kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
514 stars 99 forks source link

error while choosing the attack mode #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]

On which URL this error occures? (Important!)
error while trying to attack in this site

http://www.teltools.com.br/index.php?op=

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn

On what operating system?
ubuntu 

Please provide any additional information below.

Choose vulnerable script: 1
[17:09:24] [INFO] Testing PHP-code injection thru User-Agent...
[17:09:26] [OUT] PHP Injection works! Testing if execution works...
[17:09:26] [INFO] Testing execution thru 'popen[b64]'...
[17:09:56] [WARN] <urlopen error timed out>
[17:09:56] [INFO] Testing execution thru 'passthru[b64]'...
[17:09:58] [INFO] Testing execution thru 'exec[b64]'...
[17:09:59] [OUT] Execution thru 'exec[b64]' works!
####################################################
#:: Available Attacks - PHP and SHELL access ::    #
####################################################
#[1] Spawn fimap shell                             #
#[2] Spawn pentestmonkey's reverse shell           #
#[3] [Test Plugin] Show some info                  #
#[q] Quit                                          #
####################################################
Choose Attack: 1
Please wait - Setting up shell (one request)...
Traceback (most recent call last):
  File "./fimap.py", line 374, in <module>
    list_results()
  File "./fimap.py", line 195, in list_results
    c.start()
  File "/home/wishnu/fimap-read-only/src/codeinjector.py", line 222, in start
    curusr = tmp.split("\n")[1].strip()
IndexError: list index out of range

Original issue reported on code.google.com by wishnusa...@gmail.com on 13 Oct 2010 at 5:20

GoogleCodeExporter commented 9 years ago
HI wishnusakti,

Thank you for this report.
I will check it out.
I am busy currently with implementing Cookie and Header attacking. Scanning 
works already :)
So after this I will fix the bug you have found and push it.

Thanks dude!
-imax.

Original comment by fimap....@gmail.com on 15 Oct 2010 at 9:55

GoogleCodeExporter commented 9 years ago
thanks broo.... wow... cookie and header attacking are that modules will be 
added in fimap module bro imax.... i will learn for manual first if that will 
be in fimap :D... thanks broo....

Original comment by wishnusa...@gmail.com on 16 Oct 2010 at 3:07

GoogleCodeExporter commented 9 years ago
Hi Dude,

It should be fixed in SVN.
I am not sure tho because I am not sure what the problem actually was.
But now there is a test which checks if the result was empty or not befor 
parsing it.

-imax.

Original comment by fimap....@gmail.com on 17 Oct 2010 at 3:47