Inspathx/PoC3
Jump to navigation
Jump to search
| You are here: | Poc #3: HTMLPurifier-4.2.0
|
Description
HTML Purifier is a standards-compliant HTML filter library written in PHP that will remove all malicious code (better known as XSS).
In the time of this writing, the latest version (4.2.0) is vulnerable to path disclosure.
This page is a Proof of Concept (PoC) that shows the logs of Inspathx run against HTML Purifier v4.2.0.
Inspathx output
$ ruby inspathx.rb -d /var/www/htmlpurifier-4.2.0 -u http://localhost/htmlpurifier-4.2.0 ============================================================= Path Discloser (a.k.a inspathx) / Error Hunter (c) Aung Khant, aungkhant[at]yehg.net YGN Ethical Hacker Group, Myanmar, http://yehg.net/ svn co http://inspathx.googlecode.com/svn/trunk/ inspathx ============================================================= # target: http://localhost/htmlpurifier-4.2.0/ # source: /var/www/htmlpurifier-4.2.0/ # log file: localhost_htmlpurifier-4.2.0_.log # follow redirect: false # null cookie: false # total threads: 10 # time: 11:46:56 01-31-2011 [*] http://localhost/htmlpurifier-4.2.0/package.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifierTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/index.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/ScriptingTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/FormsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/NameTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/ImageTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/TidyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/SafeEmbedTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/ObjectTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/ProprietaryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/RubyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ErrorCollectorEMock.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/RemoveForeignElements_TidyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/ValidateAttributes_IDTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/SkipInjectorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/SkipInjector.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/EndInsertInjectorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/EndInsertInjector.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/EndRewindInjectorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed/EndRewindInjector.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/ErrorsHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/ValidateAttributes_TidyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed_InjectorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/RemoveForeignElements_ErrorsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormed_ErrorsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/MakeWellFormedTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/FixNestingTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/CompositeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/CoreTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Strategy/FixNesting_ErrorsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/LanguageFactoryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Harness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URISchemeRegistryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/EncoderTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DoctypeRegistryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Lexer/DirectLexTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Lexer/DirectLex_ErrorsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/VarParser/FlexibleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/VarParser/NativeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/SimpleTest/TextReporter.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/SimpleTest/Reporter.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ErrorsHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/EntityParserTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/ChameleonTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/TableTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/RequiredTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/CustomTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/StrictBlockquoteTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDef/OptionalTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/TagTransformTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/StringHashTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLT.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIParserTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/StringHashParserTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/BoolToCSSTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/BackgroundTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/InputTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/NameSyncTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/BorderTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/NameTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/BgColorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/BdoDirTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/LangTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/LengthTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/ImgRequiredTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/ImgSpaceTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransform/EnumToCSSTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/RemoveSpansWithoutAttributesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/DisplayLinkURITest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/PurifierLinkifyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/LinkifyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/AutoParagraphTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/RemoveEmptyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Injector/SafeObjectTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrCollectionsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigSchema/ValidatorTestCase.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigSchema/ValidatorAtomTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigSchema/InterchangeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigSchema/ValidatorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/IntegerTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/EnumTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/FrameTargetTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/IDTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/PixelsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/MultiLengthTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/ClassTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/ColorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/LengthTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/LinkTypesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/NmtokensTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/HTML/BoolTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URI/EmailHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URI/Email/SimpleCheckTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URI/HostTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URI/IPv4Test.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URI/IPv6Test.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSSTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/URITest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/LangTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/TextTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/SwitchTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/BackgroundPositionTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/ImportantDecoratorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/PercentageTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/BorderTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/NumberTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/URITest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/FontTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/ColorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/FilterTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/LengthTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/MultipleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/TextDecorationTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/CompositeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDef/CSS/AlphaValueTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilterHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModuleManagerTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/PropertyListTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModuleHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLModuleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/LanguageTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URITest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCacheTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/PercentEncoderTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ErrorCollectorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/IDAccumulatorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/VarParserHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ContextTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URISchemeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransformHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/LengthTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/UnitConverterTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ChildDefHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCacheFactoryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/EntityLookupTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIDefinitionTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/LexerTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCacheHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDefHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTypesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ConfigSchemaTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/HTMLDefinitionTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCache/Decorator/MemoryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCache/Decorator/CleanupTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCache/SerializerTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCache/DecoratorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionCache/DecoratorHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ComplexHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrDefTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/DefinitionTestable.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/InjectorHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/DisableExternalTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/MungeTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/DisableResourcesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/DisableExternalResourcesTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/URIFilter/HostBlacklistTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/StrategyHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/GeneratorTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrTransformTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/TokenTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/ElementDefTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/AttrValidator_ErrorsTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/HTMLPurifier/TokenFactoryTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/FSTools/FileSystemHarness.php [*] http://localhost/htmlpurifier-4.2.0/tests/FSTools/FileTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/PHPT/Controller/SimpleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/PHPT/Reporter/SimpleTest.php [*] http://localhost/htmlpurifier-4.2.0/tests/multitest.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/preserveYouTube.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/configForm.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/printDefinition.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/xssAttacks.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/attrTransform.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/dataScheme.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/cacheConfig.php [*] http://localhost/htmlpurifier-4.2.0/smoketests/variableWidthAttack.php [*] http://localhost/htmlpurifier-4.2.0/benchmarks/ConfigSchema.php [*] http://localhost/htmlpurifier-4.2.0/benchmarks/Lexer.php [*] http://localhost/htmlpurifier-4.2.0/benchmarks/Trace.php [*] http://localhost/htmlpurifier-4.2.0/maintenance/generate-ph5p-patch.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/SafeObject.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Legacy.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/StyleAttribute.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/List.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Text.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Ruby.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Scripting.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Image.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Target.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Proprietary.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tables.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Presentation.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/Strict.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/Proprietary.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/Transitional.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/XHTML.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Tidy/Name.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/SafeEmbed.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Bdo.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/XMLCommonAttributes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Hypertext.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Edit.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/CommonAttributes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Forms.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Object.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/Name.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/Tag.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/Text.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/End.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/Start.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/Comment.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Token/Empty.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/RemoveForeignElements.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/ValidateAttributes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/Composite.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/MakeWellFormed.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/FixNesting.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Strategy/Core.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Lexer/DOMLex.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Lexer/PH5P.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Lexer/DirectLex.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Lexer/PEARSax3.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/VarParser/Flexible.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/VarParser/Native.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/StrictBlockquote.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Table.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Custom.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Chameleon.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Optional.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Empty.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ChildDef/Required.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/file.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/data.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/http.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/news.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/nntp.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/mailto.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/ftp.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIScheme/https.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Lang.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/SafeObject.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Length.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Input.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Textarea.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/SafeEmbed.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/ImgSpace.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/ImgRequired.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/EnumToCSS.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/NameSync.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/BdoDir.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/ScriptRequired.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/BoolToCSS.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/BgColor.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Background.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/SafeParam.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Border.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrTransform/Name.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/SafeObject.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/Linkify.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/DisplayLinkURI.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/AutoParagraph.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/RemoveEmpty.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Injector/PurifierLinkify.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/ConfigSchema/Exception.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/Lang.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/Text.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Bool.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Length.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/LinkTypes.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Nmtokens.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/ID.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/MultiLength.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Class.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/FrameTarget.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Pixels.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/HTML/Color.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI/Email.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI/IPv4.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI/IPv6.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI/Host.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/Enum.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/Integer.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/URI.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Filter.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Length.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Font.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Composite.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Percentage.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Multiple.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/FontFamily.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/ListStyle.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Background.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/TextDecoration.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/AlphaValue.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Border.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Color.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/Number.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/URI.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Filter/ExtractStyleBlocks.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Filter/YouTube.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/TagTransform/Font.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/TagTransform/Simple.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Language/classes/en-x-test.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/DefinitionCache/Serializer.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/DefinitionCache/Decorator.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/DefinitionCache/Decorator/Memory.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/DefinitionCache/Null.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/Munge.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/DisableExternal.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/DisableResources.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/MakeAbsolute.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/HostBlacklist.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIFilter/DisableExternalResources.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/HTMLDefinition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/CSSDefinition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Printer/ConfigForm.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Printer/HTMLDefinition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/Printer/CSSDefinition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/URIDefinition.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier/VarParserException.php [*] http://localhost/htmlpurifier-4.2.0/library/HTMLPurifier.autoload.php [*] http://localhost/htmlpurifier-4.2.0/extras/HTMLPurifierExtras.autoload.php [*] http://localhost/htmlpurifier-4.2.0/configdoc/generate.php [*] http://localhost/htmlpurifier-4.2.0/docs/examples/basic.php # waiting for child threads to finish .. # vulnerable url(s) = 346 # total requests = 460 # done at 11:47:01 01-31-2011 Send bugs, suggestions, contributions to inspathx[at]yehg.net
Log file
Here is the complete log file: http://dl.dropbox.com/u/10761700/localhost_htmlpurifier-4.2.0_.log.tar.gz