Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[New Tool Announcement] inspath - Path Disclosure Finder

From: YGN Ethical Hacker Group <lists () yehg net>
Date: Tue, 28 Sep 2010 14:26:20 +0800
WHAT¶

A tool that uses local source tree to make requests to the url and
search for path inclusion error messages. It's ever a common problem
in PHP web applications that we're hating to see for ever. We hope
this tool triggers no path disclosure flaws any more. See our article
about path disclosure.
http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt


WHY¶

PHP Web application developers sometimes fail to add safe checks
against authentications, file inclusion ..etc are prone to reveal
possible sensitive information when those applications' URLs are
directly requested. Sometimes, it's a clue to Local File Inclusion
vulnerability. For open-source applications, source code can be
downloaded and checked to find such information.

This script will do this job.

  1. First you have to download source archived file of your desired OSS.
  2. Second, extract it.
  3. Third, feed its path to inspath

The inspath takes

   * -d or --dir argument as source directory (of application)
   * -u or --url arguement as the target base URL (like http://victim.com)
   * -t or --threads argument as the number of threads concurrently
to run (default is 10)

Read the related text:
http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt

See the sample scan logs of latest mambo and wordpress applications:

http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_mambo_.log
http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_wp_.log


Similar terms: Full Path Dislosure, Internal Path Leakage


HOW¶

ruby inspath.rb -d /sources/phpmyadmin -u http://localhost/phpmyadmin -t 20

ruby inspath.rb -d c:/sources/phpmyadmin -u http://localhost/phpmyadmin -t 20


DOWNLOAD¶

We love svn. Check it out at

svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx-read-only


REFERENCES¶

http://www.owasp.org/index.php/Full_Path_Disclosure

http://projects.webappsec.org/Information-Leakage

http://cwe.mitre.org/data/definitions/209.html



Use portable bash versions if you wish:

http://www.pentesterscripting.com/discovery/web_requester

http://www.pentesterscripting.com/exploitation/bash_web_parameter_fuzzer

---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: