search

kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
521 stars 99 forks source link

New Bug #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hello again... Reporting this new Bug =)

[OUT] Identifing Vulnerability
'http://www.funix.org/fr/linux/main-linux.php?page=menu&ref=apache2' with
Param 'ref'...
[INFO] Scriptpath received: ''
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
[INFO] NULL-Byte Poisoning not possible.
[INFO] Skipping file '/etc/passwd'.
[INFO] Skipping file '/proc/self/environ'.
[INFO] Skipping absolute file 'php://input'.
[INFO] Skipping log file '/var/log/apache2/access.log'.
[INFO] Skipping log file '/var/log/apache/access.log'.
[INFO] Skipping log file '/var/log/httpd/access.log'.
[INFO] Skipping log file '/var/log/apache2/access_log'.
[INFO] Skipping log file '/var/log/apache/access_log'.
[INFO] Skipping log file '/var/log/httpd/access_log'.
[INFO] Skipping remote file 'http://www.phpbb.de/index.php'.
[INFO] Skipping remote file
'http://www.uni-bonn.de/Frauengeschichte/index.html'.
[INFO] Testing file 'http://www.kah-bonn.de/index.htm?presse/winterthur'...

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
  File "./fimap.py", line 258, in <module>
    g.startGoogleScan()
  File "/www/htdocs/diforchile/.cgi-bin/fimap/src/googleScan.py", line 76,
in startGoogleScan
    single.scan()
  File "/www/htdocs/diforchile/.cgi-bin/fimap/src/singleScan.py", line 51,
in scan
    res = t.testTargetVuln()
  File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
85, in testTargetVuln
    ret.append((rep, self.readFiles(rep)))
  File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
288, in readFiles
    if (self.readFile(rep, f, p, True)):
  File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
324, in readFile
    if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
IndexError: string index out of range
fimap v.06_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter.

----
 Regards =).

Original issue reported on code.google.com by moy...@gmail.com on 6 Nov 2009 at 9:31

GoogleCodeExporter commented 9 years ago 
Hi again dude!
I will check this later today and fix it.
Thank you very much again. I appreciate your help. :)
-imax

Original comment by fimap....@gmail.com on 6 Nov 2009 at 10:43

GoogleCodeExporter commented 9 years ago 
Hi!

I have just fixed this error! Thanks man for reporting.
This was really a good bug you have found :)

It's up in SVN right now.

Cheers man :)
-imax.

Original comment by fimap....@gmail.com on 6 Nov 2009 at 11:55