API tools faq
paste
Guest User

#1 joomscan site:.dk Majaxtn

a guest
Aug 23rd, 2014
385
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.30 KB | None | 0 0
raw download clone embed print report
  1. root@Muslim:~# joomscan -u http://theilgaards-selskabslokaler.dk
  2.  
  3.  
  4. ..|''|| '|| '||' '|' | .|'''.| '||''|.
  5. .|' || '|. '|. .' ||| ||.. ' || ||
  6. || || || || | | || ''|||. ||...|'
  7. '|. || ||| ||| .''''|. . '|| ||
  8. ''|...|' | | .|. .||. |'....|' .||.
  9.  
  10.  
  11. =================================================================
  12. OWASP Joomla! Vulnerability Scanner v0.0.4
  13. (c) Aung Khant, aungkhant]at[yehg.net
  14. YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
  15. Update by: Web-Center, http://web-center.si (2011)
  16. =================================================================
  17.  
  18.  
  19. Vulnerability Entries: 611
  20. Last update: February 2, 2012
  21.  
  22. Use "update" option to update the database
  23. Use "check" option to check the scanner update
  24. Use "download" option to download the scanner latest version package
  25. Use svn co to update the scanner and the database
  26. svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
  27.  
  28.  
  29. Target: http://theilgaards-selskabslokaler.dk
  30.  
  31. Server: - Meebox Web acceleration -
  32. X-Powered-By: PHP/5.4.25
  33.  
  34.  
  35. ## Checking if the target has deployed an Anti-Scanner measure
  36.  
  37. [!] Scanning Passed ..... OK
  38.  
  39.  
  40. ## Detecting Joomla! based Firewall ...
  41.  
  42. [!] .htaccess shipped with Joomla! is being deployed for SEO purpose
  43. [!] It contains some defensive mod_rewrite rules
  44. [!] Payloads that contain strings (mosConfig,base64_encode,<script>
  45. GLOBALS,_REQUEST) wil be responsed with 403.
  46.  
  47.  
  48. ## Fingerprinting in progress ...
  49.  
  50. Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
  51. ~Generic version family ....... [1.5.x]
  52.  
  53.  
  54. * Deduced version range is : [1.5.? - 1.5.?]
  55.  
  56. ## Fingerprinting done.
  57.  
  58.  
  59. ## 3 Components Found in front page ##
  60.  
  61. com_content com_imageshow%26view=show%26showcase_id=2%26format=showcase
  62. com_imageshow%26view=show%26showlist_id=2%26format=showlist
  63.  
  64.  
  65.  
  66.  
  67. Vulnerabilities Discovered
  68. ==========================
  69.  
  70. # 1
  71. Info -> Generic: Unprotected Administrator directory
  72. Versions Affected: Any
  73. Check: /joomla/administrator/
  74. Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
  75. Vulnerable? Yes
  76.  
  77. # 2
  78. Info -> Core: Multiple XSS/CSRF Vulnerability
  79. Versions Affected: 1.5.9 <=
  80. Check: /?1.5.9-x
  81. Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
  82. Vulnerable? N/A
  83.  
  84. # 3
  85. Info -> Core: JSession SSL Session Disclosure Vulnerability
  86. Versions effected: Joomla! 1.5.8 <=
  87. Check: /?1.5.8-x
  88. Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session.
  89. Vulnerable? N/A
  90.  
  91. # 4
  92. Info -> Core: Frontend XSS Vulnerability
  93. Versions effected: 1.5.10 <=
  94. Check: /?1.5.10-x
  95. Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
  96. Vulnerable? N/A
  97.  
  98. # 5
  99. Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
  100. Versions effected: 1.5.11 <=
  101. Check: /?1.5.11-x-http_ref
  102. Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
  103. Vulnerable? N/A
  104.  
  105. # 6
  106. Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
  107. Versions effected: 1.5.11 <=
  108. Check: /?1.5.11-x-php-s3lf
  109. Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
  110. Vulnerable? N/A
  111.  
  112. # 7
  113. Info -> Core: Authentication Bypass Vulnerability
  114. Versions effected: Joomla! 1.5.3 <=
  115. Check: /joomla/administrator/
  116. Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled
  117. Vulnerable? N/A
  118.  
  119. # 8
  120. Info -> Core: Path Disclosure Vulnerability
  121. Versions effected: Joomla! 1.5.3 <=
  122. Check: /?1.5.3-path-disclose
  123. Exploit: Crafted URL can disclose absolute path
  124. Vulnerable? N/A
  125.  
  126. # 9
  127. Info -> Core: User redirected Spamming Vulnerability
  128. Versions effected: Joomla! 1.5.3 <=
  129. Check: /?1.5.3-spam
  130. Exploit: User redirect spam
  131. Vulnerable? N/A
  132.  
  133. # 10
  134. Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
  135. Versions effected: 1.0.13 <=
  136. Check: /joomla/administrator/
  137. Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
  138. Vulnerable? N/A
  139.  
  140. # 11
  141. Info -> CoreComponent: com_admin File Inclusion Vulnerability
  142. Versions Affected: N/A
  143. Check: /joomla/administrator/components/com_admin/admin.admin.html.php
  144. Exploit: /administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
  145. Vulnerable? No
  146.  
  147. # 12
  148. Info -> CoreComponent: com_installer CSRF Vulnerability
  149. Versions effected: Joomla! 1.5.0 Beta
  150. Check: /joomla/administrator/components/com_installer/
  151. Exploit: N/A
  152. Vulnerable? N/A
  153.  
  154. # 13
  155. Info -> Component: Dada Mail Manager Component Remote File Inclusion Vulnerability
  156. Version Affected: 2.6 <=
  157. Check: /joomla/administrator/components/
  158. Exploit: /administrator/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=
  159. Vulnerable? No
  160.  
  161. # 14
  162. Info -> Component: Joomla Component com_searchlog SQL Injection
  163. Versions Affected: 3.1.0 <=
  164. Check: /joomla/administrator/index.php?option=com_searchlog&act=log
  165. Exploit: /administrator/index.php?option=com_searchlog&act=log
  166. Vulnerable? No
  167.  
  168. # 15
  169. Info -> Component: Joomla Component com_djartgallery Multiple Vulnerabilities
  170. Versions Affected: 0.9.1 <=
  171. Check: /joomla/administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
  172. Exploit: /administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
  173. Vulnerable? N/A
  174.  
  175. There is a vulnerable point in 15 found entries!
  176.  
  177. ~[*] Time Taken: 15 min and 14 sec
  178. ~[*] Send bugs, suggestions, contributions to joomscan@yehg.net
  179. root@Muslim:~#
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!