RamadhanAmizudin / fimap

Automatically exported from code.google.com/p/fimap
1 stars 1 forks source link

Wordpress plugin LFI not discovered #66

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I'm trying out your tool fimap and I'm trying it against a vulnerable Wordpress 
plugin on the OWASP Broken Web Apps virtual machine:
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

The plugin can be exploited with
http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybrow
ser.php?myPath=/etc/passwd%00

However, fimap does not discover this:
root@bt:~/fimap_alpha_v09# ./fimap.py -u 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
fimap v.09 (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

SingleScan is testing URL: 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
[19:36:02] [OUT] Inspecting URL 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'...
[19:36:02] [INFO] Fiddling around with URL...
[19:36:02] [WARN] HTTP Error 500: Internal Server Error
Target URL isn't affected by any file inclusion bug :(

Running fimap on Backtrack 5.

Original issue reported on code.google.com by treh...@gmail.com on 13 Jan 2012 at 10:17

GoogleCodeExporter commented 9 years ago
Hi!

Can you try enabling blindmode?
Just add the "-b" parameter and see if it works.

What I don't like about your log is the HTTP Error 500.
Also enable  more logging to see what's going on there. -v 6 for example.

-imax.

Original comment by fimap....@gmail.com on 21 Jan 2012 at 8:38

GoogleCodeExporter commented 9 years ago
Hello,

-b did not resolve this issue:

./fimap.py -b -u 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
fimap v.09 (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

Blind FI-error checking enabled.
SingleScan is testing URL: 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
[21:18:45] [OUT] Inspecting URL 
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'...
[21:18:45] [INFO] Fiddling around with URL...
[21:18:45] [WARN] HTTP Error 500: Internal Server Error
[21:18:45] [INFO] Sniper failed. Going blind...
[21:18:45] [WARN] HTTP Error 500: Internal Server Error
Target URL isn't affected by any file inclusion bug :(

Best regards,
Tomas

Original comment by treh...@gmail.com on 9 Feb 2012 at 9:23

GoogleCodeExporter commented 9 years ago
Hey man,

Sorry for my late response.
I think it has something todo with the error code.
The default behaviour is to cancel any test if there was an error code.
Maybe that was a stupid idea.

However I will take a look whats going wrong there.

Thank you and sorry for my late response,
-imax.

Original comment by fimap....@gmail.com on 12 Apr 2012 at 8:33