search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

Bug while trying to find /etc/passwd #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

What is the expected output? What do you see instead?
It bugged after null byte successful and trying to find /etc/passwd

What version of the product are you using? On what operating system?
.6 alpha on Backtrack4 prefinal

Please provide any additional information below.

stacktrace

Traceback (most recent call last):
  File "./fimap.py", line 258, in <module>
    g.startGoogleScan()
  File "/home/xxx/fimap_alpha_v06/googleScan.py", line 76, in startGoogleScan
    single.scan()
  File "/home/xxx/fimap_alpha_v06/singleScan.py", line 51, in scan
    res = t.testTargetVuln()
  File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 83, in testTargetVuln
    ret.append((rep, self.readFiles(rep)))
  File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 203, in readFiles
    if (self.readFile(rep, f, p)):
  File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 305, in readFile
    if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
TypeError: 'NoneType' object is unsubscriptable

Original issue reported on code.google.com by W.James....@gmail.com on 4 Nov 2009 at 3:46

GoogleCodeExporter commented 9 years ago 
Hi!

I will check it later today and fix it.

Thank you very much!
-imax

Original comment by fimap....@gmail.com on 4 Nov 2009 at 7:56

GoogleCodeExporter commented 9 years ago 
Hi again,

I have checked it but I need some more information.

Basicly what I need is:
- The HTML code of the page which shows the error
- The path which fimap has found
- And super cool would be the complete output of fimap.

Sure you can disguise anything which pinpoints your site.

Feel free to send it to my email if you don't want to post it public:
VanUber at checkjemail dot nl

Thanks in advance!
-imax.

Original comment by fimap....@gmail.com on 5 Nov 2009 at 1:29

GoogleCodeExporter commented 9 years ago

Original comment by fimap....@gmail.com on 9 Nov 2009 at 11:08

GoogleCodeExporter commented 9 years ago 
This bug is the same as bug #10

It's fixed in SVN version.
Will be fixed also in >= v.06.1

Original comment by fimap....@gmail.com on 10 Nov 2009 at 11:35