akiraaisha / fimap

Automatically exported from code.google.com/p/fimap
1 stars 0 forks source link

crash during pwb test #65

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

On which URL this error occures? (Important!)
./fimap.py -u 
'http://192.168.15.208/internal/advanced_comment_system/index.php' -d 1 -v 3 -P 
'ACS_newCommentAntiSpamCodeVerification=fYMJ&ACS_newCommentMessageMaxLength=5000
&ACS_newCommentNameMaxLength=255&ACS_newCommentAntiSpamCodeEnabled=1&ACS_newComm
entSliderEnabled=1&ACS_newCommentSlider=0&ACS_newCommentNameMinLength=3&ACS_path
=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%
2Fpasswd%00&ACS_newCommentName=John&ACS_newCommentMessage=Hello%20World&ACS_newC
ommentAntiSpamCode=Hello%20World&ACS_newCommentTextCounterEnabled=1&ACS_newComme
ntMessageMinLength=3' -s -b

Which version of fimap you are using? (You can see that in the very first
line)
v.09 and 0.08.1

On what operating system?
backtrack 5 linux

Please provide any additional information below.

Original issue reported on code.google.com by mkocb...@esupport-uk.com on 10 Dec 2011 at 12:36

GoogleCodeExporter commented 9 years ago
Hi!

Can you give me the actual stacktrace?
So I can see what's going wrong?

Also don't give fimap the "..%2f..%2f..%2f" stuff
Just give it something easy like "a".
So try to change "ACS_path=..%2f..%2f..%2f" to "ACS_path=a"
I am not sure if this is the problem (shouldn't be) but since there is no 
stacktrace
I can only guess :)

Thanks!

-imax

Original comment by fimap....@gmail.com on 16 Dec 2011 at 1:55

GoogleCodeExporter commented 9 years ago
I tried changing acs_path=a but still no luck.

Got it to work using this.

./fimap.py -u 
'http://192.168.15.208/internal/advanced_comment_system/index.php?ACS_path' -v 
3 -P 
'ACS_newCommentAntiSpamCodeVerification=fYMJ&ACS_newCommentMessageMaxLength=5000
&ACS_newCommentNameMaxLength=255&ACS_newCommentAntiSpamCodeEnabled=1&ACS_newComm
entSliderEnabled=1&ACS_newCommentSlider=0&ACS_newCommentNameMinLength=3&ACS_path
=fff&ACS_newCommentName=John&ACS_newCommentMessage=Hello&ACS_newCommentAntiSpamC
ode=Hello&ACS_newCommentTextCounterEnabled=1&ACS_newCommentMessageMinLength=3' 
-s -b --force-run -x

As you can see I moved the exploitable parameter to the url.
Is this how fimap works?

Original comment by mkocb...@esupport-uk.com on 16 Dec 2011 at 10:34

GoogleCodeExporter commented 9 years ago
Hi!

No usually the way to did it in first place should work well.
I am really not sure why it didn't worked.
I will take a look at the post scan engine to verify that it works like 
expected.

But you shouldn't have to attach the Post param you are trying to scan to the 
URL.
If it works this way it's a glitch and I will take care of that :)

Also please don't use the "--force-run" parameter unless you are aware of the 
risk it comes with :)

Thanks!
imax.

Original comment by fimap....@gmail.com on 16 Dec 2011 at 7:08