Home
Consulting
Advisories
Software
Articles
Contact

PHP Vulnerability Hunter Guide

Overview | Screenshots | Guide | Download | Change Log

Sections

  1. Before You Start
  2. Installing The Web Server
  3. Installing The Application
  4. Running A Scan
  5. Analyzing Results

1. Before You Start

This guide focuses on scanning PHP web applications hosted using XAMPP in a Windows environment. While it is possible to scan applications hosted with a web server running on a different operating system, PHP Vulnerability Hunter itself can only be run using windows, and it must have write access to the PHP files it is scanning.

For PHP Vulnerability Hunter to properly run .NET Framework 3.5 SP1 or higher must be installed.

2. Installing The Web Server

For this scan we will use XAMPP 1.7.3. At the time of this writing the most recent version of XAMPP is 1.7.4. However, by using a release that contains an older version of PHP we can detect vulnerabilities that would not be exploitable in more recent versions, notably those that involve null byte injection.

Download:
http://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.7.3/
 
Installation directions:
http://www.apachefriends.org/en/xampp-windows.html#522

After following the directions to install and configure XAMPP we have a local web server to test against. The author of this tutorial installed XAMPP to c:\tools, resulting in an htdocs folder located at c:\tools\xampp\htdocs.

Now we’re ready to install a less-than-secure web application, appropriately named Insecure.

3. Installing The Application

Our target application, Insecure, can be installed by extracting the archive into the htdocs folder. 

To ensure everything is properly configured navigate to http://localhost/insecure in a browser. If an error is displayed ensure that the web server is properly configured and that the application has been extracted to the htdocs directory.

Now that we have our hole ridden application running it is time to scan it using PHP Vulnerabilitiy Hunter.

4. Running A Scan

First, start the PHP Vulnerability Hunter Launcher by running PHPVH-GUI.exe. Upon doing so you will be greeted by a screen containing several options. Assuming the target web server is running locally the first setting, server, should be fine with its default setting, localhost.

Next, configure the webroot. The author of this guide is using XAMPP installed at C:\tools, so the value for this setting is c:\tools\XAMPP\htdocs.

Finally, the application needs to be configured. Uncheck "Scan all apps in webroot" or "Scan entire webroot" (depending on the PHP Vulnerability Hunter version), located under options, and enter “insecure” in the Apps text box. The rest of the settings should be fine by default. Click the start button and, if prompted, grant the application administrative privileges. PHP Vulnerability Hunter will then use dynamic analysis to map the application and attempt to launch attacks using the discovered input vectors.

5. Analyzing Results

When the scan is completed if any vulnerabilities are detected a report is created. If the "Open vulnerabity report viewer" option is enabld the report is automatically opened in the GUI viewer. Alternatively, the text file version of the report can be opened in nearly any document viewer.




Copyright © 2018 AutoSec Tools LLC