search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

Fimap issue #29

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
./fimap.py -x
fimap v.09_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter
Traceback (most recent call last):
  File "./fimap.py", line 298, in <module>
    xmlsettings = language.XML2Config(config)
  File "/home/falgold/fimap/src/baseClass.py", line 78, in __init__
    self.__init_xmlresult()
  File "/home/falgold/fimap/src/baseClass.py", line 83, in __init_xmlresult
    self.XML_Result = xml.dom.minidom.parse(xmlfile)
  File "/usr/local/lib/python2.6/xml/dom/minidom.py", line 1918, in parse
    return expatbuilder.parse(file)
  File "/usr/local/lib/python2.6/xml/dom/expatbuilder.py", line 924, in parse
    result = builder.parseFile(fp)
  File "/usr/local/lib/python2.6/xml/dom/expatbuilder.py", line 211, in
parseFile
    parser.Parse("", True)
xml.parsers.expat.ExpatError: no element found: line 1, column 0

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn 

On what operating system?
Linux Red Hat

Please provide any additional information below.
Before this error fimap was working fine

Original issue reported on code.google.com by cmendoza...@gmail.com on 27 May 2010 at 10:50

GoogleCodeExporter commented 9 years ago 
Hi!

Is it possible that your ~/fimap_result.xml file is empty?
Have you started multiple instances of fimap?

However this is sure a bug. I will take a look at it.
Thank you for reporting!

-imax.

Original comment by fimap....@gmail.com on 28 May 2010 at 12:23

GoogleCodeExporter commented 9 years ago 
Yeap, the fimap_result.xml were empty, but curiously i had some results on it. 
But 
now it's empty.
also, i didn't started multiple instances of fimap.

Thanks.

Original comment by cmendoza...@gmail.com on 4 Jun 2010 at 2:52

GoogleCodeExporter commented 9 years ago 
Yeah.

This happens usually if fimap is scanning and you start another scanning 
instance or start fimap in -x mode under some conditions.

Example Case:
You are scanning. And you start fimap with -x on a new server. Now fimap 
extracts the kernel version and tries to add it to the XML. But if the XML is 
currently also being written by the scan instance its totally unsexy.

I will maybe implement a classic lock file to prevent multiple instances until 
I have a good solution.

-imax

Original comment by fimap....@gmail.com on 14 Jun 2010 at 8:51

GoogleCodeExporter commented 9 years ago 
Hey,

I have implemented a lockfile into the new SVN version.
I hope that problems like this are now fixed.

-imax.

Original comment by fimap....@gmail.com on 15 Sep 2010 at 6:57