OWASP Joomla Vulnerability Scanner FAQ
Revision as of 12:50, 15 July 2009 by D0ubl3 h3lix
Q. What's the purpose of the scanner?
To detect and report vulnerabilities in a pentesting approach.
Q. Does it support HTTPS?
Yes, if you have Perl LWP with HTTPS support. If you don't have, you'll get error like 501 Protocol scheme 'https' is not supported
Q. Are there any reasons or forces that made you start the project?
Yeah, I started 'coz I feel it's a need. I used to use joomla scanner from darkc0de.com but it got outdated quickly. The author left update tasks to us. In addition, it focus mostly on SQL injection, LFI/RFI, ...,a type of 0wnage hacking. There is a need to find every published vulnerabilities about the target CMS - not only serious ones but also low/medium. We need to automate it - the finding process. We need the tool that does like this. Today's web vulnerability scanners I have used use KB + fuzzing. Their KB is not complete. We can't feel easy even if we see no vulnerability reports from the scanner. Generic fuzzing tools can find vulnerabilities, yet it doesn't know the hidden parts of a specific application. Thus, it will miss critical vulnerabilties. There are dozens of POC joomla component exploits but I find it takes pain to run each to confirm vulnerability. The hacking methodology is always the same in every surface :: Recon - Enum - Exploit - Own :: You defeat the enemy when you know best/most about him. Unless you can collect better enough information about the target, then you're blindly kicking his door. Your success is at stake. When you get everything of your target at your finger tips, you can easily work out which way is the best to attack it and which is more likely to be sucessful. One reason why I started the project is Joomla! is popular in top CMS applications. Creating Joomla! component is easy. Easiness leads to the plethora of components: both commercial and free ones. Security holes are out (nearly) each month than any other CMS. With that ever happening, Joomla! sites shown up in top google search results are getting hacked daily. There is a responsibility for the Whitehats to stop this mess!
Q. Which areas can be exploitable in Joomla!?
First is Core, which is the Joomla! main application framework. Second is Extensions (of both Joomla! core team and third-party developers), They comprise of the following:
* Components * Modules * Templates * Plugins
No doubt, there are hundreds of extensions currently available on the web waiting for exploitation. Some are free;some commercial.