Home / Unlabelled / C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS


Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor.

concrete5 is an open-source content management system (CMS) for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content directly from the page. It provides version management for every page, similar to wiki software, another type of web site development software. concrete5 allows users to edit images through an embedded editor on the page.

Use
python c5scan.py -u <url> (-r)
 
 -u   --url      Insert your target URL here
 -r   --robots   If found, print contents of robots.txt

Dependencies
pip install httplib2 requests

Example
$ python c5scan.py -u localhost -r
 
 **********************************************************
 *                      ~ C5scan ~                        *
 * A vulnerability and information gatherer for concrete5 *
 *                [email protected]                 *
 **********************************************************
 
 No http:// or https:// provided. Trying http://
 URL: http://localhost/
 
 [+] Discovered version 5.6.2.1 from meta 'generator' tag
 [+] Interesting header: server: Apache/2.2.14 (Ubuntu)
 [+] Interesting header: x-powered-by: PHP/5.3.2-1ubuntu4.24
 [+] robots.txt found at  http://localhost/robots.txt
 User-agent: *
 Disallow: /blocks 
 Disallow: /concrete 
 Disallow: /config 
 Disallow: /controllers 
 Disallow: /css 
 Disallow: /elements 
 Disallow: /helpers 
 Disallow: /jobs 
 Disallow: /js 
 Disallow: /languages 
 Disallow: /libraries 
 Disallow: /mail 
 Disallow: /models 
 Disallow: /packages 
 Disallow: /single_pages 
 Disallow: /themes 
 Disallow: /tools
 Disallow: /updates
 
 Enumerating updates in /updates/
 [+] Update version 5.5.2.1 exists
 [+] Update version 5.6.2.1 exists
 
 Looking for Readme files
 [+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/adodb/readme.txt
 [+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/adodb/docs/docs-adodb.htm
 [+] Found a readme at:  http://localhost/concrete/blocks/video/README
 [+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/StandardAnalyzer/Readme.txt
 [+] Found a readme at:  http://localhost/concrete/libraries/3rdparty/securimage/README.txt
 
 Checking for known vulnerabilities in updates
 [+] A known vulnerability exists for 5.6.2.1:
 SQL Injection in index.php cID param
 http://www.exploit-db.com/exploits/31735/
 
 Checking for known vulnerabilities in current version
 [+] A known vulnerability exists for 5.6.2.1:
 SQL Injection in index.php cID param
 http://www.exploit-db.com/exploits/31735/
 
 Finished.



Source: feedproxy.google.com
C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS Reviewed by Anonymous on 2:00 PM Rating: 5

Tags