8个Joomla安全扫描程序，查找漏洞和配置错误

本文概述

Hacker Target
SiteGuarding
Detectify
JAMSS
JUICE
Security Check
Joomscan
Pentest-Tools

Joomla是网站上第二受欢迎的CMS, 拥有超过4.5％的市场份额并正在增长。
安全与网站设计和内容一样重要, 但是我们经常忽略它, 直到负面影响为止。未正确配置/强化的Joomla服务器可能容易受到许多攻击, 包括远程执行代码, SQL注入, 跨站点脚本, 信息泄漏等。
安全性是一个过程周期, 应该始终针对Web应用程序执行该过程周期。在本文中, 我将讨论用于扫描Joomla网站的漏洞的工具, 以保护免受邪恶侵害。
Joomla安全扫描仪

Hacker Target
SiteGuarding
Detectify
JAMSS
JUICE
Security Check
Joomscan
Pentest-Tools

Hacker Target Hacker Target进行的Joomla安全扫描有两个选项。

文章图片
被动扫描–这是一个免费扫描, 它会执行以下操作。

Google安全浏览查询
目录索引查找
外部链接及其网络声誉
外部iFrame, JavaScript的列表
地理位置和虚拟主机查找

积极主动的扫描–这需要成员身份并进行积极检查, 以检测主题, 扩展, 模块, 组件和Joomla核心中的已知漏洞和漏洞。
SiteGuarding SiteGuarding是基于云的网站安全扫描程序, 还提供Joomla扩展来分析你的网站。
在扩展的免费版本中, 你将获得以下内容。

最多扫描500个文件
每日病毒数据库更新
报告中
每天一次扫描
启发式逻辑

文章图片
你可能还需要尝试其Antivirus Scanner扩展。
Detectify Detectify是一款适用于企业的SaaS扫描程序, 可用于全面的网站审核, 包括OWASP排名前10位的漏洞在内, 共有1000多个漏洞。它对CMS(如Joomla, WordPress, Drupal等)进行安全检查, 以确保涵盖特定于CMS的漏洞。

文章图片
它不是完全免费的, 但你可以利用他们的试用版来查看其工作原理。
JAMSS JAMSS(Joomla反恶意软件扫描脚本)是你必须安装在网站根目录上的脚本。
脚本安装只不过是将文件jamss.php上传到你的webroot。 JAMSS识别典型的指纹, 可能已被破坏的痕迹。该脚本不会损害任何内容, 也不会访问扫描报告；你只需访问yourwebsite.com/jamss.php
JUICE 通过SUCURI进行站点检查, 检查已知恶意软件, 黑名单, 垃圾邮件, 污损, 并在Web服务器上为你提供信息, 链接和包含的脚本。

文章图片
Security Check 安全检查扩展程序可以保护你的网站免受90多种攻击模式的侵扰, 并且具有内置的漏洞检查功能, 可以测试已安装的扩展程序是否存在任何安全风险。
Joomscan Joomscan是最受欢迎的开源工具之一, 可帮助你查找Joomla Core, Components和SQL Injection, Command执行的已知漏洞。你可以通过两种方法来运行它。

从OWASP网站下载并安装在你的PC上
使用带有600多种工具(包括Joomscan)的Kali Linux

一旦安装了Joomscan, 就可以在Joomla站点上运行它以扫描漏洞。

./joomscan –u http://joomlawebsite.com

例如, 我执行了测试站点。

[email protected]:~# joomscan -oh -u http://techpostal.com ..|''||'|| '||''|'|.|'''.|'||''|. .|'||'|. '|..'|||||..'|||| ||||||||||||''|||.||...|' '|.||||| |||.''''|..'|||| ''|...|'||.|..||. |'....|'.||. ================================================================= OWASP Joomla! Vulnerability Scanner v0.0.4 (c) Aung Khant, aungkhant]at[yehg.net YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab Update by: Web-Center, http://web-center.si (2011) ================================================================= Vulnerability Entries: 611 Last update: February 2, 2012 Use "update" option to update the database Use "check" option to check the scanner update Use "download" option to download the scanner latest version package Use svn co to update the scanner and the database svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan Target: http://techpostal.com Server: Apache X-Powered-By: PHP/5.4.45 ## Checking if the target has deployed an Anti-Scanner measure [!] Scanning Passed ..... OK ## Detecting Joomla! based Firewall ... [!] No known firewall detected! ## Fingerprinting in progress ... Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009. ~Unable to detect the version. Is it sure a Joomla? ## Fingerprinting done. Vulnerabilities Discovered ========================== # 1 Info -> Generic: htaccess.txt has not been renamed. Versions Affected: Any Check: /htaccess.txt Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed. Vulnerable? Yes # 2 Info -> Generic: Unprotected Administrator directory Versions Affected: Any Check: /administrator/ Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf Vulnerable? Yes # 3 Info -> Core: Multiple XSS/CSRF Vulnerability Versions Affected: 1.5.9 < = Check: /?1.5.9-x Exploit: A series of XSS and CSRF faults exist in the administrator application.Affected administrator components include com_admin, com_media, com_search.Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. Vulnerable? N/A # 4 Info -> Core: JSession SSL Session Disclosure Vulnerability Versions effected: Joomla! 1.5.8 < = Check: /?1.5.8-x Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.This can allow someone monitoring the network to find the cookie related to the session. Vulnerable? N/A # 5 Info -> Core: Frontend XSS Vulnerability Versions effected: 1.5.10 < = Check: /?1.5.10-x Exploit: Some values were output from the database without being properly escaped.Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin. Vulnerable? N/A # 6 Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability Versions effected: 1.5.11 < = Check: /?1.5.11-x-http_ref Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed. Vulnerable? N/A # 7 Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability Versions effected: 1.5.11 < = Check: /?1.5.11-x-php-s3lf Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser. Vulnerable? N/A # 8 Info -> Core: Authentication Bypass Vulnerability Versions effected: Joomla! 1.5.3 < = Check: /administrator/ Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled Vulnerable? N/A # 9 Info -> Core: Path Disclosure Vulnerability Versions effected: Joomla! 1.5.3 < = Check: /?1.5.3-path-disclose Exploit: Crafted URL can disclose absolute path Vulnerable? N/A # 10 Info -> Core: User redirected Spamming Vulnerability Versions effected: Joomla! 1.5.3 < = Check: /?1.5.3-spam Exploit: User redirect spam Vulnerable? N/A # 11 Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability Versions effected: 1.0.13 < = Check: /administrator/ Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage. Vulnerable? N/A # 12 Info -> CoreComponent: com_content SQL Injection Vulnerability Version Affected: Joomla! 1.0.0 < = Check: /components/com_content/ Exploit: /index.php?option=com_content& task=blogcategory& id=60& Itemid=99999+UNION+SELECT+1, concat(0x1e, username, 0x3a, password, 0x1e, 0x3a, usertype, 0x1e), 3, 4, 5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- Vulnerable? No # 13 Info -> CoreComponent: com_search Remote Code Execution Vulnerability Version Affected: Joomla! 1.5.0 beta 2 < = Check: /components/com_search/ Exploit: /index.php?option=com_search& Itemid=1& searchword=%22%3Becho%20md5(911)%3B Vulnerable? No # 14 Info -> CoreComponent: MailTo SQL Injection Vulnerability Versions effected: N/A Check: /components/com_mailto/ Exploit: /index.php?option=com_mailto& tmpl=mailto& article=550513+and+1=2+union+select+concat(username, char(58), password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--& Itemid=1 Vulnerable? No # 15 Info -> CoreComponent: com_content Blind SQL Injection Vulnerability Versions effected: Joomla! 1.5.0 RC3 Check: /components/com_content/ Exploit: /index.php?option=com_content& view=%' +'a'='a& id=25& Itemid=28 Vulnerable? No # 16 Info -> CoreComponent: com_content XSS Vulnerability Version Affected: Joomla! 1.5.7 < = Check: /components/com_content/ Exploit: The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc).This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration. Vulnerable? N/A # 17 Info -> CoreComponent: com_mailto Email Spam Vulnerability Version Affected: Joomla! 1.5.6 < = Check: /components/com_mailto/ Exploit: The mailto component does not verify validity of the URL prior to sending. Vulnerable? N/A # 18 Info -> CoreComponent: com_content view=archive SQL Injection Vulnerability Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1 Check: /components/com_content/ Exploit: Unfiltered POST vars - filter, month, yearto /index.php?option=com_content& view=archive Vulnerable? No # 19 Info -> CoreComponent: com_content XSS Vulnerability Version Affected: Joomla! 1.5.9 < = Check: /components/com_content/ Exploit: A XSS vulnerability exists in the category view of com_content. Vulnerable? N/A # 20 Info -> CoreComponent: com_users XSS Vulnerability Version Affected: Joomla! 1.5.10 < = Check: /components/com_users/ Exploit: A XSS vulnerability exists in the user view of com_users in the administrator panel. Vulnerable? N/A # 21 Info -> CoreComponent: com_installer CSRF Vulnerability Versions effected: Joomla! 1.5.0 Beta Check: /administrator/components/com_installer/ Exploit: N/A Vulnerable? N/A # 22 Info -> CoreComponent: com_search Memory Comsumption DoS Vulnerability Versions effected: Joomla! 1.5.0 Beta Check: /components/com_search/ Exploit: N/A Vulnerable? No # 23 Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability Versions effected: N/A Check: /components/com_banners/ Exploit: /index.php?option=com_banners& task=archivesection& id=0'+and+'1'='1::/index.php?option=com_banners& task=archivesection& id=0'+and+'1'='2 Vulnerable? No # 24 Info -> CoreComponent: com_mailto timeout Vulnerability Versions effected: 1.5.13 < = Check: /components/com_mailto/ Exploit: [Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails. Vulnerable? N/A

正如你在结果上方看到的那样, 它正在扫描20多个漏洞, 并告知你是否存在任何漏洞, 以便你修复和保护Joomla。
Pentest-Tools 【8个Joomla安全扫描程序，查找漏洞和配置错误】Pentest-Tools的Joomla漏洞扫描由JoomlaVS工具提供支持。

文章图片
你可以在你的站点上运行此测试, 以快速确定核心, 模板和模块是否易受攻击。测试完成后, 它将生成包含所有发现详细信息的精美报告。这就像执行渗透测试。
总结
希望以上工具能帮助你扫描Joomla的漏洞, 并确保你的网站安全。以下是一些有用的资源, 可帮助你及时了解安全性。

Joomla漏洞扩展列表– http://vel.joomla.org/
Joomla CVE详细信息– http://www.cvedetails.com/vulnerability-list/vendor_id-3496/product_id-16499/Joomla-Joomla-.html
Joomla开发人员网络(安全中心)– http://developer.joomla.org/security-centre.html
Joomla安全文档– https://docs.joomla.org/Security
扫描网站安全性的工具– https://geekflare.com/online-scan-website-security-vulnerabilities/
Joomla安全最佳做法-https://geekflare.com/joomla-security/