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
- Vulnerable? N/A
- There is a vulnerable point in 15 found entries!
- ~[*] Time Taken: 15 min and 14 sec
- ~[*] Send bugs, suggestions, contributions to joomscan@yehg.net
- root@Muslim:~#
Add Comment
Please, Sign In to add comment