Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Tool Update Announcement] inspathx - Path Disclosure Finder
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 8 Oct 2010 17:19:46 +0800

UPDATE

Check it out at

svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx-read-only


For those who don't know inspathx

https://code.google.com/p/inspathx/

_____________________________

WHAT¶

A tool that uses local source tree to make requests to the url and
search for path inclusion error messages. It's ever a common problem
in PHP web applications that we're hating to see for ever. We hope
this tool triggers no path disclosure flaws any more. See our article
about path disclosure.

http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt



WHY¶

Web application developers sometimes fail to add safe checks against
authentications, file inclusion ..etc are prone to reveal possible
sensitive information when those applications' URLs are directly
requested. Sometimes, it's a clue to File Inclusion vulnerability. For
open-source applications, source code can be downloaded and checked to
find such information.

This script will do this job.

   1. First you have to download source archived file of your desired OSS.
   2. Second, extract it.
   3. Third, feed its path to inspath

The inspath takes

    * -d or --dir argument as source directory (of application)
    * -u or --url arguement as the target base URL (like http://victim.com)
    * -t or --threads argument as the number of threads concurrently
to run (default is 10)
    * -l argument as your desired language php,asp,aspx,jsp,all?
(default is all)
    * -x argument as your desired extensions separated with |
character (default : php4|php5|php6|php|asp|aspx|jsp|jspx) - make sure
to enclose multiple extensions with double quotes - See Examples

Read the related text:
http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt

Similar terms: Full Path Disclosure, Internal Path Leakage



SUPPORTED LANGUAGES¶

    * PHP
    * ASP(X)
    * JSP(X)


HOW¶

ruby inspathx.rb -d /sources/phpmyadmin -u http://localhost/phpmyadmin -t 20

ruby inspathx.rb -d c:/sources/phpmyadmin -u http://localhost/phpmyadmin -t 20

ruby inspathx.rb -d c:/sources/dotnetnuke -u
http://localhost/dotnetnuke -t 20 -l aspx

ruby inspathx.rb -d c:/sources/jspnuke -u http://localhost/jspnuke -t
20 -l jsp -x "jsp|jspx"



SAMPLE LOGS¶

Mambo 4.6.5 http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_mambo_.log

WordPress 3.0.1
http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_wp_.log


REFERENCES¶

http://www.owasp.org/index.php/Full_Path_Disclosure

http://projects.webappsec.org/Information-Leakage

http://cwe.mitre.org/data/definitions/209.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [Tool Update Announcement] inspathx - Path Disclosure Finder YGN Ethical Hacker Group (Oct 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]