vBulletin Vulnerability Scanner

[AlexH]

Pentru cei care ruleaza un forum pe platforma vBulletin sau vaneaza bug-uri pe aceasta platforma, am gasit un program care este foarte usor si te ajuta sa gasesti vulnerabilitati.
L-am testat acum cateva minute .

Nu folositi acest program pentru activitati ilegale.

Cum se foloseste vBulletin Vulnerability Scanner?

1. login cu putty pe root.
2. executati comenzile de mai jos pentru a descarca si instala programul.

wget https://github.com/rezasp/vbscan/archive/master.zip
chmod 777 master.zip
unzip master.zip
cd vbscan-master

3. pentru a scana utilizati comanda de mai jos:

./vbscan.pl http://www.site.com  - acesta trebuie sa fie pe vBulletin.

4. Daca doriti ca rezultatul scanarii sa fie salvat intr-un fisier text executati comanda de mai jos.

./vbscan.pl http://www.site.com numesite.txt

Daca sunteti vanatori de bug cautati pe google power by vBulletin si o sa va arate toate site care ruleaza pe platforma vBulletin.
Dupa ce ati gasit o vulnerabilitate puteti contacta adminul la site si discuta o posibila recompensa.

Pentru a rula acest program aveti nevoie de un vps si va recomand sa alegeti unul de aici. Daca folositi vps-ul o luna intreaga costul este de 2.5euro, dar ll puteti folosi cu ora unde costul este de 0.014 centi pe ora.

Pentru acest topic am executat doua scanari.
1. Sacanare la un site gasit pe google

[+] Checking upgrade.php to find admincp
[++] upgrade.php Not Found :(

[+] Checking validator.php
[++] validator.php is not found

[+] Checking faq.php RCE Backdoor
[++] Remote Code Execute BackDoor is Notfound :(

[+] Checking config.php.x for diclure config file
[++] Readable config file is found
 config file path : http://www.skyscrapercity.com//includes/config.php.new
[++] Readable config file is found
 config file path : http://www.skyscrapercity.com//includes/config.php.bak

[+] Checking vBSEO 3.x - Local File Inclusion Vulnerability
[++] vbseo LFI is Not Vulnerable :(

[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php is Not Vulnerable :(

[+] Checking upgrade.php Vulnerablity
[++] upgrade.php is Not Vulnerable :(

[+] Checking arcade.php SQLI Vulnerability
[++] arcade.php is Not Found :(

[+] Checking vBulletin YUI 2.9.0 Cross Site Scripting
[++] uploader.swf is Not Found :(

[+] Checking for html tags status
[++] html tag is Disable :(

[+] Checking c99 xml shell in admincp/subscriptions.php
[++] c99 xml shell is Not Found:(

[+] Finding common backup files name
[++] Backup files are Notfound :(

[+] Finding common log files name
[++] error_log path : http://www.skyscrapercity.com//error_log

Dupa cum vedeti fisierul config.php se poate descarca si dupa asta se pot face multe lucruri. Nu voi intra in detalii.

2. Am folosit un site cunoscut in romania.

[+] Processing http://forum.seopedia.ro/ ...

[+] Detecting vBulletin Version
[++] vBulletin Version :  ver 404 ;)

[+] Checking admincp/modcp path
[++] admincp does not exist or renamed
[++] modcp does not exist or renamed

[+] Checking upgrade.php to find admincp
[++] upgrade.php Not Found :(

[+] Checking validator.php
[++] validator.php is not found

[+] Checking faq.php RCE Backdoor
[++] Remote Code Execute BackDoor is Notfound :(

[+] Checking config.php.x for diclure config file
[++] Readable config files are Notfound :(

[+] Checking vBSEO 3.x - Local File Inclusion Vulnerability
[++] vbseo LFI is Not Vulnerable :(

[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php is Not Vulnerable :(

[+] Checking upgrade.php Vulnerablity
[++] upgrade.php is Not Vulnerable :(

[+] Checking arcade.php SQLI Vulnerability

La acesta nu a gasit nimic.

Tutorial video

Sursa:

https://github.com/rezasp/vbscan/