Skip to main content

Book Search (Port 80)

It seems like there is a portal to search for books through their title or the author's name

Book search portal

Attempts (SQL injection)

The 2 fields do not seem to be vulnerable to SQL injection. While we play around with the site, let's perform a dirbusting on the site using FFUF.

FFUF on main site


/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/

v1.3.0
________________________________________________

:: Method : GET
:: URL : http://10.10.10.228/FUZZ
:: Wordlist : FUZZ: /usr/local/scripts/SecLists-master/Discovery/Web-Content/raft-small-words.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405
________________________________________________

js [Status: 301, Size: 333, Words: 22, Lines: 10]
.html [Status: 403, Size: 301, Words: 22, Lines: 10]
.htm [Status: 403, Size: 301, Words: 22, Lines: 10]
includes [Status: 301, Size: 339, Words: 22, Lines: 10]
css [Status: 301, Size: 334, Words: 22, Lines: 10]
db [Status: 301, Size: 333, Words: 22, Lines: 10]
php [Status: 301, Size: 334, Words: 22, Lines: 10]
webalizer [Status: 403, Size: 301, Words: 22, Lines: 10]
. [Status: 200, Size: 2368, Words: 447, Lines: 46]
portal [Status: 301, Size: 337, Words: 22, Lines: 10]
phpmyadmin [Status: 403, Size: 301, Words: 22, Lines: 10]
CSS [Status: 301, Size: 334, Words: 22, Lines: 10]
.htaccess [Status: 403, Size: 301, Words: 22, Lines: 10]
books [Status: 301, Size: 336, Words: 22, Lines: 10]
Includes [Status: 301, Size: 339, Words: 22, Lines: 10]
JS [Status: 301, Size: 333, Words: 22, Lines: 10]
Css [Status: 301, Size: 334, Words: 22, Lines: 10]
Js [Status: 301, Size: 333, Words: 22, Lines: 10]
.htc [Status: 403, Size: 301, Words: 22, Lines: 10]
DB [Status: 301, Size: 333, Words: 22, Lines: 10]
PHP [Status: 301, Size: 334, Words: 22, Lines: 10]
Portal [Status: 301, Size: 337, Words: 22, Lines: 10]
.html_var_DE [Status: 403, Size: 301, Words: 22, Lines: 10]
licenses [Status: 403, Size: 420, Words: 37, Lines: 12]
server-status [Status: 403, Size: 420, Words: 37, Lines: 12]
Books [Status: 301, Size: 336, Words: 22, Lines: 10]
.htpasswd [Status: 403, Size: 301, Words: 22, Lines: 10]
con [Status: 403, Size: 301, Words: 22, Lines: 10]
.html. [Status: 403, Size: 301, Words: 22, Lines: 10]
.html.html [Status: 403, Size: 301, Words: 22, Lines: 10]
.htpasswds [Status: 403, Size: 301, Words: 22, Lines: 10]
INCLUDES [Status: 301, Size: 339, Words: 22, Lines: 10]
.htm. [Status: 403, Size: 301, Words: 22, Lines: 10]
.htmll [Status: 403, Size: 301, Words: 22, Lines: 10]
.html.old [Status: 403, Size: 301, Words: 22, Lines: 10]
.ht [Status: 403, Size: 301, Words: 22, Lines: 10]
.html.bak [Status: 403, Size: 301, Words: 22, Lines: 10]
.htm.htm [Status: 403, Size: 301, Words: 22, Lines: 10]
aux [Status: 403, Size: 301, Words: 22, Lines: 10]
.html1 [Status: 403, Size: 301, Words: 22, Lines: 10]
.htgroup [Status: 403, Size: 301, Words: 22, Lines: 10]
.hta [Status: 403, Size: 301, Words: 22, Lines: 10]
.html.LCK [Status: 403, Size: 301, Words: 22, Lines: 10]
.html.printable [Status: 403, Size: 301, Words: 22, Lines: 10]
prn [Status: 403, Size: 301, Words: 22, Lines: 10]
.htm.LCK [Status: 403, Size: 301, Words: 22, Lines: 10]
PORTAL [Status: 301, Size: 337, Words: 22, Lines: 10]
Php [Status: 301, Size: 334, Words: 22, Lines: 10]
.html.php [Status: 403, Size: 301, Words: 22, Lines: 10]
.htaccess.bak [Status: 403, Size: 301, Words: 22, Lines: 10]
.htmls [Status: 403, Size: 301, Words: 22, Lines: 10]
.htx [Status: 403, Size: 301, Words: 22, Lines: 10]
server-info [Status: 403, Size: 420, Words: 37, Lines: 12]
.htlm [Status: 403, Size: 301, Words: 22, Lines: 10]
.htm2 [Status: 403, Size: 301, Words: 22, Lines: 10]
.htuser [Status: 403, Size: 301, Words: 22, Lines: 10]
.html- [Status: 403, Size: 301, Words: 22, Lines: 10]
Db

Results

It seems like the website is running PHP and we are able to view the contents of the various directories.

The portal endpoint also seems to be rather interesting.