search

OWASP / joomscan

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
https://www.secologist.com/open-source-projects
GNU General Public License v3.0
1.08k stars 244 forks source link

Fix components.pl bug #56

Closed axwl03 closed 8 months ago

axwl03 commented 3 years ago

When the detected version of the component matches the vulnerable version stored in db, the scanner does not output "[!] We found vulnerable component". Instead, it outputs "the version was not available".

axwl03 commented 3 years ago

I found another bug which does not print the title and the exploit date of the vulnerable components because they both contains '-' character. Instead of testing using regular expression, string comparison is more suitable in this case.

axwl03 commented 3 years ago

When the detected version of the component matches the vulnerable version stored in db, the scanner does not output "[!] We found vulnerable component". Instead, it outputs "the version was not available".

I found that I misunderstood the meaning of @matches[6]. It was correct to compare with -1, so force pushed.