------------------------------------------------------------------------------------------------
# Joomla

$ perl joomscan.pl --url http://targetsite.com/

    ____  _____  _____  __  __  ___   ___    __    _  _
   (_  _)(  _  )(  _  )(  \/  )/ __) / __)  /__\  ( \( )
  .-_)(   )(_)(  )(_)(  )    ( \__ \( (__  /(__)\  )  (
  \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
                        (1337.today)

    --=[OWASP JoomScan
    +---++---==[Version : 0.0.7
    +---++---==[Update Date : [2018/09/23]
    +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo
    --=[Code name : Self Challenge
    @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP

Processing http://targetsite.com/ ...



[+] FireWall Detector
[++] Firewall not detected

[+] Detecting Joomla Version
[++] Joomla 3.6.3

[+] Core Joomla Vulnerability
[++] Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
CVE : CVE-2016-8870 , CVE-2016-8869
EDB : https://www.exploit-db.com/exploits/40637/

Joomla! Core Remote Privilege Escalation Vulnerability
CVE : CVE-2016-9838
EDB : https://www.exploit-db.com/exploits/41157/

Joomla! Core Security Bypass Vulnerability
CVE : CVE-2016-9081
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html

Joomla! Core Arbitrary File Upload Vulnerability
CVE : CVE-2016-9836
https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html

Joomla! Information Disclosure Vulnerability
CVE : CVE-2016-9837
https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html

PHPMailer Remote Code Execution Vulnerability
CVE : CVE-2016-10033
https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
https://github.com/opsxcq/exploit-CVE-2016-10033
EDB : https://www.exploit-db.com/exploits/40969/

PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
CVE : CVE-2016-10045
https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
EDB : https://www.exploit-db.com/exploits/40969/



[+] Checking apache info/status files
[++] Readable info/status files are not found

[+] admin finder
[++] Admin page : http://targetsite.com/administrator/

[+] Checking robots.txt existing
[++] robots.txt is found
path : http://targetsite.com/robots.txt

Interesting path found from robots.txt
http://targetsite.com/joomla/administrator/
http://targetsite.com/administrator/
http://targetsite.com/bin/
http://targetsite.com/cache/
http://targetsite.com/cli/
http://targetsite.com/components/
http://targetsite.com/includes/
http://targetsite.com/installation/
http://targetsite.com/language/
http://targetsite.com/layouts/
http://targetsite.com/libraries/
http://targetsite.com/logs/
http://targetsite.com/modules/
http://targetsite.com/plugins/
http://targetsite.com/tmp/


[+] Finding common backup files name
[++] Backup files are not found

[+] Finding common log files name
[++] error log is not found

[+] Checking sensitive config.php.x file
[++] Readable config files are not found

[+] Enumeration component (com_jce)
[++] Name: com_jce
Location : http://targetsite.com/components/com_jce/
licence.txt : http://targetsite.com/components/com_jce/licence.txt
[!] We found the component "com_jce", but since the component version was not available we cannot ensure that it's vulnerable, please test it yourself.
Reference : https://www.exploit-db.com/exploits/17734
Fixed in : 2.0.10.1
licence.txt : http://targetsite.com/administrator/components/com_jce/licence.txt


Your Report : reports/targetsite.com/