Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Hi!
Can you try enabling blindmode?
Just add the "-b" parameter and see if it works.
What I don't like about your log is the HTTP Error 500.
Also enable more logging to see what's going on there. -v 6 for example.
-imax.Original comment by fimap....@gmail.com on 21 Jan 2012 at 8:38
GoogleCodeExporter
commented
9 years ago Hello,
-b did not resolve this issue:
./fimap.py -b -u
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
fimap v.09 (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)
Blind FI-error checking enabled.
SingleScan is testing URL:
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'
[21:18:45] [OUT] Inspecting URL
'http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybro
wser.php?myPath=test'...
[21:18:45] [INFO] Fiddling around with URL...
[21:18:45] [WARN] HTTP Error 500: Internal Server Error
[21:18:45] [INFO] Sniper failed. Going blind...
[21:18:45] [WARN] HTTP Error 500: Internal Server Error
Target URL isn't affected by any file inclusion bug :(
Best regards,
Tomas
Original comment by treh...@gmail.com on 9 Feb 2012 at 9:23
GoogleCodeExporter
commented
9 years ago Hey man,
Sorry for my late response.
I think it has something todo with the error code.
The default behaviour is to cancel any test if there was an error code.
Maybe that was a stupid idea.
However I will take a look whats going wrong there.
Thank you and sorry for my late response,
-imax.Original comment by fimap....@gmail.com on 12 Apr 2012 at 8:33
Original issue reported on code.google.com by
treh...@gmail.comon 13 Jan 2012 at 10:17