What plugins is that website running?

While having a look at nikito yesterday I stumbled accross cms-explorer. It’s an interesting little program that checks the themes/modules/plugins installed in common CMS systems (Drupal, WordPress, Joomla! and Mambo), with automatic exploration for Drupal and WordPress. It also has some nice bonus features like providing a list of known issues for plugins found by accessing the OSVDB.org database.

Example output:

Running it against my own webspace revealed a possible SQL injection I was unaware of. *) Fixed that, will probably replace that plugin completely this week, anything that has stuff so obviously bad in it is generally not all too sane.

*) I normally look at plugins before I install them, must have missed this one. @ PHP programmers: anyone who passes on the content of a $_REQUEST directly to a SQL query without any sanity checking deserves to be flogged with his own code.

Posted in Internet Stuff, Security and tagged , , , , .