OWASP Joomla Vulnerability Scanner v0.0.1 released
A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.
The following features are currently available.
- Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
- Searching known vulnerabilities of Joomla! and its components
- Reporting to Text & HTML output
- Immediate update capability via scanner or svn
- New and Improved Fingerprinting Engine ( which can mostly detect exact version of Joomla 1.0.x and Joomla 1.5.x)
- Updated database till 1.5.9
- In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request