Exploring Joomla CMS vulnerabilities-JoomScan

JoomScan is an open source security scanner, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments by OWASP. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.
Joomscan provide following features:
      • Version enumerator
      • Vulnerability enumerator (based on version)
      • Components enumerator (1209 most popular by default)
      • Components vulnerability enumerator (based on version)(+1030 exploit)
      • Firewall detector
      • Reporting to Text & HTML output
      • Finding common log files
      • Finding common backup files
You can used Joomscan in kali linux directly.
If you use any other operating system, you can install Joomscan as follows. 
git clone https://github.com/rezasp/joomscan.git 
cd joomscan 
perl joomscan.pl
You can check joomscan argument from following command
                                 joomscan -help

Joomscan --update command is used to update joomscan.


Basic command for joomscan is:
                                    joomscan --url <url> 
                                 perl joomscan.pl  --u <url> 

 Eg.:-: joomscan --url https://www.joomla.org/

Based on that command you can use other arguments to scan your loomla website.

  -Enumerate installed components...
   joomscan --url https://www.joomla.org/ --enumerate-components

  -Set cookie
   joomscan --url
https://www.joomla.org/ --cookie "test=demo;"

  -Set proxy
   joomscan --url
https://www.joomla.org/ --proxy

After scan has started joomscan will try to find the vulnerabilities for the target URL. As marked Joomscan has detected Joomla Version 2.5 running on target website.

Now we explore some exampleas to identify vulnarabilities using scan result.

In the above screen shot it shows joomla component, sql injection vulnerability that can be used in sql injection attacks. The site also has vulnerability of cross-site scripting which can disclose the information about the target. The main vulnerability is Remote Admin Change Password in which attacker can get access of the admin by getting the access token of the admin page.