search

alfredleo / fimap

Automatically exported from code.google.com/p/fimap
0 stars 1 forks source link

First bug report? What what! #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Exploit a site in which the webroot is on a windoze based share
'//Server/webroot'
2.
3.

What is the expected output? What do you see instead?
In this early beta it should error and say 'Windows sucks'

What version of the product are you using? On what operating system?
SVN copy. 

Please provide any additional information below.
[INFO] Scriptpath received: ''
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
[INFO] NULL-Byte Poisoning successfull!
[INFO] Testing file '/etc/passwd'...
Traceback (most recent call last):
  File "./fimap.py", line 206, in <module>
    single.scan()
  File "/pentesttoolset/fimap/src/singleScan.py", line 51, in scan
    res = t.testTargetVuln()
  File "/pentesttoolset/fimap/src/targetScanner.py", line 81, in testTargetVuln
    ret.append((rep, self.readFiles(rep)))
  File "/pentesttoolset/fimap/src/targetScanner.py", line 195, in readFiles
    if (self.readFile(rep, f, p)):
  File "/pentesttoolset/fimap/src/targetScanner.py", line 281, in readFile
    if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
IndexError: string index out of range

Warning: include(includes/ccccc.php) [function.include]: failed to open
stream: No such file or directory in
\\nas24ent\domains\b\*censored*\user\htdocs\index.php on line 27

Original issue reported on code.google.com by ja...@ev6.net on 14 Sep 2009 at 4:40

GoogleCodeExporter commented 9 years ago 
Hi jamie,

Thats true. Windows Share pathes starting with "\\" are not identified as 
windows
path currently. My fault...
I will fix it later today.

Thank you very much for this information!
-imax.

Original comment by fimap....@gmail.com on 14 Sep 2009 at 8:52

GoogleCodeExporter commented 9 years ago 
Expect more bug reports:)

Original comment by ja...@ev6.net on 14 Sep 2009 at 8:56

GoogleCodeExporter commented 9 years ago 
I have fixed this bug in SVN version now.
But I can't test it right now. 
Please let me know if the bug is still in.

Thank you very much. 
-imax

Original comment by fimap....@gmail.com on 15 Sep 2009 at 8:05