definity
commented
3 years ago Also, there's this page you can test for /DependencyHandler.axd
Source: https://markitzeroday.com/umbraco/lfi/2017/05/01/umbraco-lfi-exploitation.html
Closed definity closed 3 years ago
definity
commented
3 years ago Also, there's this page you can test for /DependencyHandler.axd
Source: https://markitzeroday.com/umbraco/lfi/2017/05/01/umbraco-lfi-exploitation.html
bcoles
commented
3 years ago I was looking at some sites running Umbraco and didn't see WhatWeb find it.
Unsurprising. The plugin is 10 years old.
Seems you can test for the
/umbracopath and get a hit for the admin panel, if exposed.
You can easily add a :url=>'/umbraco', ... match for this, which will be requested on aggression level 3.
Also, there's this page you can test for
/DependencyHandler.axdSource: https://markitzeroday.com/umbraco/lfi/2017/05/01/umbraco-lfi-exploitation.html
WhatWeb generally doesn't scan for vulnerabilities - version detection is preferred. Vulnerable software can be inferred (or at least flagged for manual review) based on version matches. Although it probably wouldn't hurt to add a check for this path if it is unique to Umbraco.
definity
commented
3 years ago Yeah, not interested in the vulnerability part, just the service discovery... so if you know a certain file is associated with Umbraco, you could add it with a certain % of confidence unless other key indicators are found. That was my intention of including /DependencyHandler.axd
urbanadventurer
commented
3 years ago The updated Umbraco plugin you made on your own branch looks good.
My only advice is that the following pattern could have false positives from websites that always return 200 OK for Not Found URL paths, and so should be removed.
# Umbraco logo
{ :url=>'/umbraco/assets/img/application/logo.png', },Before you submit this as a Pull Request, please add the authors block, and bump the version to 0.4 so you can get some recognition for your contribution.
definity
commented
3 years ago The updated Umbraco plugin you made on your own branch looks good.
Thanks for reviewing it!
My only advice is that the following pattern could have false positives from websites that always return 200 OK for Not Found URL paths, and so should be removed.
# Umbraco logo { :url=>'/umbraco/assets/img/application/logo.png', },
Will do. I had planned to download more versions and hash logo.png to see whether it would differ between versions.
Before you submit this as a Pull Request, please add the authors block, and bump the version to 0.4 so you can get some recognition for your contribution.
👍
definity
commented
3 years ago Pull request is in. I took a little time and inventoried all the Umbraco 7.x and 8.x versions and hashed one of the Javascript files available that seemed to change often across versions.
I'm certain there's a more efficient way to do this kind of check so you aren't requesting the same file 126 times and hashing it, but it does work.
urbanadventurer
commented
3 years ago At some stage the whole approach for version detection using hashes will have to change, but in the meantime it works.
I was looking at some sites running Umbraco and didn't see WhatWeb find it.
Seems you can test for the
/umbracopath and get a hit for the admin panel, if exposed.Also HTML on the main site might have these
<link rel="stylesheet" href="/css/umbraco-starterkit-style.css" /><script src="/scripts/umbraco-starterkit-app.js"></script>Will happily take this on and submit a pull request... just documenting it in case I can't make time for it.