¶ VBScan
OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them.
¶ Used facts:
Available admin interface
Available moderator interface
Backup File/Directory detected
Configuration file detected
Cross-Site Scripting (XSS)
Decode Arguments is vulnerable
Detected robots.txt
Detected Vbulletin DnP Firewall
Directory listing
Firewall bypassed
Found sensitive files
Full Path Disclosure (FPD)
Interesting files detected
Local File Inclusion (LFI)
Log file detected
Open Redirect
Password disclosure
Potential vBulletin core vulnerabilities
Remote Code Execution (RCE)
Security-bypass vulnerability in vBulletin upgrade.php
SQL-injection
Tapatalk for vBulletin is vulnerable Multiple SQL Injection(CVE-2014-2023)
VBulletin Backdoor Shell detected (c99 shell)
VBulletin faq.php Information Disclosure Vulnerability
VBulletin Register.PHP HTML Injection Vulnerability
VBulletin version detected
¶ Facts screenshots:
¶ Screenshots of results:
¶ Flag:
entrypoint.sh
¶ Category:
Security/CMS Security
¶ Audit Tags:
Enumerate, CVE, Exploit, Old, Aggressive, Fast, RFI, LFI, XSS, SQLI, CMS, Crawling, Malware Detection, Code injection, RCE, Leaks, Vulnerability identification
¶ DISCLAIMER:
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.