如何使用Owasp Vbscan?

VBscan是一个 安全 用于扫描和查找vBulletin论坛中的漏洞的工具。正如我们所知,这些类型的软件有很多漏洞可利用,攻击者使用这些非常好。学分归 穆罕默德·雷扎·埃斯帕格姆

Backup美臀护腰矫姿坐垫折叠式撑腰座垫久坐神器办公室坐姿矫正垫
| 月销量39件
券后278-50=228元
原价¥278

淘口令:

¥yoBwXBTUeVP¥
 

安装

安装Vbscan只是从github获取perl代码。

$ git clone https://github.com/rezasp/vbscan && cd vbscan Cloning into 'vbscan'... remote: Counting objects: 166, done. remote: Compressing objects: 100% (3/3), done. remote: Total 166 (delta 0), reused 0 (delta 0), pack-reused 163 Receiving objects: 100% (166/166), 75.03 KiB | 0 bytes/s, done. Resolving deltas: 100% (76/76), done. Checking connectivity... done.

用Vbscan开始扫描

启动很容易,因为只有一个命令,没有太多的选择。出于安全原因,我们将使用 域名 但实际的网站是真实的。

$ perl vbscan.pl "http://forum.abc.org/"

它将尝试一些攻击,并将结果输出到终端和html。

简介

有关Vbscan的详细信息

   _  _  ____  ___   ___    __    _  _  ( / )(  _ / __) / __)  /__  ( ( )     /  ) _  

防火墙状态

本部分将提供基于VBulletin的信息 防火墙 存在

[+] Detecting Vbulletin based Firewall [++] No known firewall detected

vBulletin版本

vBulletin版本是3.8.9

[+] Detecting vBulletin Version [++] vBulletin 3.8.9

脆弱性

本部分将提供有关基于CVE的漏洞的信息

[++] vBulletin CVE-2016-6483 Server Side Request Forgery Security Bypass Vulnerability EDB : http://www.exploit-db.com/exploits/40225/ http://www.securityfocus.com/bid/92350 http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt

许可证

许可证信息

[+] vBulletin LICENSE Check [++] vBulletin LICENSE file : http://forum.abc.org//LICENSE

Apache信息

这个 web服务器 在web应用程序中运行VBulletin

[+] Checking apache info/status files [++] Readable info/status files are not found

管理控制面板

提供管理和远程访问页面信息。

[+] Checking admincp/modcp path [++] admincp Found http://forum.abc.org//admincp [++] modcp Found http://forum.abc.org//modcp

验证器.php

检查是否 validator.php 存在

[+] Checking validator.php [++] validator.php is not found

机器人.txt

正在检查站点爬网机器人程序使用的robots.txt文件。这可以提供有趣和有价值的信息。

[+] Checking robots.txt existing  [++] robots.txt is found  path : http://forum.abc.org//robots.txt     Interesting path found from robots.txt  http://forum.abc.org//  http://forum.abc.org//  http://forum.abc.org//  http://forum.abc.org//admincp  http://forum.abc.org//ajax.php  http://forum.abc.org//announcement.php  http://forum.abc.org//attachment.php  http://forum.abc.org//calendar.php  http://forum.abc.org//cron.php  http://forum.abc.org//editpost.php  http://forum.abc.org//external.php  http://forum.abc.org//forumdisplay.php  http://forum.abc.org//global.php  http://forum.abc.org//image.php  http://forum.abc.org//includes  http://forum.abc.org//infraction.php  http://forum.abc.org//inlinemod.php  http://forum.abc.org//joinrequests.php  http://forum.abc.org//login.php  http://forum.abc.org//memberlist.php  http://forum.abc.org//member.php  http://forum.abc.org//misc.php                                                                                                       http://forum.abc.org//modcp                                                                                                          http://forum.abc.org//moderation.php                                                                                                 http://forum.abc.org//moderator.php                                                                                                  http://forum.abc.org//newattachment.php                                                                                              http://forum.abc.org//newreply.php                                                                                                   http://forum.abc.org//newthread.php                                                                                                  http://forum.abc.org//online.php                                                                                                     http://forum.abc.org//payment_gateway.php                                                                                            http://forum.abc.org//payments.php                                                                                                   http://forum.abc.org//poll.php                                                                                                       http://forum.abc.org//postings.php                                                                                                   http://forum.abc.org//printthread.php                                                                                                http://forum.abc.org//private.php                                                                                                    http://forum.abc.org//profile.php                                                                                                    http://forum.abc.org//register.php                                                                                                   http://forum.abc.org//report.php                                                                                                     http://forum.abc.org//reputation.php                                                                                                 http://forum.abc.org//search.php                                                                                                     http://forum.abc.org//sendmessage.php                                                                                                http://forum.abc.org//showgroups.php                                                                                                 http://forum.abc.org//showpost.php                                                                                                   http://forum.abc.org//signaturepics                                                                                                  http://forum.abc.org//subscription.php                                                                                               http://forum.abc.org//threadrate.php                                                                                                 http://forum.abc.org//usercp.php                                                                                                     http://forum.abc.org//usernote.php

c99 Xml外壳

这是一个古老的 脆弱性

[+] Checking c99 xml shell in admincp/subscriptions.php                                                                               [++] c99 xml shell is Not Found

备份文件

我们能进入 备份文件 . 这可能发生 在错误配置的情况下。

[+] Finding common backup files name                                                                                                  [++] Backup files are not found

日志文件

我们能访问日志文件吗

[+] Finding common log files name                                                                                                     [++] error log is not found

配置文件

我们找到了存在数据库用户名和密码的配置文件

[+] Checking config.php.x for disclure config file                                                                                    [++] Readable config file is found                                                                                                     config file path : http://forum.abc.org//includes/config.php.new                                                                   Readable config file is found                                                                                                          config file path : http://forum.abc.org//includes/config.php.old

RCE后门

是否有任何远程代码执行后门?

[+] Checking faq.php RCE backdoor                                                                                                     [++] Remote Code Execute backdoor not found

LFI公司

检查是否存在本地文件包含漏洞

[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability                                                                     [++] vbseo.php LFI is not vulnerable

Sql注入

我们会检查 arcade.php 如果有 sql注入 脆弱性。

[+] Checking arcade.php SQLI Vulnerability                                                                                            [++] arcade.php not found

相关文章: 如何用Netsh命令行管理Windows防火墙?

如何使用Owasp Vbscan?信息图

How To Use Owasp Vbscan? Infografic
如何使用Owasp Vbscan?信息图

© 版权声明
THE END
喜欢就支持一下吧,技术咨询可以联系QQ407933975
点赞0
分享