search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

New Bug #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
[OUT] Parsing URL 'http://www.ala.org.uk/mod.php?mod=userpage&page_id=10'...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! ->
'http://www.ala.org.uk/mod.php?mod=MVohB3tN&page_id=10' with Parameter 'mod'.
[OUT] Identifing Vulnerability
'http://www.ala.org.uk/mod.php?mod=userpage&page_id=10' with Param 'mod'...
[WARN] Failed to retrieve script path.

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
  File "fimap.py", line 258, in <module>
    g.startGoogleScan()
  File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/googleScan.py",
line 76, in startGoogleScan
    single.scan()
  File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/singleScan.py",
line 51, in scan
    res = t.testTargetVuln()
  File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/targetScanner.py",
line 80, in testTargetVuln
    rep = self.identifyVuln(self.Target_URL, self.params, k)
  File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/targetScanner.py",
line 157, in identifyVuln
    pre = os.path.join(r.getServerPath(), pre)
  File "/usr/lib/python2.5/posixpath.py", line 62, in join
    elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'

Original issue reported on code.google.com by moy...@gmail.com on 5 Nov 2009 at 5:59

GoogleCodeExporter commented 9 years ago 
Hi!

Confirmed, will fix this now.

-imax.

Original comment by fimap....@gmail.com on 5 Nov 2009 at 9:08

GoogleCodeExporter commented 9 years ago 
Thanks man. Epic bugreport.
I have added an additional regex for this kind of error message.

It's available in SVN version.
Will be available in v.06.1 soon too.

Thanks again for this epic bugreport :)

Original comment by fimap....@gmail.com on 5 Nov 2009 at 9:26

GoogleCodeExporter commented 9 years ago 
You are Welcome =)... thanks 4 you 4 this interesting tool =)... congrats

Original comment by moy...@gmail.com on 5 Nov 2009 at 6:33