search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

Another bug found #42

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
On which URL this error occures? (Important!)
[OUT] [Perl] Possible file inclusion found! -> 
'http://studylight.org/desk/?l=S29zOXyb&query=Philippians+1%3A1&section=0&transl
ation=niv&oq=phil.1%3A1&new=1&sr=1&nb=php&ng=1&ncc=1' with Parameter 'l'.
[OUT] [Perl] Identifying Vulnerability 
'http://studylight.org/desk/?l=en&query=Philippians+1%3A1&section=0&translation=
niv&oq=phil.1%3A1&new=1&sr=1&nb=php&ng=1&ncc=1' with Parameter 'l'...

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn

On what operating system?
Debian GNU/Linux 5.0

Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: no such group
Traceback (most recent call last):
  File "./fimap.py", line 516, in <module>
    g.startGoogleScan()
  File "/home/info/.vim-log/fimap/src/googleScan.py", line 94, in startGoogleScan
    single.scan()
  File "/home/info/.vim-log/fimap/src/singleScan.py", line 48, in scan
    res = t.testTargetVuln()
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 183, in testTargetVuln
    self.analyzeURL(ret, k, v, self.config["p_post"], False)
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 110, in analyzeURL
    rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
  File "/home/info/.vim-log/fimap/src/targetScanner.py", line 289, in identifyVuln
    script = s.group('script')
IndexError: no such group

Original issue reported on code.google.com by cmendoza...@gmail.com on 2 Aug 2010 at 4:24

GoogleCodeExporter commented 9 years ago 
Hi cmendozabenitez,

You found a great bug. I forgot to add the ?<script> tag for the perl regex.
I will fix that tonight.

Thank you for reporting!
-imax.

Original comment by fimap....@gmail.com on 5 Aug 2010 at 4:52

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r267.

Original comment by fimap....@gmail.com on 3 Sep 2010 at 5:51