search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

fimap crashes on non existing url. #49

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]

On which URL this error occures? (Important!)
http://calgul.eu   -none existing, mismatch, not sure if that is really a bug.

Which version of fimap you are using? (You can see that in the very first
line)
latest from svn 5 mins back - Checked out revision 285

On what operating system?
BackTrack 4, kernel 2.6.34

Please provide any additional information below.
root@bt:/pentest/web/fimapN/fimap-read-only/src# ./fimap.py -4  -u 
"http://calgul.eu" -C
fimap v.09_svn (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

AutoAwesome mode engaging URL 'http://calgul.eu'...
Requesting 'http://calgul.eu'...
[22:46:39] [WARN] <urlopen error (-2, 'Name or service not known')>

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: 'NoneType' object is not iterable
Traceback (most recent call last):
  File "./fimap.py", line 662, in <module>
    awe.scan()
  File "/pentest/web/fimapN/fimap-read-only/src/autoawesome.py", line 46, in scan
    for head in headers:
TypeError: 'NoneType' object is not iterable

Original issue reported on code.google.com by fbl...@gmail.com on 19 Dec 2010 at 10:52

GoogleCodeExporter commented 9 years ago 
Hi fblubr,

This is clearly a bug and fimap should not crash on not existing URLs.
I am going to fix this today.

Thank you very much for informing me about that!

-imax.

Original comment by fimap....@gmail.com on 21 Dec 2010 at 5:48

GoogleCodeExporter commented 9 years ago 
Hi fblubr,

Sorry for the delay but the bug is fixed now.
Thank you very much for reporting it to me!

-imax.

Original comment by fimap....@gmail.com on 30 Dec 2010 at 7:53

GoogleCodeExporter commented 9 years ago 
Hi,

no problem, there is a article on my site about fimap. I put there a 
word to/encourage/// the readers for reporting fimap bugs if found one.

Thanks for good work

M.

Original comment by fbl...@gmail.com on 30 Dec 2010 at 9:55