Inspathx/Example2

From aldeid
Jump to navigation Jump to search
You are here:
Example #2: specific code

Description

This section shows the results of Inspathx run against a specific vulnerable code.

Vulnerable code

Given the following vulnerable code: 

<?php
require_once("/home/aldeid/".$_GET["page"]);
?>
...

Inspathx output

Inspathx run against this code produces following output: 

$ ruby inspathx.rb -d /var/www/ -u http://localhost/

=============================================================
Path Discloser (a.k.a inspathx) / Error Hunter
 (c) Aung Khant, aungkhant[at]yehg.net
  YGN Ethical Hacker Group, Myanmar, http://yehg.net/

svn co http://inspathx.googlecode.com/svn/trunk/ inspathx
=============================================================


# target: http://localhost//
# source: /var/www/
# log file: localhost__.log
# follow redirect: false
# null cookie: false
# total threads: 10
# time: 16:19:57 01-29-2011


# waiting for child threads to finish ..

[*] http://localhost//index.php
..


! Username detected = aldeid

# vulnerable url(s) = 1
# total requests = 2
# done at 16:19:59 01-29-2011

Send bugs, suggestions, contributions to inspathx[at]yehg.net

Log file

# Logfile created on Sat Jan 29 16:19:57 +0100 2011 by logger.rb/22285
I, [2011-01-29 16:19:57 pid:#10638]  INFO -- : TargetURL: http://localhost//
I, [2011-01-29 16:19:57 pid:#10638]  INFO -- : Source: /var/www/
I, [2011-01-29 16:19:57 pid:#10638]  INFO -- : Settings: follow redirect: false,null cookie: false, total threads: 10
I, [2011-01-29 16:19:57 pid:#10638]  INFO -- : Date:  16:19:57 01-29-2011


I, [2011-01-29 16:19:57 pid:#10638]  INFO -- : [*] http://localhost//index.php

[html_source]

Notice: Undefined index: page in /var/www/index.php on line 2

Warning: require_once(/home/aldeid/): failed to open stream: No such file or directory in /var/www/index.php on line 2

Fatal error: require_once(): Failed opening required '/home/aldeid/' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/index.php on line 2
[/html_source]


I, [2011-01-29 16:19:59 pid:#10638]  INFO -- : ! Username detected = aldeid
I, [2011-01-29 16:19:59 pid:#10638]  INFO -- : Vulnerable url(s) = 1
I, [2011-01-29 16:19:59 pid:#10638]  INFO -- : Total requests = 2
I, [2011-01-29 16:19:59 pid:#10638]  INFO -- : Generated by inspathx, path disclosure finder tool
I, [2011-01-29 16:19:59 pid:#10638]  INFO -- : by Aung Khant, http://yehg.net/lab


I, [2011-01-29 16:19:59 pid:#10638]  INFO -- :
Send bugs, suggestions, contributions to inspathx[at]yehg.net
Retrieved from "https://www.aldeid.com/w/index.php?title=Inspathx/Example2&oldid=35449"