nk you for using the HackerTarget.com Free Joomla Scanning Service ** Your Joomla scan results are listed below. For more information and other Vulnerability Scanning options please visit http://www.hackertarget.com/security-vulnerability-scanning/. While a joomla scan is a quick check for vulnerable components and security problems, it is only a first step in ensuring your server is secure, a full vulnerability assessment will reveal other Security holes and provide recommendations for a fix. ================================================================= OWASP Joomla! Vulnerability Scanner v0.0.1 - (c) Aung Khant, aungkhant[@]yehg[.]net YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab This checks what components are being used in target Joomla! site and lets you confirm the exploitability of existing components. ================================================================= Joomla! Vulnerability Entries: 417 Last update: July 14, 2009 Use "update" option to refresh the database Use "check" option to check the scanner update Target: http://test.acunetix.com Server: Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7 X-Powered-By: PHP/5.1.2 Vulnerabilities Discovered ========================== # 1 Info: Core: Multiple XSS/CSRF Vulnerability Versions Affected: 1.5.9 <= Check: /?1.5.9-x Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. Vulnerable? N/A # 2 Info: Core: JSession SSL Session Disclosure Versions effected: Joomla! 1.5.8 <= Check: /?1.5.8-x Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session. Vulnerable? N/A # 3 Info: Core: Frontend XSS Vulnerability Versions effected: 1.5.10 <= Check: /?1.5.10-x Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin. Vulnerable? N/A There are 7 suspicious components to confirm exploitability! ~[*] Time Taken: 2 min and 10 sec ~[*] Send bugs, suggestions, contributions to joomscan@yehg.net