search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

Found a BUG #20

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

On which URL this error occures? (Important!)

Which version of fimap you are using? (You can see that in the very first
line)
Lates beta on this site

On what operating system?
UBUNTU

Please provide any additional information below.

[OUT] Possible file inclusion found! -> 'http://afirec.com/site.php?
page=f0THyrB   v' with Parameter 'page'.
[OUT] Identifing Vulnerability 'http://afirec.com/site.php?page=liens' 
with Para   m 'page'...

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap   .googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
  File "./fimap.py", line 258, in ?
    g.startGoogleScan()
  File "/tmp/fimap_alpha_v06.1/googleScan.py", line 76, in startGoogleScan
    single.scan()
  File "/tmp/fimap_alpha_v06.1/singleScan.py", line 51, in scan
    res = t.testTargetVuln()
  File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 83, in 
testTargetVuln
    rep = self.identifyVuln(self.Target_URL, self.params, k)
  File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 184, in identifyVuln
    pre = posixpath.join(r.getServerPath(), pre)
  File "/usr/lib/python2.4/posixpath.py", line 62, in join
    elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'

Original issue reported on code.google.com by spe...@gmail.com on 17 Dec 2009 at 5:41

GoogleCodeExporter commented 9 years ago 
Hi speakz,

I can reproduce that -> Will be fixed tonight.

Thank you!
-imax.

Original comment by fimap....@gmail.com on 17 Dec 2009 at 4:15

GoogleCodeExporter commented 9 years ago 
 i found another one jejeje, when you fixed tell me what should i do if i need to 
download fimap again

***********************
[OUT] Possible file inclusion found! -> 'http://www.kangaroophotos.com/i.php?
p=EWqUBdN4' with Parameter 'p'.
[OUT] Identifing Vulnerability 'http://www.kangaroophotos.com/i.php?
p=_booking/sport.php' with Param 'p'...
[WARN] Failed to do request to (http://www.kangaroophotos.com/i.php?p=bbCaoVIp)
[WARN] <urlopen error timed out>

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
  File "./fimap.py", line 258, in ?
    g.startGoogleScan()
  File "/tmp/fimap_alpha_v06.1/googleScan.py", line 76, in startGoogleScan
    single.scan()
  File "/tmp/fimap_alpha_v06.1/singleScan.py", line 51, in scan
    res = t.testTargetVuln()
  File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 83, in testTargetVuln
    rep = self.identifyVuln(self.Target_URL, self.params, k)
  File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 113, in identifyVuln
    m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer

Original comment by spe...@gmail.com on 17 Dec 2009 at 4:43

GoogleCodeExporter commented 9 years ago 
speakz, i think you do not update the fimap with the latest svn, please contact 
me 
on IRC to tell you how you do need to do, greets.

Original comment by mexw...@gmail.com on 18 Dec 2009 at 6:37

GoogleCodeExporter commented 9 years ago 
Hi speakz,

Your first bug is fixed. The problem was that there is no path of the script 
printed.
However. It will now toss a warning if the fullpath was not received. And it 
will try
to go on with "/" as path.

Your second bug is already fixed in SVN version. Grab a SVN copy. Or wait for 
version
0.7 which will be out before 2010.

Thank you,
-imax.

Original comment by fimap....@gmail.com on 19 Dec 2009 at 11:05

GoogleCodeExporter commented 9 years ago 
mexworm on wich network you are at??

Original comment by spe...@gmail.com on 19 Dec 2009 at 12:33

GoogleCodeExporter commented 9 years ago 
Speakz im expwOrm, find me on undernet nigga.

Original comment by mexw...@gmail.com on 21 Dec 2009 at 2:55