1. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org OWASP Joomla! (CMS) Vulnerability Scanner Release Flyer Aung Khant YGN Ethical Hacker Group, Myanmar http://yehg.net/ 07/17/2009

2. OWASP 2 Current Release: 0.0.3  Implemented 200 defense bypass This is bypass web servers which respond with 200 for every 404, which is affectively killing the scanner, producing very noisy reports about false positives, rendering vulnerability detection useless. 200 defense can kill nearly most scanners today.  Added vulnerability information till 08-18-09  Added fingerprinting signature till Joomla! 1.5.14  Added anti-caching mechanism in update check  Added Graph facility in HTML reporting

3. OWASP 3 Former Release: 0.0.2  Changed report location. ~ will save report under report/ directory.  Removed "Poke Version" -pv command option Version fingerprinting is run by default now till the future versions But you can skip it using -nv (No version check) option  Improved fingerprinting engine To find more exact version and to provide most approximate version range without making you calculate it anymore. Please see the sample output:

4. OWASP 4 Former Release: 0.0.2  Fingerprint in 0.0.1 ~Generic version family....... [1.5.x] ~1.5.x htaccess.txt revealed [1.5.4 - 1.5.11] ~1.5.x configuration.php-dist revealed [1.5.1 - 1.5.8] ~1.5.x en-GB.xml revealed [1.5.2 - 1.5.6] ~1.5.x en-GB.ini revealed [1.5.4 - 1.5.7]  Fingerprint in 0.0.2 ~Generic version family....... [1.5.x] ~1.5.x htaccess.txt revealed [1.5.4 - 1.5.11] ~1.5.x configuration.php-dist revealed [1.5.1 - 1.5.8] ~1.5.x en-GB.xml revealed [1.5.2 - 1.5.6] ~1.5.x en-GB.ini revealed [1.5.4 - 1.5.7] …skip… * Deduced version range is : [1.5.5 - 1.5.6]

5. OWASP 5 Former Release: 0.0.2  Updated fingerprinting signature up to current Joomla! version 1.5.12  Updated vulnerability information up to July 12, 2009  Made vulnerability information neat by labelling as Generic, Core, Component, Plugin.  Fixed parsing bug in listing components

6. OWASP 6 Former Release: 0.0.2  Added components detectability in re-routed URL (/component/option,com_xxxx)  Made finer report format: HTML  Added Joomla! related firewall/defense detection

7. OWASP 7 Former Release: 0.0.1  New and Improved Fingerprinting Engine ( which can almost detect exact version of Joomla 1.0.x and Joomla 1.5.x)  Updated database till 1.5.9  In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request

8. OWASP OWASP Joomla! Vulnerability Scanner  Project URL http://www.owasp.org/index.php/Category:OWASP_Jo omla_Vulnerability_Scanner_Project http://www.owasp.org/index.php/Category:OWASP_Jo omla_Vulnerability_Scanner_Project  Mailing List https://lists.owasp.org/mailman/listinfo/owasp-joomla- vulnerability-scanner https://lists.owasp.org/mailman/listinfo/owasp-joomla- vulnerability-scanner  Download URLs http://yehg.net/lab/pr0js/files.php/joomscan-latest.zip http://sf.net/projects/joomscan http://yehg.net/lab/pr0js/files.php/joomscan-latest.zip http://sf.net/projects/joomscan 8