mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
1.2 KiB
1.2 KiB
Grafana
Introduction
What would you do if you came across a website that uses Joomla ?
How to Detect
Try to HTTP request to https://example.com/
and if you see the source code, you will see something like this <meta name="generator" content="Joomla! - Open Source Content Management" />
- Find the related CVE by checking the core, plugins, and theme version
- How to find the joomla version
https://target.com/administrator/manifests/files/joomla.xml
- How to find the joomla plugin version
https://target.com/administrator/components/com_NAMEPLUGIN/NAMEPLUGIN.xml
for example
https://target.com/administrator/components/com_contact/contact.xml
or change NAMEPLUGIN.xml to
changelog.txt
orreadme.md
orreadme.txt
- How to find the theme version
https://target.com/wp-content/themes/THEMENAME/style.css
https://target.com/wp-content/themes/THEMENAME/readme.txt (If they have readme file)
If you found outdated core / plugins, find the exploit at https://exploit-db.com
- Joomla! Config Dist File
https://example.com/configuration.php-dist
- Database File List
https://example.com/libraries/joomla/database/