CMS (Content Management System) is very popular, easy to install and mostly setup once and forget by “admins”.
In general, there are quite serious vulnerabilities in popular CMS, as is the case with any software. Bugs are patched fairly quickly. Responsible companies and administrators install patches ASAP. Due to the fact that anyone without knowledge can build a website based on one of the popular CMS, there are millions of them on the web. Unfortunately, most not updated. Each CMS also has the ability to install themes and addons, which are also vulnerable. Often, themes and addons are abandoned after few years if not developed by professionals.
Thanks to this, you can get access to many servers and a mass of data. Private blogs, educational systems, small and large communities, small and medium-sized companies but also, unfortunately, government institutions. How many times has a political group, state institution or health service put a website on WordPress, Joomla or Drupal, and don’t give a fuck for service or support, leaking out data for each script kiddie.
The beginnings of my career are private companies supporting the public sector. I even worked for a state-owned company once. I do not know if in all countries, but in Poland, the public sector is a poor salary, too many obligations and lack of training or development path. Plus, no money for anything, so if something works, don’t touch it. Safety is by definition the same as accepting the risk. Besides, you always have a supervisor over you who has no idea what you are doing, he will give out senseless orders and is your boss only because his uncle is from the party that is in charge of the country at the moment. At the next election, another idiot replaces him. Uhh, bad memories, and that’s not what the article was supposed to be about :)
Now, that we know all those WordPreses, Joomlas, Drupals, Moodles and other CMS-ish shit, are old and leaky, we can spoil them. Also without much knowledge, using ready-made scripts. Freedom for $crIpT kIddI3$!
All in one solutions. Worth to start with these for popular CMS.
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Specified CMS scan:
droopescan scan drupal -u example.org
droopescan scan -u example.org
droopescan scan -U list_of_urls.txt
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
python3 cmseek.py (for guided scanning) OR
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. It is using centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan.
Run web interface:
WordPress CMS vulnerability scanners.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
wpscan --url example.com
To use WPScan’s enumeration capabilities supply the
The following enumeration options exist:
u(User IDs range. e.g: u1-5)
m(Media IDs range. e.g m1-15)
If no option is supplied to the
-e flag, then the default will be:
Password brute force attack:
wpscan --url example.com -e u --passwords /path/to/password_file.txt
WPForce is a suite of Wordpress Attack tools.
python wpforce.py -i usr.txt -w pass.txt -u "http://www.example.com"
There are also free online WordPress scanners.
Joomla CMS vulnerability scanners.
OWASP Joomla Vulnerability Scanner Project.
perl joomscan.pl --url www.example.com
Enumerate installed components:
perl joomscan.pl --url www.example.com --enumerate-components
Drupal CMS vulnerability scanners.
Drupal enumeration & exploitation tool.
python3 ./drupwn --mode enum --target http://example.com/drupal
python3 ./drupwn --mode exploit --target http://example.com/drupal
Typo3 CMS vulnerability scanners.
Enumerate Typo3 version and extensions.
To get a list of all options use:
python3 typo3scan.py -h
python3 typo3scan.py -d http://example.com/ --vuln
vBulletin CMS vulnerability scanners.
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner.