Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org

OWASP Joomla! (CMS)Vulnerability ScannerRelease Flyer

Aung KhantYGN Ethical Hacker Group,Myanmarhttp://yehg.net/

07/17/2009

OWASP 2

Current Release: 0.0.3

Implemented 200 defense bypassThis is bypass web servers which respond with 200 for every 404, which is affectively killing the scanner, producing very noisy reports about false positives, rendering vulnerability detection useless. 200 defense can kill nearly most scanners today.

Added vulnerability information till 08-18-09 Added fingerprinting signature till Joomla!

1.5.14 Added anti-caching mechanism in update check Added Graph facility in HTML reporting

OWASP 3

Former Release: 0.0.2

Changed report location.~ will save report under report/ directory.

Removed "Poke Version" -pv command optionVersion fingerprinting is run by default now till the future versions But you can skip it using -nv (No version check) option

Improved fingerprinting engineTo find more exact version and to provide most approximate version range without making you calculate it anymore. Please see the sample output:

OWASP 4

Former Release: 0.0.2

Fingerprint in 0.0.1~Generic version family ....... [1.5.x]~1.5.x htaccess.txt revealed [1.5.4 - 1.5.11]~1.5.x configuration.php-dist revealed [1.5.1 - 1.5.8]~1.5.x en-GB.xml revealed [1.5.2 - 1.5.6]~1.5.x en-GB.ini revealed [1.5.4 - 1.5.7]

Fingerprint in 0.0.2~Generic version family ....... [1.5.x]~1.5.x htaccess.txt revealed [1.5.4 - 1.5.11]~1.5.x configuration.php-dist revealed [1.5.1 - 1.5.8]~1.5.x en-GB.xml revealed [1.5.2 - 1.5.6]~1.5.x en-GB.ini revealed [1.5.4 - 1.5.7]…skip…* Deduced version range is : [1.5.5 - 1.5.6]

OWASP 5

Former Release: 0.0.2

Updated fingerprinting signature up to current Joomla! version 1.5.12

Updated vulnerability information up to July 12, 2009

Made vulnerability information neat by labelling as Generic, Core, Component, Plugin.

Fixed parsing bug in listing components

OWASP 6

Former Release: 0.0.2

Added components detectability in re-routed URL (/component/option,com_xxxx)

Made finer report format: HTML

Added Joomla! related firewall/defense detection

OWASP 7

Former Release: 0.0.1

New and Improved Fingerprinting Engine ( which can almost detect exact version of Joomla 1.0.x and Joomla 1.5.x)

Updated database till 1.5.9

In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request

OWASP

OWASP Joomla! Vulnerability Scanner

Project URLhttp://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

Mailing Listhttps://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner

Download URLshttp://yehg.net/lab/pr0js/files.php/joomscan-latest.ziphttp://sf.net/projects/joomscan

8