WHAT¶

A tool that uses local source tree to make requests to the url and search for path inclusion error messages. It's a common problem in PHP web applications that we've been hating to see. We hope this tool triggers no path disclosure flaws any more. See our article about path disclosure.

[yehg.net] Download path disclosure vulnerability.txt

Report bugs/suggestions to inspathx at yehg dot net.


WHY¶

Web application developers sometimes fail to add safe checks against authentications, file inclusion ..etc are prone to reveal possible sensitive information when those applications' URLs are directly requested. Sometimes, it's a clue to Local File Inclusion vulnerability. For open-source applications, source code can be downloaded and checked to find such information.

This script will do this job.

1. First you have to download source archived file of your desired OSS.
2. Second, extract it.
3. Third, feed its path to inspath

The inspath takes

* -d or --dir argument as source directory (of application)
* -u or --url arguement as the target base URL (like Com.org - Only the best links ...)
* -t or --threads argument as the number of threads concurrently to run (default is 10)
* -l argument as your desired language php,asp,aspx,jsp,all (default is all)
* -x argument as your desired extensions separated by comma(s) (default : php4,php5,php6,php,asp,aspx,jsp,jspx)

Read the related text: [yehg.net] Download path disclosure vulnerability.txt

See the sample logs in sample_logs folder - scan logs of latest mambo and wordpress applications

Similar terms: Full Path Disclosure, Internal Path Leakage


SUPPORTED LANGUAGES¶

* PHP
* ASP(X)
* JSP(X)


HOW¶

ruby inspathx.rb -d /sources/phpmyadmin -u http://localhost/phpmyadmin -t 20

ruby inspathx.rb -d c:/sources/phpmyadmin -u http://localhost/phpmyadmin -t 20

ruby inspathx.rb -d c:/sources/dotnetnuke -u http://localhost/dotnetnuke -t 20 -l aspx

ruby inspathx.rb -d c:/sources/jspnuke -u http://localhost/jspnuke -t 20 -l jsp -x jsp,jspx


DOWNLOAD/UPDATE¶

We love svn. Check it out at

svn checkout inspathx - Revision 19: /trunk inspathx-read-only
SAMPLE LOGS¶

Mambo 4.6.5 - Administration [Mambo]

WordPress 3.0.1 http://inspathx.googlecode.com/svn/t...alhost_wp_.log


REFERENCES¶

Full Path Disclosure - OWASP

http://projects.webappsec.org/Information-Leakage

CWE - CWE-209: Information Exposure Through an Error Message (1.10)