12-25-2012, 04:52 PM
Assalamualaikum…sebelum ngemeng ane mau ngucapin “selamat Natal" bagi yang merayakan ,
kali ini ane mau sharing hasil jalan jalan ma om ane yaitu tentang tools joomla scanner berbasis php ( jscan.php ) jscan.php adalah tools yang dapat menganalisa suatu kerentanan SQLi RFI, dan Xss pada joomla,
Mari kita mulai
Pertama-tama copy dulu sourcenya
Save dengan extensy .php === > jscan.php
jalan kan jscan.php melalui Terminal.
dengan perintah
penampakannya :
setlah scanning selesai..
klik link dari exploit DB yang di berikan scanner untuk menemukan Exploit nya..
sekian dlu dari saya.
maaf maaf kalo ada kata2 yang kurang jelas,, ([/php]
EDITED by iKONs
lain kali jangan halamannya yg di taruh di tag image, tapi link gambarnya langsung
kali ini ane mau sharing hasil jalan jalan ma om ane yaitu tentang tools joomla scanner berbasis php ( jscan.php ) jscan.php adalah tools yang dapat menganalisa suatu kerentanan SQLi RFI, dan Xss pada joomla,
Mari kita mulai
Pertama-tama copy dulu sourcenya
Code:
<?php
/*
jComDetect - Joomla Components Detection.
Copyright (C) 2011 Ahlspiess <[email protected]>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Sumbernya dari sini : http://blog.pisyek.com/2011/10/how-to-scan-joomla-vulnerability/ :s:-
*/
$jMe = new jComDetect;
class jComDetect {
var $argv;
function __construct() {
global $argv;
$this->argv = $argv;
if(!isset($this->argv[1])) {
$this->Help();
} else {
$this->argv = $argv;
$this->init();
}
}
function init() {
$content = $this->cURL($this->argv[1]);
if(!preg_match("/200 OK/", $content)) {
$this->msg("[-] Error! 404 Not Found");
exit;
} else {
print $this->jCheckComp($content);
}
}
function jCheckComp($content) {
$dupe = array();
$nstack = array();
preg_match_all("/Joomla\! (.*?) \-/", $content, $ver);
$this->msg("[+] Joomla version ".$ver[1][0]);
#$nstack[] = "joomla ".$ver[1][0];
preg_match_all("/\/component(s?)\/(.*?)\//", $content, $val_1);
preg_match_all("/option=(.*?)\&/", $content, $val_2);
$var1 = explode(',', str_replace("com_com_", "com_", join(',com_', $val_1[2])));
$var2 = $val_2[1];
$stack = array_merge($var1, $var2);
foreach($stack as $unstack) {
if(!isset($dupe[$unstack]) and !is_null($unstack) and !empty($unstack) and (preg_match("/com_/", $unstack))) {
$this->msg("[+] Founded {$unstack} Component");
$nstack[] = $unstack;
$dupe[$unstack] = true;
}
}
echo "[Debug]".__fVULN__."\n";
$this->fVuln($nstack);
}
function fVuln($c = array()) {
$content = "";
foreach($c as $com) {
$content .= $this->cURL("http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description={$com}&filter_exploit_text=&filter_author=&filter_platform=31&filter_type=6&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=");
}
preg_match_all("/\<a href=\"http\:\/\/www\.exploit\-db\.com\/exploits\/(.*?)\"\>(.*?)\n/", $content, $me);
for($i=0;$i<count($me[1]);$i++) {
$this->msg("[+] ".trim(str_replace("</a>", "", $me[2][$i]))."\n --> http://www.exploit-db.com/exploits/".trim($me[1][$i]));
}
}
function cURL($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, "jVulnComponent Crawler v1-Ahlspiess");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}
function Help() {
$this->msg("Usage: php ".$this->argv[0]." <host/path>");
$this->msg("Example: php ".$this->argv[0]." www.joomla.org/joomla/");
$this->msg("Example: php ".$this->argv[0]." http://www.joomla.org/joomla/");
exit;
}
function msg($x) {
printf("%s\n", $x);
}
}
?>
jalan kan jscan.php melalui Terminal.
dengan perintah
Quote: root@blackdragon:~#php jscan.php < target >
penampakannya :
setlah scanning selesai..
klik link dari exploit DB yang di berikan scanner untuk menemukan Exploit nya..
sekian dlu dari saya.
maaf maaf kalo ada kata2 yang kurang jelas,, ([/php]
EDITED by iKONs
lain kali jangan halamannya yg di taruh di tag image, tapi link gambarnya langsung
-------------------------------------------------------
FB : https://www.facebook.com/Black.dragonics
Tw : @Dluciver
http://www.sumbar.indonesianbacktrack.org/
-------------------------------------------------------
FB : https://www.facebook.com/Black.dragonics
Tw : @Dluciver
http://www.sumbar.indonesianbacktrack.org/
-------------------------------------------------------