Uzatmadan Konuya Geçiyim
Kullanıcağımız Araç >> https://github.com/rastating/joomlavs.git
Kurulum & Kullanım
Kurulum Tamamlandı Şimdi Kullanımına Geçelim
Hedef Site >> https://www.hiphoplife.com.tr/
Kullandığım Parametre
Kolay Gelsin
Kullanıcağımız Araç >> https://github.com/rastating/joomlavs.git
Kurulum & Kullanım
Kod:
git clone https://github.com/rastating/joomlavs.git
gem install bundler && bundle install
apt-get install build-essential patch
apt-get install ruby-dev zlib1g-dev liblzma-dev libcurl4-openssl-devHedef Site >> https://www.hiphoplife.com.tr/
Kullandığım Parametre
Kod:
ruby joomlavs.rb -u https://www.hiphoplife.com.tr/ --scan-all
Kod:
r00t@xrototexx:~/joomlavs$ ruby joomlavs.rb -u https://www.hiphoplife.com.tr/ --scan-all
----------------------------------------------------------------------
██╗ ██████╗ ██████╗ ███╗ ███╗██╗ █████╗ ██╗ ██╗███████╗
██║██╔═══██╗██╔═══██╗████╗ ████║██║ ██╔══██╗██║ ██║██╔════╝
██║██║ ██║██║ ██║██╔████╔██║██║ ███████║██║ ██║███████╗
██ ██║██║ ██║██║ ██║██║╚██╔╝██║██║ ██╔══██║╚██╗ ██╔╝╚════██║
╚█████╔╝╚██████╔╝╚██████╔╝██║ ╚═╝ ██║███████╗██║ ██║ ╚████╔╝ ███████║
╚════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝
----------------------------------------------------------------------
[+] URL: https://www.hiphoplife.com.tr/
[+] Started: Wed Oct 31 16:51:39 2018
[+] Found 2 interesting headers.
| Server: nginx
| X-Powered-By: ["PHP/5.6.38", "PleskLin"]
[+] Joomla version 1.5.15 identified from language file (en-GB.xml)
[!] Found 7 vulnerabilities affecting this version of Joomla!
[!] Title: Joomla Akeeba Kickstart Unserialize Remote Code Execution
| Reference: https://www.exploit-db.com/exploits/35033
| Reference: http://www.cvedetails.com/cve/CVE-2014-7228
[i] Fixed in: 3.3.5
[!] Title: Joomla! 1.5.x - Cross-Site Scripting and Information Disclosure Vulnerabilities
| Reference: https://www.exploit-db.com/exploits/33061
[i] Fixed in: 1.6
[!] Title: Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities
| Reference: https://www.exploit-db.com/exploits/36176
[i] Fixed in: 1.7.1
[!] Title: Joomla! 1.5.x SQL Error Information Disclosure Vulnerability
| Reference: https://www.exploit-db.com/exploits/34955
[i] Fixed in: 1.5.22
[!] Title: Joomla 1.5 - 3.4.5 - Object Injection Remote Command Execution
| Reference: https://www.exploit-db.com/exploits/38977
| Reference: http://www.cvedetails.com/cve/CVE-2015-8562
[i] Fixed in: 3.4.6
[!] Title: Remote Code Execution in third-party PHPMailer library
| Reference: http://www.cvedetails.com/cve/CVE-2016-10033
| Reference: http://www.cvedetails.com/cve/CVE-2016-10045
[i] Fixed in: 3.6.5
[!] Title: Joomla! < 2.5.2 - Admin Creation
| Reference: https://www.exploit-db.com/exploits/41156
| Reference: http://www.cvedetails.com/cve/CVE-2012-1563
[i] Fixed in: 2.5.3
[+] Scanning for vulnerable components...
[!] Found 6 vulnerable components.
------------------------------------------------------------------
[+] Name: Weblinks - v1.5.0
| Location: https://www.hiphoplife.com.tr/administrator/components/com_weblinks
| Manifest: https://www.hiphoplife.com.tr/administrator/components/com_weblinks/weblinks.xml
| Description: This component shows a listing of Weblinks
| Author: Joomla! Project
| Author URL: www.joomla.org
[!] Title: Joomla! 'com_weblinks' Component - 'id' Parameter SQL Injection Vulnerability
| Reference: https://www.exploit-db.com/exploits/33812
[!] Title: Joomla! 'com_weblinks' Component - 'Itemid' Parameter SQL Injection Vulnerability
| Reference: https://www.exploit-db.com/exploits/34475
------------------------------------------------------------------
[+] Name: Kunena - v1.6.1
| Location: https://www.hiphoplife.com.tr/administrator/components/com_kunena
| Manifest: https://www.hiphoplife.com.tr/administrator/components/com_kunena/kunena.xml
| Description: Kunena Forum
| Author: Kunena Team
| Author URL: http://www.kunena.org
[!] Title: Scriptegrator plugin for Joomla! 1.5 - File Inclusion Vulnerability (0day)
| Reference: https://www.exploit-db.com/exploits/17394
[!] Title: Joomla Component Kunena Forums (com_kunena) bSQL Injection Exploit
| Reference: https://www.exploit-db.com/exploits/9408
[!] Title: Joomla Component com_kunena - BlindSQL Injection Vulnerability
| Reference: https://www.exploit-db.com/exploits/11279
[!] Title: Joomla Kunena Component (index.php search parameter) SQL Injection
| Reference: https://www.exploit-db.com/exploits/22153
------------------------------------------------------------------
[+] Name: JCE - v1.5.7.5
| Location: https://www.hiphoplife.com.tr/administrator/components/com_jce
| Manifest: https://www.hiphoplife.com.tr/administrator/components/com_jce/jce.xml
| Description: JCE ADMIN DESC
| Author: Ryan Demmer
| Author URL: www.joomlacontenteditor.net
[!] Title: JCE Joomla Extension <= 2.0.10 - Multiple Vulnerabilities
| Reference: https://www.exploit-db.com/exploits/17734
[i] Fixed in: 2.0.10.1
[!] Title: Joomla JCE Component (com_jce) Blind SQL Injection Vulnerability
| Reference: https://www.exploit-db.com/exploits/17136
------------------------------------------------------------------
[+] Name: JComments - v2.2.0.2
| Location: https://www.hiphoplife.com.tr/administrator/components/com_jcomments
| Manifest: https://www.hiphoplife.com.tr/administrator/components/com_jcomments/jcomments.xml
| Description: JComments lets your users comment on content items.
| Author: smart
| Author URL: http://www.joomlatune.ru
[!] Title: JoomlaTune JComments 2.1 Joomla! Component - 'ComntrNam' Parameter Cross-Site Scripting Vulnerability
| Reference: https://www.exploit-db.com/exploits/33998
------------------------------------------------------------------
[+] Name: Blog_Calendar - v1.5.5
| Location: https://www.hiphoplife.com.tr/administrator/components/com_blog_calendar
| Manifest: https://www.hiphoplife.com.tr/administrator/components/com_blog_calendar/blog_calendar.xml
| Description: <p>
With blog calendar comopnent you can create a listing by descending date using a blog layout.
</p>
| Author: Juan Padial
| Author URL: http://www.shikle.com
[!] Title: Joomla! Component Blog Calendar - SQL Injection
| Reference: https://www.exploit-db.com/exploits/40966
| Reference: https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
------------------------------------------------------------------
[+] Name: User - v1.5.0
| Location: https://www.hiphoplife.com.tr/components/com_user
| Manifest: https://www.hiphoplife.com.tr/components/com_user/user.xml
| Description: User Self-Management
| Author: Joomla! Project
| Author URL: www.joomla.org
[!] Title: Joomla 1.5.x - (Token) Remote Admin Change Password Vulnerability
| Reference: https://www.exploit-db.com/exploits/6234
[!] Title: Joomla! < 1.5.11 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
| Reference: https://www.exploit-db.com/exploits/33022
[i] Fixed in: 1.5.11
[!] Title: Joomla! 'com_user' Component - 'view' Parameter URI Redirection Vulnerability
| Reference: https://www.exploit-db.com/exploits/33122
------------------------------------------------------------------
[+] Scanning for vulnerable modules...
[!] Found 0 vulnerable modules.
------------------------------------------------------------------
[+] Scanning for vulnerable templates...
[!] Found 0 vulnerable templates.
------------------------------------------------------------------
[+] Finished
