WEB2.0 Detective
Search:
Hint: flag is not a frag: once you've got it, you can get one more...
WEB2.0 Detective is a small package of scripts for web application analysis.
It includes:
Currently, there're tests for typical Apache, NginX, Microsoft-IIS, PHP, ASP.NET, Ruby on Rails issues or vulnerabilities. One of the main advantages of this tool is a small number of requests sent to the server.
BTW, system requirements: Python 3.
You can find more information in docs.html in the release.
Last update: 17.12.2012
Example. Suppose you have a php-script:
<?
1
if( rand( 0, 1 ) == 0 ) echo 'ads';
if( $_SERVER[ 'HTTP_X_REQUESTED_WITH' ] == 'XMLHttpRequest' ) echo $_GET[ 'page' ];
echo htmlspecialchars( $_GET[ 'a' ] );
Now launching Software Detector with the revealed args: As you can see, a lot of interesting information has been found.
Now let's search sources of some script.