Kod:
#!/usr/bin/python
import httplib
import sys
#Vulnerable plugins to check for
plugins = ['kingchat.php','profilewfc.php','awaylist.php','hmflags.php','profileskype.php', 'socialsites.php','dymy_ua.php','profilefacebook.php','AJAXChat.php','youtube.ph p','tipsoftheday.php','profileblogs.php','bank.php','SuscribeUsers.php','profile albums.php','mystatus.php','userbarplugin.php','afsignatures.php','mytabs.php']
#Short description of loaded plugins
kingchatinfo = "n--------------------n[!]MyBB Kingchat Plugin Multiple VulnerabilitiesnThe MyBB Kingchat plugin contains persistant XSS and SQL injection vulnerabilities.nMore info: http://www.exploit-db.com/exploits/23249/nMore info: http://www.exploit-db.com/exploits/23105/nCheck: /inc/plugins/kingchat.phpn--------------------"
profilewfcinfo = "n--------------------n[!]MyBB Profile Wii Friend Code Multiple VulnerabilitiesnProfile Wii Friend Code MyBB plugin is vulnerable to SQL UPDATE Injection and persistent XSS.nMore info: http://www.exploit-db.com/exploits/23888/nCheck: /inc/plugins/profilewfc.phpn--------------------"
awaylistinfo = "n--------------------n[!]MyBB AwayList Plugin SQL Injection VulnerabilitynThe MyBB AwayList plugin suffers from a SQL Injection vulnerability.nMore info: http://www.exploit-db.com/exploits/23625/nCheck: /inc/plugins/awaylist.phpn--------------------"
hmflagsinfo = "n--------------------n[!]MyBB HM My Country Flags SQL InjectionnHM My Country Flags has a SQL Injection vulnerability.nMore info: http://www.exploit-db.com/exploits/23624/nCheck: /inc/plugins/hmflags.phpn--------------------"
profileskypeinfo = "n--------------------n[!]MyBB Profile Skype ID Plugin Multiple VulnerabilitiesnProfileSkypeID plugin suffers from SQL Injection in UPDATE query and persistent XSS.nMore info: http://www.exploit-db.com/exploits/23425/nMore info: http://zixem.altervista.org/stuff/0days/zixy.txtnCheck: /inc/plugins/profileskype.phpn--------------------"
socialsitesinfo = "n--------------------n[!]MyBB Social Sites Plugin 0.2.2 Cross Site ScriptingnSocial Sites contains a persistent XSS vulnerability.nMore info: http://www.exploit-db.com/exploits/23382/nCheck: /inc/plugins/socialsites.phpn--------------------"
dymy_uainfo = "n--------------------n[!]MyBB DyMy User Agent Plugin SQL Injection VulnerabilitynDyMy User Agent Plugin creats a SQL injection vulnerability in newreply.php.nMore info: http://www.exploit-db.com/exploits/23359/nCheck: /inc/plugins/dymy_ua.phpn--------------------"
profilefacebookinfo = "n--------------------n[!]MyBB Facebook Profile Plugin 2.4 Persistant XSSnThe Facebook Profile Plugin is vulnerable to persistent XSS.nMore info: http://www.exploit-db.com/exploits/23355/nCheck: /inc/plugins/profilefacebook.phpn--------------------"
AJAXChatinfo = "n--------------------n[!]MyBB AJAX Chat Persistent XSS VulnerabilitynMyBB AJAX Chat has a Persistent XSS vulnerability that lies within the chat_frame.php page.nMore info: http://www.exploit-db.com/exploits/23354/nCheck: /inc/plugins/AJAXChat.phpn--------------------"
youtubeinfo = "n--------------------n[!]MyYoutube MyBB Plugin 1.0 SQL InjectionnMyYoutube plugin suffers from POST SQL UPDATE injection.nMore info: http://www.exploit-db.com/exploits/23353/nCheck: /inc/plugins/youtube.phpn--------------------"
tipsofthedayinfo = "n--------------------n[!]TipsOfTheDay MyBB Plugin Multiple VulnerabilitiesnThe tipsoftheday.php file is vulnerable to two common web vulnerabilities.nMore info: http://www.exploit-db.com/exploits/23322/nCheck /inc/plugins/tipsoftheday.phpn--------------------"
profileblogsinfo = "n--------------------n[!]MyBB Profile Blogs Plugin 1.2 Multiple VulnerabilitiesnMyBB Profile Blogs plugin suffers from SQL Injection && Stored XSS.nMore info: http://www.exploit-db.com/exploits/23287/nCheck: /inc/plugins/profileblogs.phpn--------------------"
bankinfo = "n--------------------n[!]MyBB Bank-v3 Plugin SQL InjectionnThe Bank-v3 plugin is vulnerable to POST SQL injection.nMore info: http://www.exploit-db.com/exploits/23284/nCheck: /inc/plugins/bank.phpn--------------------"
SuscribeUsersinfo = "n--------------------n[!]MyBB Follower User Plugin SQL InjectionnA SQL injection vulnerabillity exists within SuscribeUsers.php.nMore info: http://www.exploit-db.com/exploits/22405/nCheck: /inc/plugins/SuscribeUsers.phpn--------------------"
profilealbumsinfo = "n--------------------n[!]MyBB Profile Albums Plugin 0.9 SQL InjectionnA SQL injection vulnerabillity exists within profilealbums.phpnMore info: http://www.exploit-db.com/exploits/22003/Check: /inc/plugins/profilealbums.phpn--------------------"
mystatusinfo = "n--------------------n[!]MyBB MyStatus 3.1 SQL Injection VulnerabilitynMyStatus 3.1 suffers from an SQL injection vulnerability in process-mystatus.phpnMore info: http://www.exploit-db.com/exploits/17972/nCheck: /inc/plugins/mystatus.phpn--------------------"
userbarplugininfo = "n--------------------n[!]MyBB Forum Userbar Plugin (Userbar v2.2) SQL InjectionnA SQL injection vulnerability exists in userbarsettings.phpnMore info: http://www.exploit-db.com/exploits/17962/nCheck: /inc/plugins/userbarplugin.phpn--------------------"
afsignaturesinfo = "n--------------------n[!]MyBB Advanced Forum Signatures SQL InjectionnA POST SQL injection vulnerability exists in signature.phpnMore info: http://www.exploit-db.com/exploits/17961/nCheck: /inc/plugins/afsignatures.phpn--------------------"
mytabsinfo = "n--------------------n[!]MyBB MyTabs Plugin SQL injection vulnerabilitynMyTabs is vulnerable to SQL injection.nMore info: http://www.exploit-db.com/exploits/17595/nCheck: /inc/plugins/mytabs.phpn--------------------"
#Returns the status of host
def get_status_code(host, path):
try:
conn = httplib.HTTPConnection(host)
conn.request("HEAD", path)
return conn.getresponse().status
except StandardError:
return None
#Checks if any vulnerble plugins exsist on the host
def checkplugin(host, plugin):
status = get_status_code(host, "/inc/plugins/" + plugin)
global numofvulns
if status == 200:
if plugin == "kingchat.php":
print kingchatinfo
numofvulns += 1
elif plugin == "profilewfc.php":
print profilewfcinfo
numofvulns += 1
elif plugin == "awaylist.php":
print awaylistinfo
numofvulns += 1
elif plugin == "hmflags.php":
print hmflagsinfo
numofvulns += 1
elif plugin == "profileskype.php":
print profileskypeinfo
numofvulns += 1
elif plugin == "socialsites.php":
print socialsitesinfo
numofvulns += 1
elif plugin == "dymy_ua.php":
print dymy_uainfo
numofvulns += 1
elif plugin == "profilefacebook.php":
print profilefacebookinfo
numofvulns += 1
elif plugin == "AJAXChat.php":
print AJAXChatinfo
numofvulns += 1
elif plugin == "youtube.php":
print youtubeinfo
numofvulns += 1
elif plugin == "tipsoftheday.php":
print tipsofthedayinfo
numofvulns += 1
elif plugin == "profileblogs.php":
print profileblogsindo
numofvulns += 1
elif plugin == "bank.php":
print bankinfo
numofvulns += 1
elif plugin == "SuscribeUsers.php":
print SuscribeUsersinfo
numofvulns += 1
elif plugin == "profilealbums.php":
print profilealbumsinfo
numofvulns += 1
elif plugin == "mystatus.php":
print mystatusinfo
numofvulns += 1
elif plugin == "userbarplugin.php":
print userbarplugininfo
numofvulns += 1
elif plugin == "afsignatures.php":
print afsignaturesinfo
numofvulns += 1
elif plugin == "mytabs.php":
print mytabsinfo
numofvulns += 1
#General info
print "Usage: ./mybbscan.py -u [sitetoscan]"
print "Version 1.0: " + str(len(plugins)) + " vulnerable plugins loaded."
print "n[!]NOTICE: This script only checks for publicly vulnerable plugins in the /inc/plugins folder of mybb. It does not check the version, therefore there WILL be false positives. Do not expect this tool to do everything for you, as it wont.n"
#Check for args and start checking
if len(sys.argv) != 3:
print "[!]No site given; Please run in this format "./mybbscan.py -u [urltoscan]"nExample: ./mybbscan.py -u google.com"
else:
host = sys.argv[2].replace("http://","")
numofvulns = 0
for plugin in plugins:
checkplugin(host, plugin)
if numofvulns == 0:
print "n[!]No vulnerable plugins were found!"
else:
print "n[!] " + str(numofvulns) + "/" + str(len(plugins)) + " vulnerable plugins tested are installed on the host."
