Security List Network™
Follow Us on FacebookFollow Us on Google+Follow Us on TwitterFollow Us on Pinterest
Menu
  • Home
  • About Us
  • Security Archives
  • Partners
Menu
  • Automation
  • Browser
  • Brute Force
  • Code Scripting
  • Cryptography
  • Encryption
  • Exploits
  • Framework
  • Linux Security Distros
  • Mobile Applications Tools
    • Android Tools
    • iPhone Tools
  • Networking
    • Bluetooth
    • Monitoring/System Administrator
    • Network Mapping/Scanner
    • Packet Sniffer/Sniffing
    • Internet Security
    • Spoofing/Spoofer
    • Wireless/wifi
  • Penetration Test
    • BenchMark
    • Cross Site Scripting(XSS)
    • Fuzzer/Fuzzing
    • Sql Injection
    • Stress Testing
  • Security Tools
    • Anti Malware/Virus – Malware Analysis
    • Firewall
    • Intrussion Detection and Prevention System(IDS/IPS)
    • Registry Analysis

SITEMAP

Archives

Browse: Home   /   Joomla   /   Page 6
ATSCAN-v3.1 - perl script for vulnerable Server, Site and dork scanner.

ATSCAN-v3.1 – perl script for vulnerable Server, Site and dork scanner.

December 19, 2015
anon80
Code Scripting, Cross Site Scripting(XSS), Fuzzer/Fuzzing, Penetration Test, Scanner

ATSCAN is a perl script with function Dork scanner. XSS scanner. LFI scanner. Filter wordpress and Joomla sites in the server. Find Admin page. Decode…

Read Article →
Automate blind RCE for Joomla vulnerability.

Automate blind RCE for Joomla vulnerability.

December 17, 2015
EL-Capitan
Code Scripting, Exploits, Scanner

Joomla 1.5 – 3.4.5 Object Injection RCE – CVE-2015-856, is a PoC for CVE-2015-8562 to spawn a reverse shell or automate RCE.Requirements: – python 2.7.x…

Read Article →
ATSCAN-v2 is a perl script for vulnerable Server, Site and dork scanner.

ATSCAN-v2 is a perl script for vulnerable Server, Site and dork scanner.

December 12, 2015
lee
Code Scripting, Cross Site Scripting(XSS), Penetration Test, Scanner, Sql Injection

Changelog v-2: + Add option to scan from list: xss lfi rfi admin page (Mass Scan) + Add lists verification + Add input verification. +…

Read Article →
ATSCAN-v1 is a perl script for vulnerable Server, Site and dork scanner.

ATSCAN-v1 is a perl script for vulnerable Server, Site and dork scanner.

December 10, 2015
Infosec
Code Scripting, Cross Site Scripting(XSS), Penetration Test

ATSCAN-V1 is a perl script with function Dork scanner. XSS scanner. LFI scanner. Filter wordpress and Joomla sites in the server. Find Admin page. Decode…

Read Article →
JoomlaVS - A black box, Ruby powered, Joomla vulnerability scanner.

JoomlaVS – A black box, Ruby powered, Joomla vulnerability scanner.

November 24, 2015
Terry
Penetration Test, Scanner

Latest Change 24/11/2015: + Add Real Estate Manager and core system vulns + Fix crash caused by invalid version strings JoomlaVS is a Ruby application…

Read Article →
Joomla mass sqli exploiter.

Joomla mass sqli exploiter.

October 28, 2015
ahm3ds
Exploits, Penetration Test, Sql Injection

[Mass Exploit] Joomla 3.2 – 3.44 SQL Injection. SCanner and exploiter for CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858. Requirements : + Python version 3.4.x + A third…

Read Article →
JoomlaScan V-1.2 released : Scans known vulnerable RFI path/files in Joomla and reports http response.

JoomlaScan V-1.2 released : Scans known vulnerable RFI path/files in Joomla and reports http response.

November 21, 2014
0x0mar
Code Scripting, Penetration Test, Scanner

Scans known vulnerable RFI path/files in Joomla and reports http response.

Python
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
#!usr/bin/python
#Scans known vulnerable RFI path/files in Joomla and reports http response.
#Changelog ver1.1: added proxy support, shells, 404 option
#Changelog ver1.2: fixed joomla path problem
#http://www.darkc0de.com
 
import sys, re, httplib, time, socket
 
def main(path):
try:
if proxy != 0:
h.putrequest("GET", "http://"+host+"/"+path)
else:
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
status, reason, headers = h.getreply()
return status, reason
except(), msg:
print "Error Occurred:",msg
pass
 
def timer():
now = time.localtime(time.time())
return time.asctime(now)
 
print "\n\t   RIBO -ALIENS JoomlaScan v1.2"
print "\t--------------------------------------------"
 
if len(sys.argv) < 2 or len(sys.argv) > 5:
print "\nUsage: ./joomlascan.py <site> <options>"
print "\t[options]"
print "\t   -p/-proxy <host:port> : Add proxy support"
print "\t   -404 : Won't show 404 responses"
print "Ex: ./joomlascan.py www.test.com -404 -proxy 127.0.0.1:8080\n"
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-p" or arg.lower() == "-proxy":
proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-404":
show = 404
try:
if proxy:
print "\n[+] Testing Proxy..."
h2 = httplib.HTTPConnection(proxy)
h2.connect()
print "[+] Proxy:",proxy
except(socket.timeout):
print "\n[-] Proxy Timed Out"
proxy = 0
pass
except(NameError):
print "\n[-] Proxy Not Given"
proxy = 0
pass
except:
print "\n[-] Proxy Failed"
proxy = 0
pass
 
paths = {"components/com_flyspray/startdown.php" : "startdown.php?file=shell",
"administrator/components/com_admin/admin.admin.html.php" : "admin.admin.html.php?mosConfig_absolute_path=shell",
"components/com_simpleboard/file_upload.php" : "file_upload.php?sbp=shell",
"components/com_hashcash/server.php" : "server.php?mosConfig_absolute_path=shell",
"components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php" : "config.inc.php?mosConfig_absolute_path=shell",
"components/com_sitemap/sitemap.xml.php" : "sitemap.xml.php?mosConfig_absolute_path=shell ",
"components/com_performs/performs.php" : "performs.php?mosConfig_absolute_path=shell",
"components/com_forum/download.php" : "download.php?phpbb_root_path=shell",
"components/com_pccookbook/pccookbook.php" : "pccookbook.php?mosConfig_absolute_path=shell",
"components/com_extcalendar/extcalendar.php" : "extcalendar.php?mosConfig_absolute_path=shell",
"components/minibb/index.php" : "index.php?absolute_path=shell",
"components/com_smf/smf.php" : "smf.php?mosConfig_absolute_path=",
"modules/mod_calendar.php" : "mod_calendar.php?absolute_path=shell ",
"components/com_pollxt/conf.pollxt.php" : "conf.pollxt.php?mosConfig_absolute_path=shell ",
"components/com_loudmounth/includes/abbc/abbc.class.php" : "abbc.class.php?mosConfig_absolute_path=shell",
"components/com_videodb/core/videodb.class.xml.php" : "videodb.class.xml.php?mosConfig_absolute_path=shell",
"components/com_pcchess/include.pcchess.php" : "include.pcchess.php?mosConfig_absolute_path=shell",
"administrator/components/com_multibanners/extadminmenus.class.php" : "extadminmenus.class.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php" : "admin.a6mambohelpdesk.php?
 
mosConfig_live_site=shell",
"administrator/components/com_colophon/admin.colophon.php" : "admin.colophon.php?mosConfig_absolute_path=shell",
"administrator/components/com_mgm/help.mgm.php" : "help.mgm.php?mosConfig_absolute_path=shell",
"components/com_mambatstaff/mambatstaff.php" : "mambatstaff.php?mosConfig_absolute_path=shell",
"components/com_securityimages/configinsert.php" : "configinsert.php?mosConfig_absolute_path=shell",
"components/com_securityimages/lang.php" : "lang.php?mosConfig_absolute_path=shell",
"components/com_artlinks/artlinks.dispnew.php" : "artlinks.dispnew.php?mosConfig_absolute_path=shell",
"components/com_galleria/galleria.html.php" : "galleria.html.php?mosConfig_absolute_path=shell",
"akocomments.php" : "akocomments.php?mosConfig_absolute_path=shell",
"administrator/components/com_cropimage/admin.cropcanvas.php" : "admin.cropcanvas.php?cropimagedir=shell",
"administrator/components/com_kochsuite/config.kochsuite.php" : "config.kochsuite.php?mosConfig_absolute_path=shell",
"administrator/components/com_comprofiler/plugin.class.php" : "plugin.class.php?mosConfig_absolute_path=shell",
"components/com_zoom/classes/fs_unix.php" : "fs_unix.php?mosConfig_absolute_path=shell",
"components/com_zoom/includes/database.php" : "database.php?mosConfig_absolute_path=shell",
"administrator/components/com_serverstat/install.serverstat.php" : "install.serverstat.php?
 
mosConfig_absolute_path=shell",
"components/com_fm/fm.install.php" : "fm.install.php?lm_absolute_path=shell",
"administrator/components/com_mambelfish/mambelfish.class.php" : "mambelfish.class.php?
 
mosConfig_absolute_path=shell",
"components/com_lmo/lmo.php" : "lmo.php?mosConfig_absolute_path=shell",
"administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php" : "toolbar.linkdirectory.html.php?
 
mosConfig_absolute_ path=shell",
"components/com_mtree/Savant2/Savant2_Plugin_textarea.php" : "Savant2_Plugin_textarea.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_jim/install.jim.php" : "install.jim.php?mosConfig_absolute_path=shell",
"administrator/components/com_webring/admin.webring.docs.php" : "admin.webring.docs.php?component_dir=shell",
"administrator/components/com_remository/admin.remository.php" : "admin.remository.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_babackup/classes/Tar.php" : "Tar.php?mosConfig_absolute_path=shell",
"administrator/components/com_lurm_constructor/admin.lurm_constructor.php" : "admin.lurm_constructor.php?
 
lm_absolute_path=shell",
"components/com_mambowiki/MamboLogin.php" : "MamboLogin.php?IP=shell",
"administrator/components/com_a6mambocredits/admin.a6mambocredits.php" : "admin.a6mambocredits.php?
 
mosConfig_live_site=shell",
"administrator/components/com_phpshop/toolbar.phpshop.html.php" : "toolbar.phpshop.html.php?
 
mosConfig_absolute_path=shell",
"components/com_cpg/cpg.php" : "cpg.php?mosConfig_absolute_path=shell",
"components/com_moodle/moodle.php" : "moodle.php?mosConfig_absolute_path=shell ",
"components/com_extended_registration/registration_detailed.inc.php" : "registration_detailed.inc.php?
 
mosConfig_absolute_path=shell",
"components/com_mospray/scripts/admin.php" : "admin.php?basedir=shell",
"administrator/components/com_bayesiannaivefilter/lang.php" : "lang.php?mosConfig_absolute_path=shell",
"administrator/components/com_uhp/uhp_config.php" : "uhp_config.php?mosConfig_absolute_path=shell",
"administrator/components/com_peoplebook/param.peoplebook.php" : "param.peoplebook.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_mmp/help.mmp.php" : "help.mmp.php?mosConfig_absolute_path=shell",
"components/com_reporter/processor/reporter.sql.php" : "reporter.sql.php?mosConfig_absolute_path=shell",
"components/com_madeira/img.php" : "img.php?url=shell",
"components/com_jd-wiki/lib/tpl/default/main.php" : "main.php?mosConfig_absolute_path=shell",
"components/com_bsq_sitestats/external/rssfeed.php" : "rssfeed.php?baseDir=shell",
"com_bsq_sitestats/external/rssfeed.php" : "rssfeed.php?baseDir=shell",
"components/com_slideshow/admin.slideshow1.php" : "admin.slideshow1.php?mosConfig_live_site=shell",
"administrator/components/com_panoramic/admin.panoramic.php" : "admin.panoramic.php?mosConfig_live_site=shell",
"administrator/components/com_mosmedia/includes/credits.html.php" : "credits.html.php?mosConfig_absolute_path=shell",
"administrator/components/com_mosmedia/includes/info.html.php" : "info.html.php?mosConfig_absolute_path=shell",
"administrator/components/com_mosmedia/includes/media.divs.php" : "media.divs.php?mosConfig_absolute_path=shell",
"administrator/components/com_mosmedia/includes/media.divs.js.php" : "media.divs.js.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_mosmedia/includes/purchase.html.php" : "purchase.html.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_mosmedia/includes/support.html.php" : "support.html.php?mosConfig_absolute_path=shell",
"administrator/components/com_wmtportfolio/admin.wmtportfolio.php" : "admin.wmtportfolio.php?
 
mosConfig_absolute_path=shell",
"components/com_mp3_allopass/allopass.php" : "components/com_mp3_allopass/allopass.php?mosConfig_live_site=shell",
"components/com_mp3_allopass/allopass-error.php" : "components/com_mp3_allopass/allopass-error.php?
 
mosConfig_live_site=shell",
"administrator/components/com_jcs/jcs.function.php" : "administrator/components/com_jcs/jcs.function.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_jcs/view/add.php" : "administrator/components/com_jcs/view/add.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_jcs/view/history.php" : "administrator/components/com_jcs/view/history.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_jcs/view/register.php" : "administrator/components/com_jcs/view/register.php?
 
mosConfig_absolute_path=shell",
"administrator/components/com_jcs/views/list.sub.html.php" :
 
"administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=shell",
"administrator/components/com_jcs/views/list.user.sub.html.php" :
 
"administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=shell",
"administrator/components/com_jcs/views/reports.html.php" :
 
"administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=shell",
"com_joomla_flash_uploader/install.joomla_flash_uploader.php" :
 
"com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=shell",
"com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php" :
 
"com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=shell"}
 
host = sys.argv[1]
print "[+] Target:",host
try:
if show == 404:
print "[+] 404 Block On\n"
except(NameError):
print "[-] 404 Block Off\n"
show = 0
pass
print "[+] Loaded:",len(paths),"paths"
host = host.replace("http://","")
if host.count("/") >= 2:
j_path = host.split("/",1)[1].replace("index.php","")
host = host.split("/",1)[0]
else:
if host[-1:] == "/":
host = host[:-1]
j_path = ""
if j_path[-1:] != "/":
j_path = j_path+"/"
print "[+] Started:",timer()
print "[+] Scanning..."
time.sleep(3)
 
if proxy != 0:
h = httplib.HTTP(proxy)
else:
h = httplib.HTTP(host)
for path, shell in paths.items():
print "\n[+] Trying:",j_path+path
try:
response, reason = main(j_path+path)
if show != 404:
print "[+] Got:",response, reason
print "[+] Shell:",shell
else:
if response != 404:
print "[+] Got:",response, reason
print "[+] Shell:",shell
except(AttributeError, TypeError, socket.error):
pass
except(KeyboardInterrupt):
pass
print "\n[-] Done:",timer(),"\n"

 

Read Article →

Madscan beta released : Exploit scanner for Joomla and WordPress.

December 20, 2013
skygear
Cross Site Scripting(XSS), Exploits, Fuzzer/Fuzzing, Penetration Test, Scanner, Sql Injection

How to use : – Just give it a target after that select what type of site is that (joomla or wprdpress) then click on…

Read Article →
← Previous 1 … 5 6 7 Next →

Copyright © 2018

Powered by Worldwide CyberSecurity Team.

  • Digital Forensics
  • Networking
  • Penetration Test
  • Security Tools