srcmini本文概述
Joomla是网站上第二受欢迎的CMS, 拥有超过4.5%的市场份额并正在增长。
安全与网站设计和内容一样重要, 但是我们经常忽略它, 直到负面影响为止。未正确配置/强化的Joomla服务器可能容易受到许多攻击, 包括远程执行代码, SQL注入, 跨站点脚本, 信息泄漏等。
安全性是一个过程周期, 应该始终针对Web应用程序执行该过程周期。在本文中, 我将讨论用于扫描Joomla网站的漏洞的工具, 以保护免受邪恶侵害。
Joomla安全扫描仪
- Hacker Target
- SiteGuarding
- Detectify
- JAMSS
- JUICE
- Security Check
- Joomscan
- Pentest-Tools
Hacker Target
Hacker Target进行的Joomla安全扫描有两个选项。
被动扫描–这是一个免费扫描, 它会执行以下操作。
- Google安全浏览查询
- 目录索引查找
- 外部链接及其网络声誉
- 外部iFrame, JavaScript的列表
- 地理位置和虚拟主机查找
积极主动的扫描–这需要成员身份并进行积极检查, 以检测主题, 扩展, 模块, 组件和Joomla核心中的已知漏洞和漏洞。
SiteGuarding
SiteGuarding是基于云的网站安全扫描程序, 还提供Joomla扩展来分析你的网站。
在扩展的免费版本中, 你将获得以下内容。
- 最多扫描500个文件
- 每日病毒数据库更新
- 报告中
- 每天一次扫描
- 启发式逻辑
你可能还需要尝试其Antivirus Scanner扩展。
Detectify
Detectify是一款适用于企业的SaaS扫描程序, 可用于全面的网站审核, 包括OWASP排名前10位的漏洞在内, 共有1000多个漏洞。它对CMS(如Joomla, WordPress, Drupal等)进行安全检查, 以确保涵盖特定于CMS的漏洞。
它不是完全免费的, 但你可以利用他们的试用版来查看其工作原理。
JAMSS
JAMSS(Joomla反恶意软件扫描脚本)是你必须安装在网站根目录上的脚本。
脚本安装只不过是将文件jamss.php上传到你的webroot。 JAMSS识别典型的指纹, 可能已被破坏的痕迹。该脚本不会损害任何内容, 也不会访问扫描报告;你只需访问yourwebsite.com/jamss.php
JUICE
通过SUCURI进行站点检查, 检查已知恶意软件, 黑名单, 垃圾邮件, 污损, 并在Web服务器上为你提供信息, 链接和包含的脚本。
Security Check
安全检查扩展程序可以保护你的网站免受90多种攻击模式的侵扰, 并且具有内置的漏洞检查功能, 可以测试已安装的扩展程序是否存在任何安全风险。
Joomscan
Joomscan是最受欢迎的开源工具之一, 可帮助你查找Joomla Core, Components和SQL Injection, Command执行的已知漏洞。你可以通过两种方法来运行它。
- 从OWASP网站下载并安装在你的PC上
- 使用带有600多种工具(包括Joomscan)的Kali Linux
一旦安装了Joomscan, 就可以在Joomla站点上运行它以扫描漏洞。
./joomscan –u http://joomlawebsite.com例如, 我执行了测试站点。
[email protected]:~# joomscan -oh -u http://techpostal.com
..|''|| '|| '||' '|' | .|'''.| '||''|.
.|' || '|. '|. .' ||| ||.. ' || ||
|| || || || | | || ''|||. ||...|'
'|. || ||| ||| .''''|. . '|| ||
''|...|' | | .|. .||. |'....|' .||.
=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================
Vulnerability Entries: 611
Last update: February 2, 2012
Use "update" option to update the database
Use "check" option to check the scanner update
Use "download" option to download the scanner latest version package
Use svn co to update the scanner and the database
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
Target: http://techpostal.com
Server: Apache
X-Powered-By: PHP/5.4.45
## Checking if the target has deployed an Anti-Scanner measure
[!] Scanning Passed ..... OK
## Detecting Joomla! based Firewall ...
[!] No known firewall detected!
## Fingerprinting in progress ...
Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
~Unable to detect the version. Is it sure a Joomla?
## Fingerprinting done.
Vulnerabilities Discovered
==========================
# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes
# 2
Info -> Generic: Unprotected Administrator directory
Versions Affected: Any
Check: /administrator/
Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
Vulnerable? Yes
# 3
Info -> Core: Multiple XSS/CSRF Vulnerability
Versions Affected: 1.5.9 <=
Check: /?1.5.9-x
Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
Vulnerable? N/A
# 4
Info -> Core: JSession SSL Session Disclosure Vulnerability
Versions effected: Joomla! 1.5.8 <=
Check: /?1.5.8-x
Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session.
Vulnerable? N/A
# 5
Info -> Core: Frontend XSS Vulnerability
Versions effected: 1.5.10 <=
Check: /?1.5.10-x
Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
Vulnerable? N/A
# 6
Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
Versions effected: 1.5.11 <=
Check: /?1.5.11-x-http_ref
Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
Vulnerable? N/A
# 7
Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
Versions effected: 1.5.11 <=
Check: /?1.5.11-x-php-s3lf
Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
Vulnerable? N/A
# 8
Info -> Core: Authentication Bypass Vulnerability
Versions effected: Joomla! 1.5.3 <=
Check: /administrator/
Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled
Vulnerable? N/A
# 9
Info -> Core: Path Disclosure Vulnerability
Versions effected: Joomla! 1.5.3 <=
Check: /?1.5.3-path-disclose
Exploit: Crafted URL can disclose absolute path
Vulnerable? N/A
# 10
Info -> Core: User redirected Spamming Vulnerability
Versions effected: Joomla! 1.5.3 <=
Check: /?1.5.3-spam
Exploit: User redirect spam
Vulnerable? N/A
# 11
Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
Versions effected: 1.0.13 <=
Check: /administrator/
Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
Vulnerable? N/A
# 12
Info -> CoreComponent: com_content SQL Injection Vulnerability
Version Affected: Joomla! 1.0.0 <=
Check: /components/com_content/
Exploit: /index.php?option=com_content&task=blogcategory&id=60&Itemid=99999+UNION+SELECT+1, concat(0x1e, username, 0x3a, password, 0x1e, 0x3a, usertype, 0x1e), 3, 4, 5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Vulnerable? No
# 13
Info -> CoreComponent: com_search Remote Code Execution Vulnerability
Version Affected: Joomla! 1.5.0 beta 2 <=
Check: /components/com_search/
Exploit: /index.php?option=com_search&Itemid=1&searchword=%22%3Becho%20md5(911)%3B
Vulnerable? No
# 14
Info -> CoreComponent: MailTo SQL Injection Vulnerability
Versions effected: N/A
Check: /components/com_mailto/
Exploit: /index.php?option=com_mailto&tmpl=mailto&article=550513+and+1=2+union+select+concat(username, char(58), password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&Itemid=1
Vulnerable? No
# 15
Info -> CoreComponent: com_content Blind SQL Injection Vulnerability
Versions effected: Joomla! 1.5.0 RC3
Check: /components/com_content/
Exploit: /index.php?option=com_content&view=%' +'a'='a&id=25&Itemid=28
Vulnerable? No
# 16
Info -> CoreComponent: com_content XSS Vulnerability
Version Affected: Joomla! 1.5.7 <=
Check: /components/com_content/
Exploit: The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc). This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration.
Vulnerable? N/A
# 17
Info -> CoreComponent: com_mailto Email Spam Vulnerability
Version Affected: Joomla! 1.5.6 <=
Check: /components/com_mailto/
Exploit: The mailto component does not verify validity of the URL prior to sending.
Vulnerable? N/A
# 18
Info -> CoreComponent: com_content view=archive SQL Injection Vulnerability
Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1
Check: /components/com_content/
Exploit: Unfiltered POST vars - filter, month, year to /index.php?option=com_content&view=archive
Vulnerable? No
# 19
Info -> CoreComponent: com_content XSS Vulnerability
Version Affected: Joomla! 1.5.9 <=
Check: /components/com_content/
Exploit: A XSS vulnerability exists in the category view of com_content.
Vulnerable? N/A
# 20
Info -> CoreComponent: com_users XSS Vulnerability
Version Affected: Joomla! 1.5.10 <=
Check: /components/com_users/
Exploit: A XSS vulnerability exists in the user view of com_users in the administrator panel.
Vulnerable? N/A
# 21
Info -> CoreComponent: com_installer CSRF Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /administrator/components/com_installer/
Exploit: N/A
Vulnerable? N/A
# 22
Info -> CoreComponent: com_search Memory Comsumption DoS Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /components/com_search/
Exploit: N/A
Vulnerable? No
# 23
Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability
Versions effected: N/A
Check: /components/com_banners/
Exploit: /index.php?option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?option=com_banners&task=archivesection&id=0'+and+'1'='2
Vulnerable? No
# 24
Info -> CoreComponent: com_mailto timeout Vulnerability
Versions effected: 1.5.13 <=
Check: /components/com_mailto/
Exploit: [Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails.
Vulnerable? N/A正如你在结果上方看到的那样, 它正在扫描20多个漏洞, 并告知你是否存在任何漏洞, 以便你修复和保护Joomla。
Pentest-Tools
Pentest-Tools的Joomla漏洞扫描由JoomlaVS工具提供支持。
你可以在你的站点上运行此测试, 以快速确定核心, 模板和模块是否易受攻击。测试完成后, 它将生成包含所有发现详细信息的精美报告。这就像执行渗透测试。
总结
希望以上工具能帮助你扫描Joomla的漏洞, 并确保你的网站安全。以下是一些有用的资源, 可帮助你及时了解安全性。
- Joomla漏洞扩展列表– http://vel.joomla.org/
- Joomla CVE详细信息– http://www.cvedetails.com/vulnerability-list/vendor_id-3496/product_id-16499/Joomla-Joomla-.html
- Joomla开发人员网络(安全中心)– http://developer.joomla.org/security-centre.html
- Joomla安全文档– https://docs.joomla.org/Security
- 扫描网站安全性的工具– https://geekflare.com/online-scan-website-security-vulnerabilities/
- Joomla安全最佳做法-https://geekflare.com/joomla-security/
评论前必须登录!
注册