rezasp
commented
8 years ago hello please tell me targets you have checked and the messege that you’ve got from the scanner
Closed qywx closed 8 years ago
rezasp
commented
8 years ago hello please tell me targets you have checked and the messege that you’ve got from the scanner
qywx
commented
8 years ago $ ./vbscan.pl http://www.skyscrapercity.com/
[+] Processing http://www.skyscrapercity.com/ ...
[++] The target is alive! But is not running on vbulletin.
Do you want to continue? [y/N] y
[+] Detecting vBulletin Version
[++] vBulletin Version : ver 404
[+] Checking apache info/status files
[++] Readable info/status files are not found
[+] Checking admincp/modcp path
[++] admincp does not exist or renamed
[++] modcp does not exist or renamed
[+] Checking upgrade.php to find admincp
[++] upgrade.php not found
[+] Checking validator.php
[++] validator.php is not found
[+] Checking robots.txt existing
[++] robots.txt is not found
[+] Checking faq.php RCE backdoor
[++] Remote Code Execute backdoor not found
[+] Checking config.php.x for disclure config file
[++] Readable config files are not found
[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability
[++] vbseo.php LFI is not vulnerable
[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php not vulnerable
[+] Checking arcade.php SQLI Vulnerability
[++] arcade.php not found
[+] Checking vBulletin YUI 2.9.0 XSS
[++] uploader.swf not found
[+] Checking for html tags status
[++] HTML tag are Disable
[+] Checking c99 xml shell in admincp/subscriptions.php
[++] c99 xml shell is Not Found
[+] Finding common backup files name
[++] Backup files are not found
[+] Finding common log files name
[++] error log is not found
[+] Checking Vbulletin 5.x - Remote Code Execution Exploit
[++] decodeArguments is not vulnerable
Your Report : reports/www.skyscrapercity.com.txtSo, vbscan detects VBulletin version, but says "is not running on vbulletin."
And there is a difference with versions on site 3.8.8 Beta 1 and was detected 4.0.4
qywx
commented
8 years ago http://www.alcoholhulp.be/forum-omgeving/
$ ./vbscan.pl http://www.alcoholhulp.be/forum-omgeving/
[+] Processing http://www.alcoholhulp.be/forum-omgeving/ ...
[++] The target is alive! But is not running on vbulletin.
Do you want to continue? [y/N] н
[+] Detecting vBulletin Version
[++] vBulletin Version : ver 404
[+] Checking apache info/status files
[++] Readable info/status files are not found
[+] Checking admincp/modcp path
[++] admincp does not exist or renamed
[++] modcp does not exist or renamed
[+] Checking upgrade.php to find admincp
[++] upgrade.php not found
[+] Checking validator.php
[++] validator.php is not found
[+] Checking robots.txt existing
[++] robots.txt is not found
[+] Checking faq.php RCE backdoor
[++] Remote Code Execute backdoor not found
[+] Checking config.php.x for disclure config file
[++] Readable config files are not found
[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability
[++] vbseo.php LFI is not vulnerable
[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php not vulnerable
[+] Checking arcade.php SQLI Vulnerability
[++] arcade.php not found
[+] Checking vBulletin YUI 2.9.0 XSS
[++] uploader.swf not found
[+] Checking for html tags status
[++] HTML tag are Disable
[+] Checking c99 xml shell in admincp/subscriptions.php
[++] c99 xml shell is Not Found
[+] Finding common backup files name
[++] Backup files are not found
[+] Finding common log files name
[++] error log is not found
[+] Checking Vbulletin 5.x - Remote Code Execution Exploit
[++] decodeArguments is not vulnerable
Your Report : reports/www.alcoholhulp.be.txtOn site written: Powered by vBulletin™ Version 4.0.7
rezasp
commented
8 years ago I checked your sites and i couldn't find any problem.
perl vbscan.pl http://www.skyscrapercity.com/
[+] Processing http://www.skyscrapercity.com/ ...
[+] Detecting vBulletin Version
[++] vBulletin Version : vBulletin 3.8.8 Beta 1
perl vbscan.pl http://www.alcoholhulp.be/forum-omgeving/
[+] Processing http://www.alcoholhulp.be/forum-omgeving/ ...
[+] Detecting vBulletin Version
[++] vBulletin Version : vBulletin 4.0.5check your connection or vpn connection ... what is your OS ?
qywx
commented
8 years ago Win10+Strawberry. No VPN. Internet works fine.
I'll try run it under linux.
qywx
commented
8 years ago I understood. Oh my firewall. The target is alive! for me says that connection could be established. It should say Can't find or No connection.
qywx
commented
8 years ago Please try www.kharkovforum.com
rezasp
commented
8 years ago use it with https://
http://
perl vbscan.pl www.kharkovforum.com
[+] Processing http://www.kharkovforum.com ...
[++] The target is alive! But is not running on vbulletin.
Do you want to continue? [y/N] https://
perl vbscan.pl https://www.kharkovforum.com/
[+] Processing https://www.kharkovforum.com/ ...
[+] Detecting vBulletin Version
[++] vBulletin Version : vBulletin 3.8.7I working on new version detector engine for fix bugs for new relaese Wait for next version
qywx
commented
8 years ago Thank you.
The target is alive! But is not running on vbulletin.- the same message for first 10 sites from https://www.google.com/search?q=powered+by+vbulletin Is that normal?