How To Use Owasp Vbscan?

VBscan is a security tool used to scan and find vulnerabilities in vBulletin forums. As we know these type of software have a lot of vulnerabilities to exploit and attackers use these very good. Credits goes to Mohammed Reza Espargham

Install

Installing Vbscan is just getting perl code from github.

$ git clone https://github.com/rezasp/vbscan && cd vbscan 
Cloning into 'vbscan'... 
remote: Counting objects: 166, done. 
remote: Compressing objects: 100% (3/3), done. 
remote: Total 166 (delta 0), reused 0 (delta 0), pack-reused 163 
Receiving objects: 100% (166/166), 75.03 KiB | 0 bytes/s, done. 
Resolving deltas: 100% (76/76), done. 
Checking connectivity... done.

Start Scan with Vbscan

Starting is easy as just one command and there is no much alternative options. For security reasons we will use domain name as abc.org but the actual site is real.

$ perl vbscan.pl "http://forum.abc.org/"

It will try some exploits and output the findings to the terminal and as html.

Intro

Details about the Vbscan

   _  _  ____  ___   ___    __    _  _ 
 ( \/ )(  _ \/ __) / __)  /__\  ( \( ) 
  \  /  ) _ <\__ \( (__  /(__)\  )  ( 
   \/  (____/(___/ \___)(__)(__)(_)\_) 
                (1337.today) 
    
    --=[OWASP VBScan 
    +---++---==[Version : 0.1.7 
    +---++---==[Update Date : [2016/10/15] 
    +---++---==[Author : Mohammad Reza Espargham 
    +---++---==[Website : www.reza.es 
    --=[Code name : Larry Wall 
     @OWASP_VBScan , @rezesp , @OWASP 
 
Processing http://forum.abc.org/ ...

Firewall Status

This part will provide information about VBulletin based Firewall existince

[+] Detecting Vbulletin based Firewall 
[++] No known firewall detected

vBulletin Version

The vBulletin version is 3.8.9

[+] Detecting vBulletin Version 
[++] vBulletin 3.8.9

Vulnerabilities

This part will provide information about CVE based vulnerabilities

[++] vBulletin CVE-2016-6483 Server Side Request Forgery Security Bypass Vulnerability 
EDB : http://www.exploit-db.com/exploits/40225/ 
http://www.securityfocus.com/bid/92350 
http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt

LICENSE

License information

[+] vBulletin LICENSE Check 
[++] vBulletin LICENSE file : http://forum.abc.org//LICENSE

Apache Info

The web server running VBulletin web applications

[+] Checking apache info/status files 
[++] Readable info/status files are not found

Admin Control Panel

Admin and remote access pages information is provided.

[+] Checking admincp/modcp path 
[++] admincp Found 
http://forum.abc.org//admincp 
[++] modcp Found 
http://forum.abc.org//modcp

Validator.php

Checks if validator.php exists

[+] Checking validator.php 
[++] validator.php is not found

Robots.txt

Checking robots.txt file which is used by site crawling bots. This can provide interesting and valuable information.

[+] Checking robots.txt existing  
[++] robots.txt is found  
path : http://forum.abc.org//robots.txt   
  
Interesting path found from robots.txt  
http://forum.abc.org//  
http://forum.abc.org//  
http://forum.abc.org//  
http://forum.abc.org//admincp  
http://forum.abc.org//ajax.php  
http://forum.abc.org//announcement.php  
http://forum.abc.org//attachment.php  
http://forum.abc.org//calendar.php  
http://forum.abc.org//cron.php  
http://forum.abc.org//editpost.php  
http://forum.abc.org//external.php  
http://forum.abc.org//forumdisplay.php  
http://forum.abc.org//global.php  
http://forum.abc.org//image.php  
http://forum.abc.org//includes  
http://forum.abc.org//infraction.php  
http://forum.abc.org//inlinemod.php  
http://forum.abc.org//joinrequests.php  
http://forum.abc.org//login.php  
http://forum.abc.org//memberlist.php  
http://forum.abc.org//member.php  
http://forum.abc.org//misc.php                                                                                                       
http://forum.abc.org//modcp                                                                                                          
http://forum.abc.org//moderation.php                                                                                                 
http://forum.abc.org//moderator.php                                                                                                  
http://forum.abc.org//newattachment.php                                                                                              
http://forum.abc.org//newreply.php                                                                                                   
http://forum.abc.org//newthread.php                                                                                                  
http://forum.abc.org//online.php                                                                                                     
http://forum.abc.org//payment_gateway.php                                                                                            
http://forum.abc.org//payments.php                                                                                                   
http://forum.abc.org//poll.php                                                                                                       
http://forum.abc.org//postings.php                                                                                                   
http://forum.abc.org//printthread.php                                                                                                
http://forum.abc.org//private.php                                                                                                    
http://forum.abc.org//profile.php                                                                                                    
http://forum.abc.org//register.php                                                                                                   
http://forum.abc.org//report.php                                                                                                     
http://forum.abc.org//reputation.php                                                                                                 
http://forum.abc.org//search.php                                                                                                     
http://forum.abc.org//sendmessage.php                                                                                                
http://forum.abc.org//showgroups.php                                                                                                 
http://forum.abc.org//showpost.php                                                                                                   
http://forum.abc.org//signaturepics                                                                                                  
http://forum.abc.org//subscription.php                                                                                               
http://forum.abc.org//threadrate.php                                                                                                 
http://forum.abc.org//usercp.php                                                                                                     
http://forum.abc.org//usernote.php

c99 Xml Shell

This is an old vulnerability

[+] Checking c99 xml shell in admincp/subscriptions.php                                                                               
[++] c99 xml shell is Not Found

Backup Files

Can we access the backup files. This can occur  in misconfiguration situations.

[+] Finding common backup files name                                                                                                  
[++] Backup files are not found

Log Files

Can we access the logs files

[+] Finding common log files name                                                                                                     
[++] error log is not found

Config Files

We have found config files where database username and password exists

[+] Checking config.php.x for disclure config file                                                                                    
[++] Readable config file is found                                                                                                    
 config file path : http://forum.abc.org//includes/config.php.new                                                                   
Readable config file is found                                                                                                         
 config file path : http://forum.abc.org//includes/config.php.old

RCE Backdoor

Are the any remote code execution backdoor?

[+] Checking faq.php RCE backdoor                                                                                                     
[++] Remote Code Execute backdoor not found

LFI

This check is done whether to learn there is Local File Inclusion vulnerability

[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability                                                                     
[++] vbseo.php LFI is not vulnerable

Sql Injection

We will check the arcade.php if there is an sql injection vulnerability.

[+] Checking arcade.php SQLI Vulnerability                                                                                            
[++] arcade.php not found

 

How To Use Owasp Vbscan? Infografic

How To Use Owasp Vbscan? Infografic
How To Use Owasp Vbscan? Infografic

 

2 thoughts on “How To Use Owasp Vbscan?”

  1. I am from Slovenia. I can help with build this forum. Thanks for approved.

    Jaz sem Slovenka. Lahko pomagam pri razvoju foruma.

    Reply

Leave a Comment