name mode size
test 040000
Hello`touch pwnpwn`.txt 100644 35B
README.md 100644 1.43kB
description 100644 30B
foo 100644
test1.<img src=x onerror=alert(7)> 100644 5B
test1.txt 100644 38B
test2.<img src=x onerror=alert(7)> 100644 5B
test3.<img src=x onerror=alert(7)> 100644 5B
xxx"><img src=x onerror=alert(5)> 100644 4B
README.md
# freewvs A local web vulnerability scanner. freewvs is a tool to search webroots for know vulnerable versions of web applications. ## faq ### What does freewvs do? It scans your webroot for known vulnerable versions of popular web applications. ### What does the output tell me? Output looks like this: ``` Joomla-3 3.9.11 (3.9.13) CVE-2019-18674 /home/joe/websites/joessite/ ``` This says that in /home/joe/websites/joessite/, there's a Joomla installation of version 3.9.11. This version is vulnerable to CVE-2019-18674 and you should update to version 3.9.13. CVE is an ID system for vulnerability management, you can lookup them up [here](https://cve.mitre.org/). ### CVE-2019-XXXX seems to be very minor, at least it doesn't affect me. Am I safe? No, as freewvs only checks for the latest vulnerabilities. There may be other vulnerabilities in your version not listed by freewvs. The only way to be sure is to check the upstream changelog (at least if you trust them that they mention all security related fixes in the changelog). #### There is no version inside the brackets, what does that mean? It means your web application hasn't released a security update. It probably means you should look out for another application with better security management. ## misc freewvs was developed by [schokokeks.org hosting](https://schokokeks.org/). It's licensed as CC0. https://source.schokokeks.org/freewvs/