本文概述
- Hacker Target
- SiteGuarding
- Detectify
- JAMSS
- JUICE
- Security Check
- Joomscan
- Pentest-Tools
安全与网站设计和内容一样重要, 但是我们经常忽略它, 直到负面影响为止。未正确配置/强化的Joomla服务器可能容易受到许多攻击, 包括远程执行代码, SQL注入, 跨站点脚本, 信息泄漏等。
安全性是一个过程周期, 应该始终针对Web应用程序执行该过程周期。在本文中, 我将讨论用于扫描Joomla网站的漏洞的工具, 以保护免受邪恶侵害。
Joomla安全扫描仪
- Hacker Target
- SiteGuarding
- Detectify
- JAMSS
- JUICE
- Security Check
- Joomscan
- Pentest-Tools
文章图片
被动扫描–这是一个免费扫描, 它会执行以下操作。
- Google安全浏览查询
- 目录索引查找
- 外部链接及其网络声誉
- 外部iFrame, JavaScript的列表
- 地理位置和虚拟主机查找
SiteGuarding SiteGuarding是基于云的网站安全扫描程序, 还提供Joomla扩展来分析你的网站。
在扩展的免费版本中, 你将获得以下内容。
- 最多扫描500个文件
- 每日病毒数据库更新
- 报告中
- 每天一次扫描
- 启发式逻辑
文章图片
你可能还需要尝试其Antivirus Scanner扩展。
Detectify Detectify是一款适用于企业的SaaS扫描程序, 可用于全面的网站审核, 包括OWASP排名前10位的漏洞在内, 共有1000多个漏洞。它对CMS(如Joomla, WordPress, Drupal等)进行安全检查, 以确保涵盖特定于CMS的漏洞。
文章图片
它不是完全免费的, 但你可以利用他们的试用版来查看其工作原理。
JAMSS JAMSS(Joomla反恶意软件扫描脚本)是你必须安装在网站根目录上的脚本。
脚本安装只不过是将文件jamss.php上传到你的webroot。 JAMSS识别典型的指纹, 可能已被破坏的痕迹。该脚本不会损害任何内容, 也不会访问扫描报告;你只需访问yourwebsite.com/jamss.php
JUICE 通过SUCURI进行站点检查, 检查已知恶意软件, 黑名单, 垃圾邮件, 污损, 并在Web服务器上为你提供信息, 链接和包含的脚本。
文章图片
Security Check 安全检查扩展程序可以保护你的网站免受90多种攻击模式的侵扰, 并且具有内置的漏洞检查功能, 可以测试已安装的扩展程序是否存在任何安全风险。
Joomscan Joomscan是最受欢迎的开源工具之一, 可帮助你查找Joomla Core, Components和SQL Injection, Command执行的已知漏洞。你可以通过两种方法来运行它。
- 从OWASP网站下载并安装在你的PC上
- 使用带有600多种工具(包括Joomscan)的Kali Linux
./joomscan –u http://joomlawebsite.com
例如, 我执行了测试站点。
[email
protected]:~# joomscan -oh -u http://techpostal.com
..|''||'|| '||''|'|.|'''.|'||''|.
.|'||'|. '|..'|||||..'||||
||||||||||||''|||.||...|'
'|.||||| |||.''''|..'||||
''|...|'||.|..||. |'....|'.||.
=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================
Vulnerability Entries: 611
Last update: February 2, 2012
Use "update" option to update the database
Use "check" option to check the scanner update
Use "download" option to download the scanner latest version package
Use svn co to update the scanner and the database
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
Target: http://techpostal.com
Server: Apache
X-Powered-By: PHP/5.4.45
## Checking if the target has deployed an Anti-Scanner measure
[!] Scanning Passed ..... OK
## Detecting Joomla! based Firewall ...
[!] No known firewall detected!
## Fingerprinting in progress ...
Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
~Unable to detect the version. Is it sure a Joomla?
## Fingerprinting done.
Vulnerabilities Discovered
==========================
# 1
Info ->
Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes
# 2
Info ->
Generic: Unprotected Administrator directory
Versions Affected: Any
Check: /administrator/
Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf
Vulnerable? Yes
# 3
Info ->
Core: Multiple XSS/CSRF Vulnerability
Versions Affected: 1.5.9 <
=
Check: /?1.5.9-x
Exploit: A series of XSS and CSRF faults exist in the administrator application.Affected administrator components include com_admin, com_media, com_search.Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
Vulnerable? N/A
# 4
Info ->
Core: JSession SSL Session Disclosure Vulnerability
Versions effected: Joomla! 1.5.8 <
=
Check: /?1.5.8-x
Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.This can allow someone monitoring the network to find the cookie related to the session.
Vulnerable? N/A
# 5
Info ->
Core: Frontend XSS Vulnerability
Versions effected: 1.5.10 <
=
Check: /?1.5.10-x
Exploit: Some values were output from the database without being properly escaped.Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
Vulnerable? N/A
# 6
Info ->
Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
Versions effected: 1.5.11 <
=
Check: /?1.5.11-x-http_ref
Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
Vulnerable? N/A
# 7
Info ->
Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
Versions effected: 1.5.11 <
=
Check: /?1.5.11-x-php-s3lf
Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
Vulnerable? N/A
# 8
Info ->
Core: Authentication Bypass Vulnerability
Versions effected: Joomla! 1.5.3 <
=
Check: /administrator/
Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled
Vulnerable? N/A
# 9
Info ->
Core: Path Disclosure Vulnerability
Versions effected: Joomla! 1.5.3 <
=
Check: /?1.5.3-path-disclose
Exploit: Crafted URL can disclose absolute path
Vulnerable? N/A
# 10
Info ->
Core: User redirected Spamming Vulnerability
Versions effected: Joomla! 1.5.3 <
=
Check: /?1.5.3-spam
Exploit: User redirect spam
Vulnerable? N/A
# 11
Info ->
Core: Admin Backend Cross Site Request Forgery Vulnerability
Versions effected: 1.0.13 <
=
Check: /administrator/
Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.
Vulnerable? N/A
# 12
Info ->
CoreComponent: com_content SQL Injection Vulnerability
Version Affected: Joomla! 1.0.0 <
=
Check: /components/com_content/
Exploit: /index.php?option=com_content&
task=blogcategory&
id=60&
Itemid=99999+UNION+SELECT+1, concat(0x1e, username, 0x3a, password, 0x1e, 0x3a, usertype, 0x1e), 3, 4, 5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Vulnerable? No
# 13
Info ->
CoreComponent: com_search Remote Code Execution Vulnerability
Version Affected: Joomla! 1.5.0 beta 2 <
=
Check: /components/com_search/
Exploit: /index.php?option=com_search&
Itemid=1&
searchword=%22%3Becho%20md5(911)%3B
Vulnerable? No
# 14
Info ->
CoreComponent: MailTo SQL Injection Vulnerability
Versions effected: N/A
Check: /components/com_mailto/
Exploit: /index.php?option=com_mailto&
tmpl=mailto&
article=550513+and+1=2+union+select+concat(username, char(58), password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--&
Itemid=1
Vulnerable? No
# 15
Info ->
CoreComponent: com_content Blind SQL Injection Vulnerability
Versions effected: Joomla! 1.5.0 RC3
Check: /components/com_content/
Exploit: /index.php?option=com_content&
view=%' +'a'='a&
id=25&
Itemid=28
Vulnerable? No
# 16
Info ->
CoreComponent: com_content XSS Vulnerability
Version Affected: Joomla! 1.5.7 <
=
Check: /components/com_content/
Exploit: The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc).This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration.
Vulnerable? N/A
# 17
Info ->
CoreComponent: com_mailto Email Spam Vulnerability
Version Affected: Joomla! 1.5.6 <
=
Check: /components/com_mailto/
Exploit: The mailto component does not verify validity of the URL prior to sending.
Vulnerable? N/A
# 18
Info ->
CoreComponent: com_content view=archive SQL Injection Vulnerability
Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1
Check: /components/com_content/
Exploit: Unfiltered POST vars - filter, month, yearto /index.php?option=com_content&
view=archive
Vulnerable? No
# 19
Info ->
CoreComponent: com_content XSS Vulnerability
Version Affected: Joomla! 1.5.9 <
=
Check: /components/com_content/
Exploit: A XSS vulnerability exists in the category view of com_content.
Vulnerable? N/A
# 20
Info ->
CoreComponent: com_users XSS Vulnerability
Version Affected: Joomla! 1.5.10 <
=
Check: /components/com_users/
Exploit: A XSS vulnerability exists in the user view of com_users in the administrator panel.
Vulnerable? N/A
# 21
Info ->
CoreComponent: com_installer CSRF Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /administrator/components/com_installer/
Exploit: N/A
Vulnerable? N/A
# 22
Info ->
CoreComponent: com_search Memory Comsumption DoS Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /components/com_search/
Exploit: N/A
Vulnerable? No
# 23
Info ->
CoreComponent: com_banners Blind SQL Injection Vulnerability
Versions effected: N/A
Check: /components/com_banners/
Exploit: /index.php?option=com_banners&
task=archivesection&
id=0'+and+'1'='1::/index.php?option=com_banners&
task=archivesection&
id=0'+and+'1'='2
Vulnerable? No
# 24
Info ->
CoreComponent: com_mailto timeout Vulnerability
Versions effected: 1.5.13 <
=
Check: /components/com_mailto/
Exploit: [Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails.
Vulnerable? N/A
正如你在结果上方看到的那样, 它正在扫描20多个漏洞, 并告知你是否存在任何漏洞, 以便你修复和保护Joomla。
Pentest-Tools 【8个Joomla安全扫描程序,查找漏洞和配置错误】Pentest-Tools的Joomla漏洞扫描由JoomlaVS工具提供支持。
文章图片
你可以在你的站点上运行此测试, 以快速确定核心, 模板和模块是否易受攻击。测试完成后, 它将生成包含所有发现详细信息的精美报告。这就像执行渗透测试。
总结
希望以上工具能帮助你扫描Joomla的漏洞, 并确保你的网站安全。以下是一些有用的资源, 可帮助你及时了解安全性。
- Joomla漏洞扩展列表– http://vel.joomla.org/
- Joomla CVE详细信息– http://www.cvedetails.com/vulnerability-list/vendor_id-3496/product_id-16499/Joomla-Joomla-.html
- Joomla开发人员网络(安全中心)– http://developer.joomla.org/security-centre.html
- Joomla安全文档– https://docs.joomla.org/Security
- 扫描网站安全性的工具– https://geekflare.com/online-scan-website-security-vulnerabilities/
- Joomla安全最佳做法-https://geekflare.com/joomla-security/
推荐阅读
- 保护Magento免受在线威胁的14个基本技巧
- 保护和强化Joomla网站的10个最佳实践
- 如何实现安全性HTTP标头以防止漏洞()
- 如何在Nginx上安装和配置ModSecurity
- 如何在Nginx中实现HTTPOnly和安全Cookie()
- 在Apache中使用HttpOnly和Secure标志保护cookie
- JDK和Applets
- 使用Apache poi和android的HSSFCellStyle错误
- 在Android中使用Apache POI时的兼容性问题