VBscan is a security tool used to scan and find vulnerabilities in vBulletin forums. As we know these type of software have a lot of vulnerabilities to exploit and attackers use these very good. Credits goes to Mohammed Reza Espargham
Install
Installing Vbscan is just getting perl code from github.
$ git clone https://github.com/rezasp/vbscan && cd vbscan Cloning into 'vbscan'... remote: Counting objects: 166, done. remote: Compressing objects: 100% (3/3), done. remote: Total 166 (delta 0), reused 0 (delta 0), pack-reused 163 Receiving objects: 100% (166/166), 75.03 KiB | 0 bytes/s, done. Resolving deltas: 100% (76/76), done. Checking connectivity... done.
Start Scan with Vbscan
Starting is easy as just one command and there is no much alternative options. For security reasons we will use domain name as abc.org but the actual site is real.
$ perl vbscan.pl "http://forum.abc.org/"
It will try some exploits and output the findings to the terminal and as html.
Intro
Details about the Vbscan
_ _ ____ ___ ___ __ _ _ ( \/ )( _ \/ __) / __) /__\ ( \( ) \ / ) _ <\__ \( (__ /(__)\ ) ( \/ (____/(___/ \___)(__)(__)(_)\_) (1337.today) --=[OWASP VBScan +---++---==[Version : 0.1.7 +---++---==[Update Date : [2016/10/15] +---++---==[Author : Mohammad Reza Espargham +---++---==[Website : www.reza.es --=[Code name : Larry Wall @OWASP_VBScan , @rezesp , @OWASP Processing http://forum.abc.org/ ...
Firewall Status
This part will provide information about VBulletin based Firewall existince
[+] Detecting Vbulletin based Firewall [++] No known firewall detected
vBulletin Version
The vBulletin version is 3.8.9
[+] Detecting vBulletin Version [++] vBulletin 3.8.9
Vulnerabilities
This part will provide information about CVE based vulnerabilities
[++] vBulletin CVE-2016-6483 Server Side Request Forgery Security Bypass Vulnerability EDB : http://www.exploit-db.com/exploits/40225/ http://www.securityfocus.com/bid/92350 http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
LICENSE
License information
[+] vBulletin LICENSE Check [++] vBulletin LICENSE file : http://forum.abc.org//LICENSE
Apache Info
The web server running VBulletin web applications
[+] Checking apache info/status files [++] Readable info/status files are not found
Admin Control Panel
Admin and remote access pages information is provided.
[+] Checking admincp/modcp path [++] admincp Found http://forum.abc.org//admincp [++] modcp Found http://forum.abc.org//modcp
Validator.php
Checks if validator.php exists
[+] Checking validator.php [++] validator.php is not found
Robots.txt
Checking robots.txt file which is used by site crawling bots. This can provide interesting and valuable information.
[+] Checking robots.txt existing [++] robots.txt is found path : http://forum.abc.org//robots.txt Interesting path found from robots.txt http://forum.abc.org// http://forum.abc.org// http://forum.abc.org// http://forum.abc.org//admincp http://forum.abc.org//ajax.php http://forum.abc.org//announcement.php http://forum.abc.org//attachment.php http://forum.abc.org//calendar.php http://forum.abc.org//cron.php http://forum.abc.org//editpost.php http://forum.abc.org//external.php http://forum.abc.org//forumdisplay.php http://forum.abc.org//global.php http://forum.abc.org//image.php http://forum.abc.org//includes http://forum.abc.org//infraction.php http://forum.abc.org//inlinemod.php http://forum.abc.org//joinrequests.php http://forum.abc.org//login.php http://forum.abc.org//memberlist.php http://forum.abc.org//member.php http://forum.abc.org//misc.php http://forum.abc.org//modcp http://forum.abc.org//moderation.php http://forum.abc.org//moderator.php http://forum.abc.org//newattachment.php http://forum.abc.org//newreply.php http://forum.abc.org//newthread.php http://forum.abc.org//online.php http://forum.abc.org//payment_gateway.php http://forum.abc.org//payments.php http://forum.abc.org//poll.php http://forum.abc.org//postings.php http://forum.abc.org//printthread.php http://forum.abc.org//private.php http://forum.abc.org//profile.php http://forum.abc.org//register.php http://forum.abc.org//report.php http://forum.abc.org//reputation.php http://forum.abc.org//search.php http://forum.abc.org//sendmessage.php http://forum.abc.org//showgroups.php http://forum.abc.org//showpost.php http://forum.abc.org//signaturepics http://forum.abc.org//subscription.php http://forum.abc.org//threadrate.php http://forum.abc.org//usercp.php http://forum.abc.org//usernote.php
c99 Xml Shell
This is an old vulnerability
[+] Checking c99 xml shell in admincp/subscriptions.php [++] c99 xml shell is Not Found
Backup Files
Can we access the backup files. This can occur in misconfiguration situations.
[+] Finding common backup files name [++] Backup files are not found
Log Files
Can we access the logs files
[+] Finding common log files name [++] error log is not found
Config Files
We have found config files where database username and password exists
[+] Checking config.php.x for disclure config file [++] Readable config file is found config file path : http://forum.abc.org//includes/config.php.new Readable config file is found config file path : http://forum.abc.org//includes/config.php.old
RCE Backdoor
Are the any remote code execution backdoor?
[+] Checking faq.php RCE backdoor [++] Remote Code Execute backdoor not found
LFI
This check is done whether to learn there is Local File Inclusion vulnerability
[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability [++] vbseo.php LFI is not vulnerable
Sql Injection
We will check the arcade.php if there is an sql injection vulnerability.
[+] Checking arcade.php SQLI Vulnerability [++] arcade.php not found
How To Use Owasp Vbscan? Infografic
Help. I am looking for guide
I am from Slovenia. I can help with build this forum. Thanks for approved.
Jaz sem Slovenka. Lahko pomagam pri razvoju foruma.