Embed Size (px)
DESCRIPTION
Manage all your content from the best CMS admin interface and in virtually any language you speak.
Citation preview
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP Joomla! (CMS)Vulnerability Scanner
Aung KhantYGN Ethical Hacker Group,Myanmarhttp://yehg.net/
06/29/2010
OWASP
Who Am I?
Web Application Security Enthusiast
Penetration Tester in general
A Lead Player @ YGN Ethical Hacker Group, A Burmese Hacker Community
Security Consultant @ Grant Thornton LLP
OWASP
Agenda
Intro About Joomla! Why Joomla! Is secure How security is handled by Joomla! Why Joomla! Web sites need security Joomla! CMS Vulnerability Scanner Demonstration
OWASP
About Joomla! CMS
Former code base as Mambo CMS
One of the most widely used CMS
Admin/Developer/Webmaster friendliness
Easy to deploy, restore, backward compatibility
Download, extract, upload, configure, Then up and running within a few minutes
Hundreds of extensions for every possible type of web sites – E-Commerce, Forum, Shopping, …etc
OWASP
About Joomla! CMS (cont)
Extensions comprise of: - Components
- Modules- Plugins- Templates
Increasing large user community
Every modern web hosting provider has one-click Joomla! CMS installer
OWASP
Who use Joomla! CMS ?
Google Dork | inurl:index.php?option=com_
About 2,270,000,000 results
All walks of web sites- Government - Corporations/Business- Entertainment- Educational Bodies- Religion - Communication …etc
OWASP
Joomla’s Best Quote:
Joomla! makes it easy to launch a Web site of any kind.
Experience the Freedom ! It has never been easier to create your own dynamic Web site.
Manage all your content from the best CMS admin interface and in virtually any language you speak .
OWASP
Why Joomla! Is secure…
Mature and has nearly 5 years of age since its 1.0 stable release (2005-09-16)
Proactive in patching vulnerability disclosures
Security issues handled by a dedicated team, JSST
OWASP
How Joomla! Developers React (In)Security
JSST (Joomla! Security Strike Team)
Audit codes before release
Fix flaw codes found and reported within a few timeline frame
Cover holes in the Core Application Framework
OWASP
Why there is a need for security …
Popularity has attracted attackers
Although Joomla! Developers are active in patching security holes, extensions developers may not be
Third-party components vulnerabilities disclosed nearly every two or three month
Dozens of free or commercial extensions stopped updates or abandoned
Hundreds of extensions mean hundreds of possible doors to exploit
OWASP
Why there is a need for security …
Webmasters can update latest bug-free Joomla! but not fixes for vulnerable third-party components, main functionalities of their sites
Vulnerable components get not fixed for a long time. Attackers find them via Google Dork and hack eventually
Webmasters have no idea of how their sites are hacked even if they update to Latest Joomla!
OWASP
Joomla! Mass Worm in the wild
Joomla! 1.5.5 was vulnerable to Admin Token Password Change vulnerability
Attackers’ wrote Mass Worm which exploits it to replace the index page with malicious iframes
Victim sites got into Google’s blacklists every quickly
OWASP
A Need for Pentesters
When pentesting Joomla! Sites, we cannot know what vulnerable hidden extensions are installed
There is a possible chance to miss critical vulnerabilities
No single exploit hosting sites have perfect Joomla! and its extensions vulnerabilities
OWASP
A Need for Pentesters
Existing Joomla! vulnerability scanners in the wild are lack of updates and all possible types of holes
Adding signature database to Nikto/W3AF will not be appropriate as there are some subtle things involved
Better to have a dedicated scanner
OWASP
OWASP Joomla! Vulnerability Scanner Born!
Started in November, 2008 as a personal project
Released in December 2008 at SourceForge.net
Donated to OWASP in May 2009
Became Release Quality Tool in July 2009
OWASP
OWASP Joomla! Vulnerability Scanner
Description:
A signature-based scanner thatcan detect file inclusion, sql injection,
commandexecution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site
usingknown vulnerability database
OWASP
OWASP Joomla! Vulnerability Scanner
Author: Aung Khant
Reviewers1st – Brad Causey 2nd - Matt Tesauro 3rd - Tom Brennan (OWASP Board)4th Paulo Coimbra (Project Manager)
OWASP
OWASP Joomla! Vulnerability Scanner
Main Features: Joomla! based web firewalls probing
Extensive version probingIn most cases, the scanner can tell the exact version the Joomla!
Search for vulnerabilities in Joomla! Core Application Framework in hundreds of popular components
Immediate update via SVN / Scanner
OWASP
OWASP Joomla! Vulnerability Scanner
Main Features (cont):Report output of textual and HTML format
Current Limitations:Lack of IDS bypass mechanismNot have 100% complete vulnerability
databaseMay generate false positives under the
disguise of security savvy web administrators
OWASP
OWASP Joomla! Vulnerability Scanner
Project URLhttp://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
Mailing Listhttps://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner
Download URLshttp://yehg.net/lab/pr0js/files.php/joomscan-latest.ziphttp://sf.net/projects/joomscan
OWASP
OWASP Joomla! Vulnerability Scanner
DEMO
OWASP
OWASP Joomla! Vulnerability Scanner
Thank you!
