search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

Bug found #40

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
On which URL this error occures? (Important!)
http://202.93.143.18/

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn

On what operating system?
Debian GNU/Linux 5.0

Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: expected string or buffer
Traceback (most recent call last):
  File "./fimap.py", line 516, in <module>
    g.startGoogleScan()
  File "/home/info/.vim-log/fimap/src/googleScan.py", line 94, in startGoogleScan
    single.scan()
  File "/home/info/.vim-log/fimap/src/singleScan.py", line 48, in scan
    res = t.testTargetVuln()
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 183, in testTargetVuln
    self.analyzeURL(ret, k, v, self.config["p_post"], False)
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 110, in analyzeURL
    rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 255, in identifyVuln
    m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer

Original issue reported on code.google.com by cmendoza...@gmail.com on 27 Jul 2010 at 3:34

GoogleCodeExporter commented 9 years ago 
On which URL this error occures? (Important!)
http://www.miliciapro.com

Which version of fimap you are using? (You can see that in the very first
line)

fimap v.08.1

On what operating system?
Windows XP SP 3 (Virtual Box)

Please provide any additional information below.

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on http://fima
.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: unclosed token: line 134, column 4
Traceback (most recent call last):
  File "C:\unixother\fimap\fimap.py", line 510, in <module>
    m.startMassScan()
  File "C:\unixother\fimap\massScan.py", line 49, in startMassScan
    single.scan()
  File "C:\unixother\fimap\singleScan.py", line 43, in scan
    t = targetScanner(self.config)
  File "C:\unixother\fimap\baseClass.py", line 78, in __init__
    self.__init_xmlresult()
  File "C:\unixother\fimap\baseClass.py", line 83, in __init_xmlresult
    self.XML_Result = xml.dom.minidom.parse(xmlfile)
  File "C:\Python27\lib\xml\dom\minidom.py", line 1911, in parse
    return expatbuilder.parse(file)
  File "C:\Python27\lib\xml\dom\expatbuilder.py", line 924, in parse
    result = builder.parseFile(fp)
  File "C:\Python27\lib\xml\dom\expatbuilder.py", line 211, in parseFile
    parser.Parse("", True)
xml.parsers.expat.ExpatError: unclosed token: line 134, column 4

Original comment by thezakmangf on 13 Sep 2010 at 4:04

GoogleCodeExporter commented 9 years ago 
Hi Guys,

The First report here is not reproducable. The URL is really strange and 
doesn't contain any parameter.

The second report seems that the ~/fimap_result.xml is empty. I think you have 
started more than one instance of fimap. To avoid it i have implemented an 
lockfile into the new SVN version of fimap. I hope the problems are history 
with that.

Thanks!
If the error is still there please open another bug.

-imax.

Original comment by fimap....@gmail.com on 15 Sep 2010 at 6:55