Path traversal ideas
I think we have to do some changes on this module still, so ill mark a few points:
- try to include files and look for error messages (since no file_inclusion module exist ..we gotta do it here, this valuable info could lead to shell on PHP / abusing tempfiles and phpinfo() , see http://insecurety.net/?p=687 )
- as we try to cover more ground, more and more requests are sent, thus some users might get boring because scan is taking too long or even worse, kill the server, add depth level control, like one default level that will look for error messages from included files, if no error message is found then only send a few path traversal requests (yes i know this can't cover all but speed come with a price) but if an error message is found from included files, then send 99% or even all payload because then we will have a much higher change to get some results. and one more level that will send all payloads no matter if error is found or not, so the users who desire to do a long comprehensive scan do it.
-maybe would also worth detecting if PHP allow_url_fopen is enabled and PHP allow_url_include
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 15 Aug, 2013 04:12 PM
I agree with the first point but I'm not sure that the last two are worth having because:
path_traversal
one.file_inclusion
andpath_traversal
aren't the same thing and one shouldn't affect another. If a user is satisfied with just having error messages be enough, he can only enablefile_inclusion
and notpath_traversal
.Support Staff 2 Posted by Tasos Laskos on 15 Aug, 2013 04:17 PM
Btw, the last one about detecting
allow_url_fopen
orallow_url_include
will be facilitated by the storage of the errors from the error-basedfile_inclusion
module so no need for any extra there.3 Posted by user021 on 15 Aug, 2013 04:22 PM
So i guess afterall, you decided to add the new module 'file_inclusion', that's good news.
Support Staff 4 Posted by Tasos Laskos on 15 Aug, 2013 04:24 PM
I said I'd do it a few weeks ago, just didn't get around to it yet. Will try to add it in the next few days.
Tasos Laskos closed this discussion on 15 Aug, 2013 04:24 PM.
Tasos Laskos re-opened this discussion on 15 Aug, 2013 04:28 PM
Support Staff 5 Posted by Tasos Laskos on 15 Aug, 2013 04:28 PM
GH issue here: https://github.com/Arachni/arachni/issues/380
Tasos Laskos closed this discussion on 15 Aug, 2013 04:31 PM.