Inspathx/Example4

From aldeid
Jump to navigation Jump to search
You are here:
Example #4: DVWA

Description

This section shows the results of Inspathx run against Damn Vulnerable Web Application, aka DAWN.

Inspathx output

Inspathx has detected 4 vulnerable entry points:

$ ruby inspathx.rb -d /usr/local/www/dvwa/ -u http://localhost/dvwa

=============================================================
Path Discloser (a.k.a inspathx) / Error Hunter
 (c) Aung Khant, aungkhant[at]yehg.net
  YGN Ethical Hacker Group, Myanmar, http://yehg.net/

svn co http://inspathx.googlecode.com/svn/trunk/ inspathx
=============================================================


# target: http://localhost/dvwa/
# source: /usr/local/www/dvwa/
# log file: localhost_dvwa_.log
# follow redirect: false
# null cookie: false
# total threads: 10
# time: 23:19:41 01-30-2011


[*] http://localhost/dvwa/dvwa/includes/DBMS/DBMS.php

[*] http://localhost/dvwa/vulnerabilities/fi/source/low.php

[*] http://localhost/dvwa/vulnerabilities/fi/source/medium.php

[*] http://localhost/dvwa/vulnerabilities/fi/source/high.php

# waiting for child threads to finish ..




# vulnerable url(s) = 4
# total requests = 310
# done at 23:19:45 01-30-2011

Send bugs, suggestions, contributions to inspathx[at]yehg.net

Log file

# Logfile created on Sun Jan 30 23:19:41 +0100 2011 by logger.rb/22285
I, [2011-01-30 23:19:41 pid:#25488]  INFO -- : TargetURL: http://localhost/dvwa/
I, [2011-01-30 23:19:41 pid:#25488]  INFO -- : Source: /usr/local/www/dvwa/
I, [2011-01-30 23:19:41 pid:#25488]  INFO -- : Settings: follow redirect: false,null cookie: false, total threads: 10
I, [2011-01-30 23:19:41 pid:#25488]  INFO -- : Date:  23:19:41 01-30-2011


I, [2011-01-30 23:19:41 pid:#25488]  INFO -- : [*] http://localhost/dvwa/dvwa/includes/DBMS/DBMS.php

[html_source]

Notice: Undefined variable: DBMS in /usr/local/www/dvwa/dvwa/includes/DBMS/DBMS.php on line 11

Notice: Undefined variable: DBMS in /usr/local/www/dvwa/dvwa/includes/DBMS/DBMS.php on line 35

Notice: Use of undefined constant DVWA_WEB_PAGE_TO_ROOT - assumed 'DVWA_WEB_PAGE_TO_ROOT' in /usr/local/www/dvwa/dvwa/includes/DBMS/DBMS.php on line 66

Notice: Use of undefined constant DVWA_WEB_PAGE_TO_ROOT - assumed 'DVWA_WEB_PAGE_TO_ROOT' in /usr/local/www/dvwa/dvwa/includes/DBMS/DBMS.php on line 68
[/html_source]


I, [2011-01-30 23:19:42 pid:#25488]  INFO -- : [*] http://localhost/dvwa/vulnerabilities/fi/source/low.php

[html_source]

Notice: Undefined index: page in /usr/local/www/dvwa/vulnerabilities/fi/source/low.php on line 3
[/html_source]


I, [2011-01-30 23:19:42 pid:#25488]  INFO -- : [*] http://localhost/dvwa/vulnerabilities/fi/source/medium.php

[html_source]

Notice: Undefined index: page in /usr/local/www/dvwa/vulnerabilities/fi/source/medium.php on line 3
[/html_source]


I, [2011-01-30 23:19:42 pid:#25488]  INFO -- : [*] http://localhost/dvwa/vulnerabilities/fi/source/high.php

[html_source]

Notice: Undefined index: page in /usr/local/www/dvwa/vulnerabilities/fi/source/high.php on line 3
ERROR: File not found![/html_source]


I, [2011-01-30 23:19:45 pid:#25488]  INFO -- : Vulnerable url(s) = 4
I, [2011-01-30 23:19:45 pid:#25488]  INFO -- : Total requests = 310
I, [2011-01-30 23:19:45 pid:#25488]  INFO -- : Generated by inspathx, path disclosure finder tool
I, [2011-01-30 23:19:45 pid:#25488]  INFO -- : by Aung Khant, http://yehg.net/lab


I, [2011-01-30 23:19:45 pid:#25488]  INFO -- : 
Send bugs, suggestions, contributions to inspathx[at]yehg.net