Bug while single scanning

[GoogleCodeExporter]

URL causing crash = http://boyzinthekitchen.com/index.php?pg=links_page

Fimap Version = v09

OS = Windows XP SP2

[00:11:38] [OUT] [PHP] Identifying Vulnerability 
'http://boyzinthekitchen.com/index.php?pg=links_page' with Parameter 'pg'...
[00:11:39] [INFO] Scriptpath received: '/home/boyzi/public_html'
[00:11:39] [INFO] Operating System is 'Unix-Like'.
[00:11:39] [INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
[00:11:41] [INFO] NULL-Byte Poisoning not possible.
[00:11:41] [INFO] Skipping file '/etc/passwd'.
[00:11:41] [INFO] Skipping file 'c:\boot.ini'.
[00:11:41] [INFO] Skipping file '/proc/self/environ'.
[00:11:41] [INFO] Skipping absolute file 'php://input'.
[00:11:41] [INFO] Skipping log file '/var/log/apache2/access.log'.
[00:11:41] [INFO] Skipping log file '/var/log/apache/access.log'.
[00:11:41] [INFO] Skipping log file '/var/log/httpd/access.log'.
[00:11:41] [INFO] Skipping log file '/var/log/apache2/access_log'.
[00:11:41] [INFO] Skipping log file '/var/log/apache/access_log'.
[00:11:41] [INFO] Skipping log file '/var/log/httpd/access_log'.
[00:11:41] [INFO] Testing remote inclusion dynamicly with FTP...

-------------------------------------------------------

Exception: [Errno 10054] An existing connection was forcibly closed by the remot
e host
Traceback (most recent call last):
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\fimap.py",
line 673, in <module>
    single.scan()
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\singleScan.
py", line 48, in scan
    res = t.testTargetVuln()
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\targetScann
er.py", line 248, in testTargetVuln
    self.analyzeURL(ret, k, v, self.config["p_post"], 0, self.config["header"])
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\targetScann
er.py", line 155, in analyzeURL
    result.append((rep, self.readFiles(rep)))
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\targetScann
er.py", line 783, in readFiles
    up = self.FTPuploadFile(quiz, rep.getSurfix())
  File "C:\Documents and Settings\admin\Desktop\Working Folder\fimap\baseClass.p
y", line 369, in FTPuploadFile
    ftp.quit()
  File "C:\Python27\lib\ftplib.py", line 572, in quit
    resp = self.voidcmd('QUIT')
  File "C:\Python27\lib\ftplib.py", line 249, in voidcmd
    return self.voidresp()
  File "C:\Python27\lib\ftplib.py", line 224, in voidresp
    resp = self.getresp()
  File "C:\Python27\lib\ftplib.py", line 210, in getresp
    resp = self.getmultiline()
  File "C:\Python27\lib\ftplib.py", line 196, in getmultiline
    line = self.getline()
  File "C:\Python27\lib\ftplib.py", line 183, in getline
    line = self.file.readline()
  File "C:\Python27\lib\socket.py", line 447, in readline
    data = self._sock.recv(self._rbufsize)
socket.error: [Errno 10054] An existing connection was forcibly closed by the re
mote host

Original issue reported on code.google.com by tempsto...@gmail.com on 23 Sep 2011 at 12:17

[GoogleCodeExporter]

Hi!

Well this looks like an issue with your FTP server?

Exception: [Errno 10054] An existing connection was forcibly closed by the remot
e host

Can you try the FTP selftest? (--test-rfi)
It will check if the FTP server is acting like fimap needs it.

-imax.

Original comment by fimap....@gmail.com on 10 Oct 2011 at 2:38