WebApp Sec mailing list archives
[Tool Update Announcement] inspathx - Path Disclosure Finder
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 8 Oct 2010 17:19:46 +0800
UPDATE Check it out at svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx-read-only For those who don't know inspathx https://code.google.com/p/inspathx/ _____________________________ WHAT¶ A tool that uses local source tree to make requests to the url and search for path inclusion error messages. It's ever a common problem in PHP web applications that we're hating to see for ever. We hope this tool triggers no path disclosure flaws any more. See our article about path disclosure. http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt WHY¶ Web application developers sometimes fail to add safe checks against authentications, file inclusion ..etc are prone to reveal possible sensitive information when those applications' URLs are directly requested. Sometimes, it's a clue to File Inclusion vulnerability. For open-source applications, source code can be downloaded and checked to find such information. This script will do this job. 1. First you have to download source archived file of your desired OSS. 2. Second, extract it. 3. Third, feed its path to inspath The inspath takes * -d or --dir argument as source directory (of application) * -u or --url arguement as the target base URL (like http://victim.com) * -t or --threads argument as the number of threads concurrently to run (default is 10) * -l argument as your desired language php,asp,aspx,jsp,all? (default is all) * -x argument as your desired extensions separated with | character (default : php4|php5|php6|php|asp|aspx|jsp|jspx) - make sure to enclose multiple extensions with double quotes - See Examples Read the related text: http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt Similar terms: Full Path Disclosure, Internal Path Leakage SUPPORTED LANGUAGES¶ * PHP * ASP(X) * JSP(X) HOW¶ ruby inspathx.rb -d /sources/phpmyadmin -u http://localhost/phpmyadmin -t 20 ruby inspathx.rb -d c:/sources/phpmyadmin -u http://localhost/phpmyadmin -t 20 ruby inspathx.rb -d c:/sources/dotnetnuke -u http://localhost/dotnetnuke -t 20 -l aspx ruby inspathx.rb -d c:/sources/jspnuke -u http://localhost/jspnuke -t 20 -l jsp -x "jsp|jspx" SAMPLE LOGS¶ Mambo 4.6.5 http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_mambo_.log WordPress 3.0.1 http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_wp_.log REFERENCES¶ http://www.owasp.org/index.php/Full_Path_Disclosure http://projects.webappsec.org/Information-Leakage http://cwe.mitre.org/data/definitions/209.html This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- [Tool Update Announcement] inspathx - Path Disclosure Finder YGN Ethical Hacker Group (Oct 09)