Upload
joshua-finley
View
16
Download
0
Embed Size (px)
DESCRIPTION
OWASP Joomla! (CMS) Vulnerability Scanner Project Flyer. Aung Khant YGN Ethical Hacker Group, Myanmar http://yehg.net/. 07/17/2009. About Joomla! CMS. Former code base as Mambo CMS One of the most widely used CMS Admin/Developer/Webmaster friendliness - PowerPoint PPT Presentation
Citation preview
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP Joomla! (CMS)Vulnerability ScannerProject Flyer
Aung KhantYGN Ethical Hacker Group,Myanmarhttp://yehg.net/
07/17/2009
OWASP 2
About Joomla! CMS
Former code base as Mambo CMS
One of the most widely used CMS
Admin/Developer/Webmaster friendliness
Easy to deploy, restore, backward compatibility
Download, extract, upload, configure, Then up and running within a few minutes
Hundreds of extensions for every possible type of web sites – E-Commerce, Forum, Shopping, …etc
OWASP 3
About Joomla! CMS (cont)
Extensions comprise of: - Components
- Modules- Plugins- Templates
Increasing large user community
Every modern web hosting provider has one-click Joomla! CMS installer
OWASP
Joomla’s Best Quote:
4
Joomla! makes it easy to launch a Web site of any kind.
Experience the Freedom ! It has never been easier to create your own dynamic Web site.
Manage all your content from the best CMS admin interface and in virtually any language you speak .
OWASP
When it comes to security …
Popularity has attracted attackers
Continual vulnerability disclosure publish since its the first release
Hundreds of extensions mean hundreds of possible doors to exploit
Third-party components vulnerabilities disclosed nearly every two or three month
OWASP
How Joomla! Developers React (In)Security
Formed JSST (Joomla! Security Strike Team)
Fix flaw codes found and reported within a few timeline frame
Cover holes in the Core Application Framework
OWASP
When there is a need for security …
Although Joomla! Developers are active in patching security holes, extensions developers may not be
Free extensions stopped updates or abandoned by their authors
Older commercial extensions stopped support or providers even removed some from their product lines
Webmasters can update latest bug-free Joomla! but not vulnerable third-party components, which are main functionalities of their sites
OWASP
When there is a need for security …
Vulnerable components get not fixed for a long time
Attackers find them via Google Dork and hack
Webmasters have no idea of how their sites are hacked
OWASP
Joomla! Mass Worm in the wild
Joomla! 1.5.5 was vulnerable to Admin Token Password Change vulnerability
Attackers’ wrote Mass Worm which exploits it to replace the index page with malicious iframes
Victim sites got into Google’s blacklists every quickly
OWASP
A Need for Pentesters
When pentesting Joomla! Sites, we cannot know what vulnerable hidden extensions are being used
There is a possible chance to miss critical vulnerabilities
No single exploit hosting sites have perfect Joomla! and its extensions vulnerabilities
OWASP
A Need for Pentesters
Existing Joomla! vulnerability scanners in the wild are lack of updates and all possible types of holes
No single exploit hosting sites have perfect Joomla! and its extensions vulnerabilities
Adding signature database to Nikto/W3AF will not be appropriate as there are some subtle things involved
OWASP
OWASP Joomla! Vulnerability Scanner Born!
Started in November, 2008 as a personal project
Released in December 2008 at SourceForge.net
Donated to OWASP in May 2009
Became Release Quality Tool in July 2009
OWASP
OWASP Joomla! Vulnerability Scanner
Author: Aung Khant (YGN Ethical Hacker Group, http://yehg.net)
Reviewers1st – Brad Causey 2nd - Matt Tesauro 3rd - Tom Brennan (OWASP Board)4th Paulo Coimbra (Project Manager)
OWASP
OWASP Joomla! Vulnerability Scanner
Main Features: Joomla! based web firewalls probing
Extensive version probingIn most cases, the scanner can tell the exact version the Joomla!
Search for vulnerabilities in Joomla! Core Application Frame in hundreds of popular components
Immediate update via SVN / Scanner
OWASP
OWASP Joomla! Vulnerability Scanner
Main Features (cont):Report output of textual and HTML format
Current Limitations:Lack of IDS bypass mechanismNot have 100% complete vulnerability
databaseMay generate false positives under the
disguise of security savvy web administrators