Re: PenTest Web Forum

[Ralph Forsythe <rforsythe () 5280tech com>]

"Morning Wood" (haha) shows an excellent easy way to find that stuff. 
Under phpBB, those files are in the /docs directory.  This also brings up 
a good point about scanning your install for that type of information; 
with as many holes as packages like phpBB tend to have on a regular basis, 
removing that information may prevent some hack scripts out there from 
even trying on your site.  Use things like creative grep searches on the 
filetree (or even on a Windows box, just extract the archive to a temp dir 
and use the search tool) to determine which files to nuke.

If you're scanning a server you own and can access, you might be better 
off running a SQL query for DB.table -> {$fieldprefix}config['version'] on 
phpBB sites, and probably something similar for other packages.  While 
this isn't a true external "can I see the version" check, it will give you 
the absolute answer as to whether you have vulnerable code running, and 
how bad it is.  There are probably more complex ways of guessing versions 
based on HTML patterns and hidden comments, but the work to assemble that 
type of heuristic would be considerable.

- Ralph

On Tue, 20 Jun 2006, Morning Wood wrote:

> > For instance, something to scan a server from the outside and say that a 
> > forum on a site is running on  phpBB >2.0.21. This would be useful for a 
> > sweep to see if all forum softwares were up to date. I have never seen 
> > >anything that would do this, or any listings of signatures that would 
> > point to what forum type/version was running. >Anyone ever deal with this? 
> > Is this a nube question? (Let the bashings begin!) :)
>
> $find = "CHANGELOG.html";
> if (@get = (`wget -q $url/$prefix/$dir/$find`))

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------