From: Ralph Forsythe (rforsythe@5280tech.com)
Date: Tue Jun 20 2006 - 18:38:17 EDT
"Morning Wood" (haha) shows an excellent easy way to find that stuff.
Under phpBB, those files are in the /docs directory. This also brings up
a good point about scanning your install for that type of information;
with as many holes as packages like phpBB tend to have on a regular basis,
removing that information may prevent some hack scripts out there from
even trying on your site. Use things like creative grep searches on the
filetree (or even on a Windows box, just extract the archive to a temp dir
and use the search tool) to determine which files to nuke.
If you're scanning a server you own and can access, you might be better
off running a SQL query for DB.table -> {$fieldprefix}config['version'] on
phpBB sites, and probably something similar for other packages. While
this isn't a true external "can I see the version" check, it will give you
the absolute answer as to whether you have vulnerable code running, and
how bad it is. There are probably more complex ways of guessing versions
based on HTML patterns and hidden comments, but the work to assemble that
type of heuristic would be considerable.
- Ralph
On Tue, 20 Jun 2006, Morning Wood wrote:
>> For instance, something to scan a server from the outside and say that a
>> forum on a site is running on phpBB >2.0.21. This would be useful for a
>> sweep to see if all forum softwares were up to date. I have never seen
>> >anything that would do this, or any listings of signatures that would
>> point to what forum type/version was running. >Anyone ever deal with this?
>> Is this a nube question? (Let the bashings begin!) :)
>
> $find = "CHANGELOG.html";
> if (@get = (`wget -q $url/$prefix/$dir/$find`))
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:08 EDT