alfredleo / fimap

Automatically exported from code.google.com/p/fimap
0 stars 1 forks source link

error while choosing the attack mode #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]

On which URL this error occures? (Important!)
error while trying to attack in this site

http://www.teltools.com.br/index.php?op=

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn

On what operating system?
ubuntu 

Please provide any additional information below.

Choose vulnerable script: 1
[17:09:24] [INFO] Testing PHP-code injection thru User-Agent...
[17:09:26] [OUT] PHP Injection works! Testing if execution works...
[17:09:26] [INFO] Testing execution thru 'popen[b64]'...
[17:09:56] [WARN] <urlopen error timed out>
[17:09:56] [INFO] Testing execution thru 'passthru[b64]'...
[17:09:58] [INFO] Testing execution thru 'exec[b64]'...
[17:09:59] [OUT] Execution thru 'exec[b64]' works!
####################################################
#:: Available Attacks - PHP and SHELL access ::    #
####################################################
#[1] Spawn fimap shell                             #
#[2] Spawn pentestmonkey's reverse shell           #
#[3] [Test Plugin] Show some info                  #
#[q] Quit                                          #
####################################################
Choose Attack: 1
Please wait - Setting up shell (one request)...
Traceback (most recent call last):
  File "./fimap.py", line 374, in <module>
    list_results()
  File "./fimap.py", line 195, in list_results
    c.start()
  File "/home/wishnu/fimap-read-only/src/codeinjector.py", line 222, in start
    curusr = tmp.split("\n")[1].strip()
IndexError: list index out of range

Original issue reported on code.google.com by wishnusa...@gmail.com on 13 Oct 2010 at 5:20

GoogleCodeExporter commented 9 years ago
HI wishnusakti,

Thank you for this report.
I will check it out.
I am busy currently with implementing Cookie and Header attacking. Scanning 
works already :)
So after this I will fix the bug you have found and push it.

Thanks dude!
-imax.

Original comment by fimap....@gmail.com on 15 Oct 2010 at 9:55

GoogleCodeExporter commented 9 years ago
thanks broo.... wow... cookie and header attacking are that modules will be 
added in fimap module bro imax.... i will learn for manual first if that will 
be in fimap :D... thanks broo....

Original comment by wishnusa...@gmail.com on 16 Oct 2010 at 3:07

GoogleCodeExporter commented 9 years ago
Hi Dude,

It should be fixed in SVN.
I am not sure tho because I am not sure what the problem actually was.
But now there is a test which checks if the result was empty or not befor 
parsing it.

-imax.

Original comment by fimap....@gmail.com on 17 Oct 2010 at 3:47