search

OWASP / vbscan

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
https://www.owasp.org/index.php/OWASP_VBScan_Project
GNU General Public License v3.0
323 stars 119 forks source link

Module Pathdisclure broken? #14

Closed Impulse-PW closed 7 years ago

Impulse-PW commented 7 years ago

Hello, there appears to be an issue with the pathdisclure module, here's the console output:


[user@domain]$ perl pathdisclur.pl
Can't call method "get" on an undefined value at pathdisclure.pl line 5.

And the output if I try to run via bash:

[user@domain]$ ./pathdisclur.pl
./pathdisclure.pl: line 3: syntax error near unexpected token `('
./pathdisclure.pl: line 3: `@plinks = ("forumdisplay.php?do[]=[test.dll]","calendar.php?do[]=[test.dll]","search.php?do[]=[test.dll]","forumrunner/include/album.php","core/vb5/route/channel.php","core/vb5/route/conversation.php","includes/api/interface/noncollapsed.php","includes/api/interface/collapsed.php","vbseo_sitemap/addons/vbseo_sm_vba.php","vbseo_sitemap/addons/vbseo_sm_vba_links.php");'

I'm on the newest version of Kali Linux, scanning one of my vbulletin sites.

rezasp commented 7 years ago

Hello, you cant run pathdisclure.pl or other modules file directly. You should run vbscan.pl directly (pathdisclure.pl or other modules included in vbscan file)

Impulse-PW commented 7 years ago

Yes yes, that's why I closed it. It was my silly mistake. I saw that vbscan calls it itself lol

I was under the impression that was something I could use to exploit the bug, more research shows the path "/home/whatever/whatever/" is the whole point of the bug, to learn more about where the root directory may be etc...