ramadhanamizudin / fimap Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/fimap
Automatically exported from code.google.com/p/fimap
On which URL this error occures? (Important!)
http://www.sg-kaarst-leichtathletik.de/linker.php?head=Veranstaltungen
%202007&file=veranstaltungen/2007/kreissa/zeitplan.php&i=1
Which version of fimap you are using? (You can see that in the very first
line)
06.1
On what operating system?
Fedora Core release 4 (Stentz)
Please provide any additional information below.
The scan, send me this error.
SUBJECT: fimap Regex
ERROR : Failed to retrieve script path.
URL : http://www.sg-kaarst-leichtathletik.de/linker.php?
head=Veranstaltungen%202007&file=veranstaltungen/2007/kreissa/
zeitplan.php&i=1
greets
Original issue reported on code.google.com by [email protected]
on 30 Nov 2009 at 8:57
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Please provide any additional information below.
fimap version: fimap_alpha_v06
operating system: ubuntu 9.10 amd64
command: ./fimap.py -g -q 'inurl:show.php' -p 20
Bug:
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File
"/home/serial/downloads/HPC/_NEW/news/fimap_alpha_v06/googleScan.py", line
76, in startGoogleScan
single.scan()
File
"/home/serial/downloads/HPC/_NEW/news/fimap_alpha_v06/singleScan.py", line
51, in scan
res = t.testTargetVuln()
File
"/home/serial/downloads/HPC/_NEW/news/fimap_alpha_v06/targetScanner.py",
line 80, in testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File
"/home/serial/downloads/HPC/_NEW/news/fimap_alpha_v06/targetScanner.py",
line 157, in identifyVuln
pre = os.path.join(r.getServerPath(), pre)
File "/usr/lib/python2.6/posixpath.py", line 67, in join
elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'
Original issue reported on code.google.com by [email protected]
on 20 Nov 2009 at 11:16
On which URL this error occures? (Important!)
[OUT] [Perl] Possible file inclusion found! ->
'http://studylight.org/desk/?l=S29zOXyb&query=Philippians+1%3A1§ion=0&transl
ation=niv&oq=phil.1%3A1&new=1&sr=1&nb=php&ng=1&ncc=1' with Parameter 'l'.
[OUT] [Perl] Identifying Vulnerability
'http://studylight.org/desk/?l=en&query=Philippians+1%3A1§ion=0&translation=
niv&oq=phil.1%3A1&new=1&sr=1&nb=php&ng=1&ncc=1' with Parameter 'l'...
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn
On what operating system?
Debian GNU/Linux 5.0
Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: no such group
Traceback (most recent call last):
File "./fimap.py", line 516, in <module>
g.startGoogleScan()
File "/home/info/.vim-log/fimap/src/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/home/info/.vim-log/fimap/src/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 183, in testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 110, in analyzeURL
rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 289, in identifyVuln
script = s.group('script')
IndexError: no such group
Original issue reported on code.google.com by [email protected]
on 2 Aug 2010 at 4:24
Hello again... Reporting this new Bug =)
[OUT] Identifing Vulnerability
'http://www.funix.org/fr/linux/main-linux.php?page=menu&ref=apache2' with
Param 'ref'...
[INFO] Scriptpath received: ''
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
[INFO] NULL-Byte Poisoning not possible.
[INFO] Skipping file '/etc/passwd'.
[INFO] Skipping file '/proc/self/environ'.
[INFO] Skipping absolute file 'php://input'.
[INFO] Skipping log file '/var/log/apache2/access.log'.
[INFO] Skipping log file '/var/log/apache/access.log'.
[INFO] Skipping log file '/var/log/httpd/access.log'.
[INFO] Skipping log file '/var/log/apache2/access_log'.
[INFO] Skipping log file '/var/log/apache/access_log'.
[INFO] Skipping log file '/var/log/httpd/access_log'.
[INFO] Skipping remote file 'http://www.phpbb.de/index.php'.
[INFO] Skipping remote file
'http://www.uni-bonn.de/Frauengeschichte/index.html'.
[INFO] Testing file 'http://www.kah-bonn.de/index.htm?presse/winterthur'...
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/www/htdocs/diforchile/.cgi-bin/fimap/src/googleScan.py", line 76,
in startGoogleScan
single.scan()
File "/www/htdocs/diforchile/.cgi-bin/fimap/src/singleScan.py", line 51,
in scan
res = t.testTargetVuln()
File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
85, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
288, in readFiles
if (self.readFile(rep, f, p, True)):
File "/www/htdocs/diforchile/.cgi-bin/fimap/src/targetScanner.py", line
324, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
IndexError: string index out of range
fimap v.06_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter.
----
Regards =).
Original issue reported on code.google.com by [email protected]
on 6 Nov 2009 at 9:31
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Please provide any additional information below.
cut here %<--------------------------------------------------------------
Exception: 'php_info'
Traceback (most recent call last):
File "./fimap.py", line 516, in ?
g.startGoogleScan()
File "/usr/lib/libsh/.owned/fimap_alpha_v08.1/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/usr/lib/libsh/.owned/fimap_alpha_v08.1/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/usr/lib/libsh/.owned/fimap_alpha_v08.1/targetScanner.py", line 183, in testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/usr/lib/libsh/.owned/fimap_alpha_v08.1/targetScanner.py", line 119, in analyzeURL
result.append((rep, self.readFiles(rep)))
File "/usr/lib/libsh/.owned/fimap_alpha_v08.1/targetScanner.py", line 553, in readFiles
up = self.putLocalPayload(settings["php_info"][0], rep.getAppendix())
KeyError: 'php_info'
Original issue reported on code.google.com by [email protected]
on 25 Sep 2010 at 7:38
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
error while trying to attack in this site
http://www.teltools.com.br/index.php?op=
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn
On what operating system?
ubuntu
Please provide any additional information below.
Choose vulnerable script: 1
[17:09:24] [INFO] Testing PHP-code injection thru User-Agent...
[17:09:26] [OUT] PHP Injection works! Testing if execution works...
[17:09:26] [INFO] Testing execution thru 'popen[b64]'...
[17:09:56] [WARN] <urlopen error timed out>
[17:09:56] [INFO] Testing execution thru 'passthru[b64]'...
[17:09:58] [INFO] Testing execution thru 'exec[b64]'...
[17:09:59] [OUT] Execution thru 'exec[b64]' works!
####################################################
#:: Available Attacks - PHP and SHELL access :: #
####################################################
#[1] Spawn fimap shell #
#[2] Spawn pentestmonkey's reverse shell #
#[3] [Test Plugin] Show some info #
#[q] Quit #
####################################################
Choose Attack: 1
Please wait - Setting up shell (one request)...
Traceback (most recent call last):
File "./fimap.py", line 374, in <module>
list_results()
File "./fimap.py", line 195, in list_results
c.start()
File "/home/wishnu/fimap-read-only/src/codeinjector.py", line 222, in start
curusr = tmp.split("\n")[1].strip()
IndexError: list index out of range
Original issue reported on code.google.com by [email protected]
on 13 Oct 2010 at 5:20
If i skip some pages, fimap just says "Google Scan completed.", without doing
anything.
-----------------------------------------------------------------------
fimap.py -g -q "inurl:include" --skip-pages=10 --pages=100
fimap v.08.1 by Iman Karim - Automatic LFI/RFI scanner and exploiter
[INFO] 0 plugins loaded.
GoogleScanner is searching for Query: 'inurl:include'
Google Scanner will skip the first 10 pages...
Querying Google Search: 'inurl:include' with max pages 100...
Google Scan completed.
Original issue reported on code.google.com by [email protected]
on 13 Jul 2010 at 6:53
What steps will reproduce the problem?
1. fimap in harvest mode
What is the expected output? What do you see instead?
./fimap.py -u http://xxxxx
fimap v.04 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
Crawler is harvesting URLs from start URL: 'http://' with depth: 1 and
writing results to: 'hm'
[0] Going to root URL: 'http://'...
Failed to to request to '<type 'exceptions.Exception'>'
global name 'socket' is not defined
Harvesting done.
What version of the product are you using? On what operating system?
python 2.5
Original issue reported on code.google.com by [email protected]
on 25 Sep 2009 at 11:35
On which URL this error occures? (Important!)
http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GLO
BAL
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.06
What steps will reproduce the problem?
$python fimap.py -u
'http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GL
OBAL'
On what operating system?
uname -a
Linux host.xxxx.com 2.6.9-023stab046.2-enterprise #1 SMP Mon Dec 10
15:22:33 MSK 2007 i686 athlon i386 GNU/Linux
Which Python Version?
Python 2.5.2 (r252:60911, Sep 21 2008, 00:51:07)
[GCC 3.4.6 20060404 (Red Hat 3.4.6-9)] on linux2
Full error message.
$ python fimap.py -u
'http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GL
OBAL'
fimap v.06 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL:
'http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GL
OBAL'
[OUT] Parsing URL
'http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GL
OBAL'...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! ->
'http://www.crealine.nl/newsite2/index2.php?link=wXBixB1A&type=noscript&style=GL
OBAL'
with Parameter 'link'.
[OUT] Identifing Vulnerability
'http://www.crealine.nl/newsite2/index2.php?link=ZkHoD4HF&type=noscript&style=GL
OBAL'
with Param 'link'...
[WARN] Failed to retrieve script path.
[INFO] Testing file '/etc/passwd'...
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...fimap v.06
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "fimap.py", line 244, in <module>
single.scan()
File
"/home/xxxx/public_html/cgi-bin/.g/new/6/fimap_alpha_v06/singleScan.py",
line 51, in scan
res = t.testTargetVuln()
File
"/home/xxxx/public_html/cgi-bin/.g/new/6/fimap_alpha_v06/targetScanner.py",
line 83, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File
"/home/xxxx/public_html/cgi-bin/.g/new/6/fimap_alpha_v06/targetScanner.py",
line 203, in readFiles
if (self.readFile(rep, f, p)):
File
"/home/xxxx/public_html/cgi-bin/.g/new/6/fimap_alpha_v06/targetScanner.py",
line 305, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
TypeError: 'NoneType' object is unsubscriptable
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 11 Nov 2009 at 3:08
Check this one:
./fimap.py -g -q 'inurl:a5.php"'
fimap v.09_svn
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim ([email protected])
GoogleScanner is searching for Query: 'inurl:a5.php"'
Querying Google Search: 'inurl:a5.php"' with max pages 10...
'module' object has no attribute 'sslerror'
[RETRYING PAGE 1]
'module' object has no attribute 'sslerror'
[RETRYING PAGE 1]
Any idea??
Original issue reported on code.google.com by [email protected]
on 2 Dec 2010 at 10:40
Hi
When I run the command below I faced this error below;
$ ./fimap.py -u 'http://forum.agnostik.org/search.php?sid=a486b2e6ed9b24120884a
a6ea21978f2' -b
fimap v.07 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
Experimental blind FI-error checking enabled.
SingleScan is testing URL: 'http://forum.agnostik.org/search.php?sid=a486b2e6ed9
b24120884aa6ea21978f2'
[OUT] Parsing URL 'http://forum.agnostik.org/search.php?sid=a486b2e6ed9b24120884
aa6ea21978f2'...
[INFO] Fiddling around with URL...
[WARN] HTTP Error 503: Service Temporarily Unavailable
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on http://fimap
.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: 'NoneType' object has no attribute 'find'
Traceback (most recent call last):
File "./fimap.py", line 286, in <module>
single.scan()
File "/cygdrive/d/SOFTWARE_DVD/KINGH/RFI/RFI SCANER/fimap_alpha_v07/singleScan
.py", line 48, in scan
res = t.testTargetVuln()
File "/cygdrive/d/SOFTWARE_DVD/KINGH/RFI/RFI SCANER/fimap_alpha_v07/targetScan
ner.py", line 131, in testTargetVuln
if (code.find(v) != -1):
AttributeError: 'NoneType' object has no attribute 'find'
Original issue reported on code.google.com by [email protected]
on 20 Jan 2011 at 12:57
On which URL this error occures? (Important!)
[OUT] [PHP] Possible file inclusion found! -
> 'http://www.cpankara.com.tr/cp.php?syf=2&p=DwPMKJdB' with Parameter 'p'.
[OUT] [PHP] Identifying Vulnerability 'http://www.cpankara.com.tr/cp.php?
syf=2&p=9' with Parameter 'p'...
[WARN] timed out
[ERROR] Identification of vulnerability failed. (code == None)
Which version of fimap you are using? (You can see that in the very first
line)
qfimap v.09_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter
On what operating system?
Linux Fedora 8
Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: expected string or buffer
Traceback (most recent call last):
File "./fimap.py", line 516, in <module>
g.startGoogleScan()
File "/home/astra/fimap/src/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/home/astra/fimap/src/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/astra/fimap/src/targetScanner.py", line 183, in
testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/home/astra/fimap/src/targetScanner.py", line 110, in analyzeURL
rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
File "/home/astra/fimap/src/targetScanner.py", line 255, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
Original issue reported on code.google.com by [email protected]
on 4 Jun 2010 at 2:54
What steps will reproduce the problem?
1. Exploit a site in which the webroot is on a windoze based share
'//Server/webroot'
2.
3.
What is the expected output? What do you see instead?
In this early beta it should error and say 'Windows sucks'
What version of the product are you using? On what operating system?
SVN copy.
Please provide any additional information below.
[INFO] Scriptpath received: ''
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix...
[INFO] NULL-Byte Poisoning successfull!
[INFO] Testing file '/etc/passwd'...
Traceback (most recent call last):
File "./fimap.py", line 206, in <module>
single.scan()
File "/pentesttoolset/fimap/src/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/pentesttoolset/fimap/src/targetScanner.py", line 81, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File "/pentesttoolset/fimap/src/targetScanner.py", line 195, in readFiles
if (self.readFile(rep, f, p)):
File "/pentesttoolset/fimap/src/targetScanner.py", line 281, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
IndexError: string index out of range
Warning: include(includes/ccccc.php) [function.include]: failed to open
stream: No such file or directory in
\\nas24ent\domains\b\*censored*\user\htdocs\index.php on line 27
Original issue reported on code.google.com by [email protected]
on 14 Sep 2009 at 4:40
Hello ,
im testing your tool on windows xp with the latest pyton release 3.20
via CMD i always got this error "SyntaxError: invalid syntax"
here is a sample of the query
--------------------------------------------------------------------
C:\fimap_alpha_v08.1>fimap.py -g -q 'inurl:include.php'
File "C:\fimap_alpha_v08.1\fimap.py", line 49
print "Usage: ./fimap.py [options]"
^
SyntaxError: invalid syntax
--------------------------------------------------------------------
i tried many different options but didnt figure why i get that error
its look like fimap does not take option
any idea about this please ?
thanks
Original issue reported on code.google.com by [email protected]
on 2 Dec 2010 at 3:40
i have try LFI method i forgot where i read it :D, and i try it on joomla
component and it works, may be in the future you can add this kind of exploit
in fimap modul :D...
http://www.centroorientamentodonbosco.it/index.php?option=com_agora&task=....//.
...//....//....//....//....//....//....//proc/self/environ%0000
Original issue reported on code.google.com by [email protected]
on 4 Jul 2010 at 5:26
On which URL this error occures? (Important!)
http://202.93.143.18/
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn
On what operating system?
Debian GNU/Linux 5.0
Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: expected string or buffer
Traceback (most recent call last):
File "./fimap.py", line 516, in <module>
g.startGoogleScan()
File "/home/info/.vim-log/fimap/src/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/home/info/.vim-log/fimap/src/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 183, in testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 110, in analyzeURL
rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
File "/home/info/.vim-log/fimap/src/targetScanner.py", line 255, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
Original issue reported on code.google.com by [email protected]
on 27 Jul 2010 at 3:34
i got this option as given below ..
##################################################
Choose vulnerable script: 1
[INFO] Testing php-code injection thru POST...
[OUT] PHP Injection works! Testing if execution works...
[INFO] Testing execution thru 'popen'...
[INFO] Testing execution thru 'passthru'...
[INFO] Testing execution thru 'exec'...
[INFO] Testing execution thru 'system'...
########################################
#:: Available Attacks - PHP Only :: #
########################################
#[1] Spawn reverse shell #
#[q] Quit #
########################################
Choose Attack: 1
IP where the reverse shell should connect to:
--------------------------------------------------
now plz tell me which ip should i put there (i used port as 5992 ..its open
4 me as well as target too ) .. mine or my target's ip ..
& wat command shloul i run in netcat ...
i tried 2 commands :--
1)nc -l -n -v -p 5992
&
2)nc -vv -l -n -p 5992
Thank you ..
Original issue reported on code.google.com by [email protected]
on 24 May 2010 at 8:37
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Debian/Ubuntu
Please provide any additional information below.
[OUT] Parsing URL 'http://www.caf.ro/php/index.php?indpg=contact'...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! -> 'http://www.caf.ro/php/index.php?
indpg=ejHPvQrN' with Parameter 'indpg'.
[OUT] Identifing Vulnerability 'http://www.caf.ro/php/index.php?
indpg=contact' with Param 'indpg'...
[WARN] Failed to do request to (http://www.caf.ro/php/index.php?
indpg=fnJLZzzM)
[WARN] <urlopen error timed out>
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "./fimap.py", line 258, in ?
g.startGoogleScan()
File "/tmp/fimap_alpha_v06.1/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/tmp/fimap_alpha_v06.1/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 83, in
testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 113, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
Original issue reported on code.google.com by [email protected]
on 17 Dec 2009 at 5:47
pentium:~/fimap_alpha_v02# ./fimap.py -g -q 'inurl:include.php'
fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
GoogleScanner is searching for Query: 'inurl:include.php'
Querying Google Search: 'inurl:include.php' with max pages 10...
[PAGE 1]
[OUT] Parsing URL
'http://www.kksou.com/php-gtk2/Joomla/How-to-include-PHP-commands-in-Section/Con
tent-Description-for-Joomla-1.0.x.php'...
[OUT] Parsing URL
'http://www.kksou.com/php-gtk2/DirectPHP/1377-Help-how-to-include-php-files-in-m
y-content.php'...
[OUT] Parsing URL
'http://fileshunt.com/rapidshare.php?file=portable+cute+include+php+path+psp+use
r+php+include+php+server'...
[INFO] Fiddling around with URL...
[OUT] Parsing URL
'http://fileshunt.com/rapidshare.php?file=polaroid+memories+suite+include+php+pa
th+psp+user+php'...
[INFO] Fiddling around with URL...
[OUT] Parsing URL
'http://rapid.tvphp.net/?q=leeway+adult+crash+include+php+path+psp+user+php'...
[INFO] Fiddling around with URL...
[OUT] Parsing URL
'http://rapid.tvphp.net/?q=kamyla+php+con+exchange+include+php+webappcfg+apppath
+http+www+c21vox+tv+id1+txt'...
[INFO] Fiddling around with URL...
[OUT] Parsing URL
'http://www.economia-aziendale.com/ecom/public-amministrazione-newspublish-inclu
de.php'...
[OUT] Parsing URL
'http://dev.textcube.org/browser/branches/1.8/library/include.php?rev=7042'...
[INFO] Fiddling around with URL...
Traceback (most recent call last):
File "./fimap.py", line 191, in <module>
g.startGoogleScan()
File "/root/fimap_alpha_v02/googleScan.py", line 64, in startGoogleScan
single.scan()
File "/root/fimap_alpha_v02/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/root/fimap_alpha_v02/targetScanner.py", line 72, in testTargetVuln
code = self.doGetRequest(tmpurl)
File "/root/fimap_alpha_v02/baseClass.py", line 103, in doGetRequest
f = opener.open(URL)
File "/usr/lib/python2.5/urllib2.py", line 387, in open
response = meth(req, response)
File "/usr/lib/python2.5/urllib2.py", line 498, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python2.5/urllib2.py", line 425, in error
return self._call_chain(*args)
File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
result = func(*args)
File "/usr/lib/python2.5/urllib2.py", line 506, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 404: Not Found
S.O. Debian 5
Original issue reported on code.google.com by ulises2k
on 7 Sep 2009 at 3:15
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Please provide any additional information below.
I have get this bug when i try to run Fimap. first fimap not geting resulth
anything and I try to update xgoogle from the link but wala got 1 bug
Exception: __init__() got an unexpected keyword argument 'page'
Traceback (most recent call last):
File "./fimap.py", line 299, in <module>
g = googleScan(config)
File "/pentest/web/fimap/googleScan.py", line 33, in __init__
self.gs = GoogleSearch(self.config["p_query"],
page=self.config["p_skippages"])
TypeError: __init__() got an unexpected keyword argument 'page'
---------------------------------------------------------------
Os : Linux BT 4 Final
VerFimap: fimap_alpha_v08
Original issue reported on code.google.com by [email protected]
on 10 May 2010 at 8:02
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Debian/Ubuntu
Please provide any additional information below.
i found another one jejeje, when you fixed tell me what should i do if i
need to
download fimap again
***********************
[OUT] Possible file inclusion found! -
> 'http://www.kangaroophotos.com/i.php?
p=EWqUBdN4' with Parameter 'p'.
[OUT] Identifing Vulnerability 'http://www.kangaroophotos.com/i.php?
p=_booking/sport.php' with Param 'p'...
[WARN] Failed to do request to (http://www.kangaroophotos.com/i.php?
p=bbCaoVIp)
[WARN] <urlopen error timed out>
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "./fimap.py", line 258, in ?
g.startGoogleScan()
File "/tmp/fimap_alpha_v06.1/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/tmp/fimap_alpha_v06.1/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 83, in
testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 113, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
Original issue reported on code.google.com by [email protected]
on 17 Dec 2009 at 5:18
Exception: 'NoneType' object has no attribute 'find'
Traceback (most recent call last):
File "C:\Dokumente und Einstellungen\y\Desktop\fimap_alpha_v08.1\fimap.py", li
ne 502, in <module>
single.scan()
File "C:\Dokumente und Einstellungen\y\Desktop\fimap_alpha_v08.1\singleScan.py
", line 48, in scan
res = t.testTargetVuln()
File "C:\Dokumente und Einstellungen\y\Desktop\fimap_alpha_v08.1\targetScanner
.py", line 208, in testTargetVuln
rep, doBreak = self.analyzeURLblindly(i, testfile, k, V, v, backSym, self.co
nfig["p_post"], False, fileobj.isUnix())
File "C:\Dokumente und Einstellungen\y\Desktop\fimap_alpha_v08.1\targetScanner
.py", line 162, in analyzeURLblindly
if (code.find(find) != -1):
AttributeError: 'NoneType' object has no attribute 'find'
On which URL this error occures? (Important!)
http://www.mvista.com/vision/index.php?p=
Which version of fimap you are using? (You can see that in the very first
line)
fimap_alpha_v08.1
On what operating system?
windows/ubuntu
Original issue reported on code.google.com by [email protected]
on 12 Jul 2010 at 8:34
I'm using linuxmint fimap v.09_svn version i problem
msfconsole > load xmlrpc Pass=abc123 ServerType=Web < No problems here.
--------------------------------------------
Plugin is the problem begins.
Traceback (most recent call last):
File "./fimap.py", line 335, in <module>
list_results()
File "./fimap.py", line 183, in list_results
c.start()
File "/home/john/fimap/src/codeinjector.py", line 219, in start
plugman.broadcast_callback(attack, haxhelper)
File "/home/john/fimap/src/plugininterface.py", line 72, in broadcast_callback
p.plugin_callback_handler(attack, haxhelper)
File "/home/john/fimap/src/plugins/msf/msf.py", line 136, in plugin_callback_handler
if not self.msf_menu_unix(msfObj,self.lhost,self.lport,haxhelper):
File "/home/john/fimap/src/plugins/msf/msf.py", line 77, in msf_menu_unix
msfObj.createPayload()
File "/home/john/fimap/src/plugins/msf/pymetasploit/MetasploitWrapper.py", line 82, in createPayload
msfP.msfLoadPayload()
File "/home/john/fimap/src/plugins/msf/pymetasploit/MetasploitPayload.py", line 70, in msfLoadPayload
process=Popen(msfpayload,stdout=PIPE,stderr=PIPE,stdin=None)
File "/usr/lib/python2.6/subprocess.py", line 633, in __init__
errread, errwrite)
File "/usr/lib/python2.6/subprocess.py", line 1139, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
What should I do?
thanks
Original issue reported on code.google.com by [email protected]
on 13 Jul 2010 at 12:25
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
[02:39:44] [OUT] Parsing URL
'http://www.ochsen.com/website/de/deutsch.php?section=haus&page=set_haus.php'...
[02:39:44] [INFO] Fiddling around with URL...
Which version of fimap you are using? (You can see that in the very first
line)
wishnu@wishnu-xubuntu:~/lfiscanner/src$ ./fimap.py -v
fimap v.09_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter
option -v requires argument
On what operating system? Linux ubuntu
Please provide any additional information below.
cut here %<--------------------------------------------------------------
Exception: unclosed token: line 256, column 4
Traceback (most recent call last):
File "./fimap.py", line 561, in <module>
g.startGoogleScan()
File "/home/wishnu/lfiscanner/src/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/home/wishnu/lfiscanner/src/singleScan.py", line 43, in scan
t = targetScanner(self.config)
File "/home/wishnu/lfiscanner/src/baseClass.py", line 78, in __init__
self.__init_xmlresult()
File "/home/wishnu/lfiscanner/src/baseClass.py", line 83, in __init_xmlresult
self.XML_Result = xml.dom.minidom.parse(xmlfile)
File "/usr/lib/python2.6/xml/dom/minidom.py", line 1918, in parse
return expatbuilder.parse(file)
File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 924, in parse
result = builder.parseFile(fp)
File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 211, in parseFile
parser.Parse("", True)
xml.parsers.expat.ExpatError: unclosed token: line 256, column 4
Original issue reported on code.google.com by [email protected]
on 30 Jun 2010 at 3:01
Hi... i'm using fimap_alpha_v08, and i have this problem
./fimap.py -g -q 'inurl:cadena.php"'
fimap v.08 by Iman Karim - Automatic LFI/RFI scanner and exploiter
[INFO] 0 plugins loaded.
GoogleScanner is searching for Query: 'inurl:cadena.php"'
Querying Google Search: 'inurl:cadena.php"' with max pages 10...
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: HTTP Error 503: Service
Unavailable
[RETRYING PAGE 1]
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: <urlopen error timed
out>
[RETRYING PAGE 1]
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: HTTP Error 503: Service
Unavailable
[RETRYING PAGE 1]
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: HTTP Error 503: Service
Unavailable
[RETRYING PAGE 1]
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: HTTP Error 503: Service
Unavailable
[RETRYING PAGE 1]
Failed getting http://www.google.com/search?
q=inurl%3Acadena.php%22&num=50&btnG=Google+Search: HTTP Error 503: Service
Unavailable
[RETRYING PAGE 1]
MAXIMAL COUNT OF (RE)TRIES REACHED!
Why this keep happening? how can i fix this?
Original issue reported on code.google.com by [email protected]
on 26 Apr 2010 at 8:40
A LFI exists in a server with this form:
http://domain.com/content.php?page=projects/multimodal/index.php?page=/../../../
../../local/file
But somehow fimap it's unable to detect it.
I tried with some possibilities but no luck:
./fimap.py -u
'http://domain.com/content.php?page=projects/multimodal/index.php?page='
./fimap.py -u
'http://domain.com/content.php?page=projects/multimodal/index.php?page'
The fimap version is alpha_v08.1
PS: If necessary I can send you the details by email
Original issue reported on code.google.com by [email protected]
on 10 Jun 2010 at 6:36
Hey dude, 's up
Here Again :)
On which URL this error occures? (Important!)
- http://www.lumbroso.com/sourcer.php?show=company.php
Which version of fimap you are using? (You can see that in the very first
line)
- Fimap with svn 0.7.0
On what operating system?
- Linux CentOs
Please provide any additional information below.
SUBJECT: fimap Regex
ERROR : Failed to retrieve script path.
URL : http://www.lumbroso.com/sourcer.php?show=company.php
Original issue reported on code.google.com by [email protected]
on 14 Dec 2009 at 2:28
On which URL this error occures? (Important!)
'http://www.unyt.edu.al/unyt/index.php?
pg=faqe&id=83&menuid1=65&menuid2=122&menuid3=140&menuid4=199
Which version of fimap you are using? (You can see that in the very first
line)
fimap alpha 6
On what operating system?
Linux CentOs
Please provide any additional information below.
when the text: [OUT] Possible file inclusion found! -> 'http://
www.unyt.edu.al/......'
print this error.
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/var/crash/.fm/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/var/crash/.fm/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/var/crash/.fm/targetScanner.py", line 83, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File "/var/crash/.fm/targetScanner.py", line 269, in readFiles
if (self.readFile(rep, f, p, True)):
File "/var/crash/.fm/targetScanner.py", line 305, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
TypeError: 'NoneType' object is unsubscriptable
Original issue reported on code.google.com by [email protected]
on 10 Nov 2009 at 7:59
On which URL this error occures? (Important!)
Which version of fimap you are using? (You can see that in the very first
line)
Lates beta on this site
On what operating system?
UBUNTU
Please provide any additional information below.
[OUT] Possible file inclusion found! -> 'http://afirec.com/site.php?
page=f0THyrB v' with Parameter 'page'.
[OUT] Identifing Vulnerability 'http://afirec.com/site.php?page=liens'
with Para m 'page'...
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap .googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "./fimap.py", line 258, in ?
g.startGoogleScan()
File "/tmp/fimap_alpha_v06.1/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/tmp/fimap_alpha_v06.1/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 83, in
testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/tmp/fimap_alpha_v06.1/targetScanner.py", line 184, in identifyVuln
pre = posixpath.join(r.getServerPath(), pre)
File "/usr/lib/python2.4/posixpath.py", line 62, in join
elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'
Original issue reported on code.google.com by [email protected]
on 17 Dec 2009 at 5:41
On which URL this error occures? (Important!)
http://www.programbetter.com/capella/ts7010/cis330/show.php?file=nav.php
Which version of fimap you are using? (You can see that in the very first
line)
latest with svn 0.7 svn
On what operating system?
CentOs Linux
Please provide any additional information below.
SUBJECT: fimap Regex
ERROR : Failed to retrieve script path.
URL : http://www.programbetter.com/capella/ts7010/cis330/show.php?
file=nav.php
Greets
Original issue reported on code.google.com by [email protected]
on 18 Dec 2009 at 6:39
What steps will reproduce the problem?
1. I scan the eu sites searching a vulnerable web page
2. ./fimap.py -g -q 'inurl:index.php site:eu'
3. and i wait, later, the fimap give the error
========= CONGRATULATIONS! =========
You have just found a bug!
What is the expected output? What do you see instead?
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/var/crash/.fm/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/var/crash/.fm/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/var/crash/.fm/targetScanner.py", line 80, in testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/var/crash/.fm/targetScanner.py", line 106, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
What version of the product are you using? On what operating system?
Linux Fedora Core
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 9 Nov 2009 at 8:42
Instead of having an issue i want to give you some new ideas.
As u probably know there are many ways of file inclusion. Though not everyone
knows some neat tricks if %00 isn't working. A few of them are listed here:
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
Might give you some new ideas to put in and check for. Keep up the good work.
Program looks promising
Original issue reported on code.google.com by [email protected]
on 11 Jun 2010 at 4:54
BUG..
cut here %<--------------------------------------------------------------
Exception: no path specified
Traceback (most recent call last):
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\fimap.py", line 516, in
<module>
g.startGoogleScan()
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\googleScan.py", line 94,
in startGoogleScan
single.scan()
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\singleScan.py", line 48,
in scan
res = t.testTargetVuln()
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\targetScanner.py", line
183, in testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\targetScanner.py", line
110, in analyzeURL
rep = self.identifyVuln(self.Target_URL, self.params, k, post, lang)
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\targetScanner.py", line
347, in identifyVuln
pre = self.relpath_win(rootdir, pre)
File "C:\Documents and Settings\Sikumbang\Desktop\LFI\baseClass.py", line 454,
in relpath_win
raise ValueError("no path specified")
ValueError: no path specified
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 21 Jun 2010 at 12:18
On which URL this error occures? (Important!)
http://www.ppnegocios.com
Which version of fimap you are using? (You can see that in the very first
line)
Fimap 0.7svn
On what operating system?
Linux CentOs
Please provide any additional information below.
################################################################################
############
#:: FI Bugs on
'www.ppnegocios.com' ::
#
################################################################################
############
#[1] URL: '/?link=credito.php' injecting file: '/proc/self/environ' using
param: 'link' #
#[2] URL: '/?link=credito.php' injecting file: 'php://input' using param:
'link' #
#[q]
Quit
#
################################################################################
############
Choose vulnerable script: 1
[INFO] Testing php-code injection thru User-Agent...
Traceback (most recent call last):
File "./fimap.py", line 237, in <module>
list_results()
File "./fimap.py", line 150, in list_results
c.start()
File "/home/jbpm/.fm/codeinjector.py", line 101, in start
code = self.__doHaxRequest(url, mode, settings["php_info"][0], suffix)
File "/home/jbpm/.fm/codeinjector.py", line 197, in __doHaxRequest
self.setUserAgent(userload)
AttributeError: 'codeinjector' object has no attribute 'setUserAgent'
Original issue reported on code.google.com by [email protected]
on 14 Dec 2009 at 8:11
On which URL this error occures? (Important!)
[OUT] Identifing Vulnerability 'http://www.fpsbrain.es/index.php?
page=unternehmen' with Param 'page'...
Which version of fimap you are using? (You can see that in the very first
line)
fimap 6.0 with svn 0.7
$ ./fimap.py
fimap v.07_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter.
Usage: ./fimap [options]
On what operating system?
Ubuntu 7.04 \n \l
Please provide any additional information below.
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/home/jbpm/.fm/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/home/jbpm/.fm/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/home/jbpm/.fm/targetScanner.py", line 82, in testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/home/jbpm/.fm/targetScanner.py", line 112, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
Thank's
Original issue reported on code.google.com by [email protected]
on 12 Nov 2009 at 10:41
Have your tool the Abilitiy to login into Website now or in the nearer Future
Original issue reported on code.google.com by [email protected]
on 9 Oct 2010 at 5:44
[OUT] Parsing URL 'http://www.ala.org.uk/mod.php?mod=userpage&page_id=10'...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! ->
'http://www.ala.org.uk/mod.php?mod=MVohB3tN&page_id=10' with Parameter 'mod'.
[OUT] Identifing Vulnerability
'http://www.ala.org.uk/mod.php?mod=userpage&page_id=10' with Param 'mod'...
[WARN] Failed to retrieve script path.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "fimap.py", line 258, in <module>
g.startGoogleScan()
File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/googleScan.py",
line 76, in startGoogleScan
single.scan()
File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/singleScan.py",
line 51, in scan
res = t.testTargetVuln()
File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/targetScanner.py",
line 80, in testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "/www/htdocs/diforchile/.cgi-bin/fimap_alpha_v06/targetScanner.py",
line 157, in identifyVuln
pre = os.path.join(r.getServerPath(), pre)
File "/usr/lib/python2.5/posixpath.py", line 62, in join
elif path == '' or path.endswith('/'):
AttributeError: 'NoneType' object has no attribute 'endswith'
Original issue reported on code.google.com by [email protected]
on 5 Nov 2009 at 5:59
Exception: 'ascii' codec can't decode byte 0x8e in position 676: ordinal
not in range(128)
Traceback (most recent call last):
File "fimap.py", line 316, in <module>
g.startGoogleScan()
File "/home/debian/fimap-read-only/src/googleScan.py", line 79, in
startGoogleScan
single.scan()
File "/home/debian/fimap-read-only/src/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/debian/fimap-read-only/src/targetScanner.py", line 182, in
testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/home/debian/fimap-read-only/src/targetScanner.py", line 118, in
analyzeURL
result.append((rep, self.readFiles(rep)))
File "/home/debian/fimap-read-only/src/targetScanner.py", line 452, in
readFiles
if (self.readFile(rep, f, p, POST=post)):
File "/home/debian/fimap-read-only/src/targetScanner.py", line 610, in
readFile
if (filepattern == None or code.find(filepattern) != -1):
UnicodeDecodeError: 'ascii' codec can't decode byte 0x8e in position 676:
ordinal not in range(128)
Original issue reported on code.google.com by [email protected]
on 4 Feb 2010 at 1:45
root@Saustin-Server:~/fimap/fimap_alpha_v01/lulwut/fimap/src# python
fimap.py -u http://192.168.1.8/hi/index.php?page=
fimap v.01 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL: 'http://192.168.1.8/hi/index.php?page='
[OUT] Parsing URL 'http://192.168.1.8/hi/index.php?page='...
[INFO] Fiddling around with URL...
[WARN] Failed to do request to (http://192.168.1.8/hi/index.php?page=LfdpM2Bj)
[WARN] open() got an unexpected keyword argument 'timeout'
Target URL isn't affected by any file inclusion bug :(
Need I explain anymore? My internet's connected, trust me!
Original issue reported on code.google.com by [email protected]
on 4 Sep 2009 at 10:53
C:\Python26>python.exe f\fimap.py -u
"http://www.mysmartoffice.ca/index.php?page
=about/contact/contact.php"
fimap v.06.1 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL:
'http://www.mysmartoffice.ca/index.php?page=about/con
tact/contact.php'
[OUT] Parsing URL
'http://www.mysmartoffice.ca/index.php?page=about/contact/cont
act.php'...
[INFO] Fiddling around with URL...
[OUT] Possible file inclusion found! ->
'http://www.mysmartoffice.ca/index.php?p
age=hEiSQEPe' with Parameter 'page'.
[OUT] Identifing Vulnerability
'http://www.mysmartoffice.ca/index.php?page=about
/contact/contact.php' with Param 'page'...
[WARN] Failed to do request to
(http://www.mysmartoffice.ca/index.php?page=k7yip
rCB)
[WARN] timed out
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap
.googlecode.com/
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Traceback (most recent call last):
File "f\fimap.py", line 244, in <module>
single.scan()
File "C:\Python26\f\singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "C:\Python26\f\targetScanner.py", line 83, in testTargetVuln
rep = self.identifyVuln(self.Target_URL, self.params, k)
File "C:\Python26\f\targetScanner.py", line 113, in identifyVuln
m = RE_SUCCESS_MSG.search(code)
TypeError: expected string or buffer
but aftr this ..when i tried again to scann ..i got another error .. as
"Target URL isn't affected by any file inclusion bug :("
C:\Python26>python.exe f\fimap.py -u
"http://www.mysmartoffice.ca/index.php?page
=about/contact/contact.php"
fimap v.06.1 by Iman Karim - Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL:
'http://www.mysmartoffice.ca/index.php?page=about/con
tact/contact.php'
[OUT] Parsing URL
'http://www.mysmartoffice.ca/index.php?page=about/contact/cont
act.php'...
[INFO] Fiddling around with URL...
[WARN] Failed to do request to
(http://www.mysmartoffice.ca/index.php?page=X6Cs1
S8G)
[WARN] timed out
Target URL isn't affected by any file inclusion bug :(
Thank you ..
Original issue reported on code.google.com by [email protected]
on 24 May 2010 at 7:06
THE SAME ERROR, ON THE SAME PAGE, WITH SVN 99 ALLREADY INSTALLED.
On which URL this error occures? (Important!)
http://www.unyt.edu.al/unyt/index.php?
pg=iQYlCSyN&id=83&menuid1=65&menuid2=122&menuid3=140&menuid4=199' with
Parameter 'pg'.
Which version of fimap you are using? (You can see that in the very first
line)
fimap v6.0 with svn 99
On what operating system?
Linux Fedora Core release 4 (Stentz)
Please provide any additional information below.
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/var/crash/.fm/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/var/crash/.fm/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/var/crash/.fm/targetScanner.py", line 83, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File "/var/crash/.fm/targetScanner.py", line 269, in readFiles
if (self.readFile(rep, f, p, True)):
File "/var/crash/.fm/targetScanner.py", line 305, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
TypeError: 'NoneType' object is unsubscriptable
I have the same error, before i been update with svn
my OS linux Fedora Core:
bash-3.00$ svn checkout http://fimap.googlecode.com/svn/trunk/ fimap
Revisión obtenida: 99
bash-3.00$
i have than other's machines (two more machines with CentOS) and i cant
update with svn checkout 'cuz isnt installed subversion
any idea?
sorry and thanks
Original issue reported on code.google.com by [email protected]
on 11 Nov 2009 at 12:27
What is the expected output? What do you see instead?
It bugged after null byte successful and trying to find /etc/passwd
What version of the product are you using? On what operating system?
.6 alpha on Backtrack4 prefinal
Please provide any additional information below.
stacktrace
Traceback (most recent call last):
File "./fimap.py", line 258, in <module>
g.startGoogleScan()
File "/home/xxx/fimap_alpha_v06/googleScan.py", line 76, in startGoogleScan
single.scan()
File "/home/xxx/fimap_alpha_v06/singleScan.py", line 51, in scan
res = t.testTargetVuln()
File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 83, in testTargetVuln
ret.append((rep, self.readFiles(rep)))
File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 203, in readFiles
if (self.readFile(rep, f, p)):
File "/home/xxx/fimap_alpha_v06/targetScanner.py", line 305, in readFile
if (scriptpath[-1] != "/" and filepatha[0] != "/" and not isAbs):
TypeError: 'NoneType' object is unsubscriptable
Original issue reported on code.google.com by [email protected]
on 4 Nov 2009 at 3:46
On which URL this error occures? (Important!)
Ubuntu 7.04 \n \l
Which version of fimap you are using? (You can see that in the very first
line)
Fimap 6.0 with svn 0.7
On what operating system?
Ubuntu 7.04 \n \l
Please provide any additional information below.
./fimap.py -H -u 'http://www.tvazteca.com/' -d 3 -w loghome
Traceback (most recent call last):
File "./fimap.py", line 264, in <module>
c.crawl()
File "/home/jbpm/.fm/crawler.py", line 53, in crawl
self.crawl_url(url, level)
File "/home/jbpm/.fm/crawler.py", line 74, in crawl_url
soup = BeautifulSoup(code)
File "/home/jbpm/.fm/xgoogle/BeautifulSoup.py", line 1447, in __init__
BeautifulStoneSoup.__init__(self, *args, **kwargs)
File "/home/jbpm/.fm/xgoogle/BeautifulSoup.py", line 1070, in __init__
self._feed()
File "/home/jbpm/.fm/xgoogle/BeautifulSoup.py", line 1111, in _feed
SGMLParser.feed(self, markup)
File "/usr/lib/python2.5/sgmllib.py", line 98, in feed
self.rawdata = self.rawdata + data
TypeError: cannot concatenate 'str' and 'NoneType' objects
Greets
Original issue reported on code.google.com by [email protected]
on 13 Nov 2009 at 8:48
On which URL this error occures? (Important!)
http://onlinecrypter.com/members/livezilla/server.php?request=
Which version of fimap you are using? (You can see that in the very first
line)
v.08.1
On what operating system?
Ubuntu 10.04 LTS i686
Exception: 'NoneType' object has no attribute 'find'
Traceback (most recent call last):
File "/home/xxx/fimap", line 502, in <module>
single.scan()
File "/home/xxx/work/fimap_alpha_v08.1/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/xxx/work/fimap_alpha_v08.1/targetScanner.py", line 208, in testTargetVuln
rep, doBreak = self.analyzeURLblindly(i, testfile, k, V, v, backSym, self.config["p_post"], False, fileobj.isUnix())
File "/home/xxx/work/fimap_alpha_v08.1/targetScanner.py", line 162, in analyzeURLblindly
if (code.find(find) != -1):
AttributeError: 'NoneType' object has no attribute 'find'
Original issue reported on code.google.com by [email protected]
on 2 Sep 2010 at 7:05
On which URL this error occures? (Important!)
http://www.ebookee.net/Mpls-Books-Include-Traffic-Shaping-Small-Book_33602.html
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.08.1
On what operating system?
Ubuntu 9.04 \n \l
Please provide any additional information below.
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: no element found: line 1, column 0
Traceback (most recent call last):
File "./fimap", line 516, in <module>
g.startGoogleScan()
File "/dev/shm/a/fimap_alpha_v08.1/googleScan.py", line 94, in startGoogleScan
single.scan()
File "/dev/shm/a/fimap_alpha_v08.1/singleScan.py", line 43, in scan
t = targetScanner(self.config)
File "/dev/shm/a/fimap_alpha_v08.1/baseClass.py", line 78, in __init__
self.__init_xmlresult()
File "/dev/shm/a/fimap_alpha_v08.1/baseClass.py", line 83, in __init_xmlresult
self.XML_Result = xml.dom.minidom.parse(xmlfile)
File "/usr/lib/python2.6/xml/dom/minidom.py", line 1918, in parse
return expatbuilder.parse(file)
File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 924, in parse
result = builder.parseFile(fp)
File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 211, in parseFile
parser.Parse("", True)
xml.parsers.expat.ExpatError: no element found: line 1, column 0
Original issue reported on code.google.com by [email protected]
on 27 Jul 2010 at 7:20
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]
On which URL this error occures? (Important!)
http://calgul.eu -none existing, mismatch, not sure if that is really a bug.
Which version of fimap you are using? (You can see that in the very first
line)
latest from svn 5 mins back - Checked out revision 285
On what operating system?
BackTrack 4, kernel 2.6.34
Please provide any additional information below.
root@bt:/pentest/web/fimapN/fimap-read-only/src# ./fimap.py -4 -u
"http://calgul.eu" -C
fimap v.09_svn (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim ([email protected])
AutoAwesome mode engaging URL 'http://calgul.eu'...
Requesting 'http://calgul.eu'...
[22:46:39] [WARN] <urlopen error (-2, 'Name or service not known')>
========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: 'NoneType' object is not iterable
Traceback (most recent call last):
File "./fimap.py", line 662, in <module>
awe.scan()
File "/pentest/web/fimapN/fimap-read-only/src/autoawesome.py", line 46, in scan
for head in headers:
TypeError: 'NoneType' object is not iterable
Original issue reported on code.google.com by [email protected]
on 19 Dec 2010 at 10:52
On which URL this error occures? (Important!)
URL : http://www.pinnacletours.com.au/index2.php?content=indexmore2.php
Which version of fimap you are using? (You can see that in the very first
line)
On what operating system?
Please provide any additional information below.
ERROR : Failed to retrieve script path.
[OUT] Possible file inclusion found! -
> 'http://www.pinnacletours.com.au/index2.php?content=AKvVWs2G' with
Parameter 'content'.
[OUT] Identifing Vulnerability 'http://www.pinnacletours.com.au/index2.php?
content=indexmore2.php' with Param 'content'...
[WARN] Failed to retrieve script path.
[MINOR BUG FOUND]
Original issue reported on code.google.com by [email protected]
on 15 Nov 2009 at 2:10
What steps will reproduce the problem?
1. Open cmd
2. Change to path where fimap is stored
3. Run it
What is the expected output? What do you see instead?
D:\fimap_alpha_v05>fimap.py
Traceback (most recent call last):
File "D:\fimap_alpha_v05\fimap.py", line 122, in <module>
def list_results(lst = os.path.join(os.environ.get('HOME'),
"fimap_result.xml")):
File "C:\Python25\lib\ntpath.py", line 90, in join
assert len(path) > 0
TypeError: object of type 'NoneType' has no len()
What version of the product are you using? On what operating system?
Vista
Python 2.5.1 (r251:54863, Apr 18 2007, 08:51:08) [MSC v.1310 32 bit
(Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
Please provide any additional information below.
This is line 122...Anything wrong with this?
def list_results(lst = os.path.join(os.environ.get('HOME'),
"fimap_result.xml")):
Original issue reported on code.google.com by [email protected]
on 10 Oct 2009 at 4:09
./fimap.py -x
fimap v.09_svn by Iman Karim - Automatic LFI/RFI scanner and exploiter
Traceback (most recent call last):
File "./fimap.py", line 298, in <module>
xmlsettings = language.XML2Config(config)
File "/home/falgold/fimap/src/baseClass.py", line 78, in __init__
self.__init_xmlresult()
File "/home/falgold/fimap/src/baseClass.py", line 83, in __init_xmlresult
self.XML_Result = xml.dom.minidom.parse(xmlfile)
File "/usr/local/lib/python2.6/xml/dom/minidom.py", line 1918, in parse
return expatbuilder.parse(file)
File "/usr/local/lib/python2.6/xml/dom/expatbuilder.py", line 924, in parse
result = builder.parseFile(fp)
File "/usr/local/lib/python2.6/xml/dom/expatbuilder.py", line 211, in
parseFile
parser.Parse("", True)
xml.parsers.expat.ExpatError: no element found: line 1, column 0
Which version of fimap you are using? (You can see that in the very first
line)
fimap v.09_svn
On what operating system?
Linux Red Hat
Please provide any additional information below.
Before this error fimap was working fine
Original issue reported on code.google.com by [email protected]
on 27 May 2010 at 10:50
cut here %<--------------------------------------------------------------
Exception: unsupported operand type(s) for +: 'NoneType' and 'str'
Traceback (most recent call last):
File "./fimap.py", line 516, in <module>
g.startGoogleScan()
File "/home/wishnu/fimap-read-only/src/googleScan.py", line 94, in
startGoogleScan
single.scan()
File "/home/wishnu/fimap-read-only/src/singleScan.py", line 48, in scan
res = t.testTargetVuln()
File "/home/wishnu/fimap-read-only/src/targetScanner.py", line 183, in
testTargetVuln
self.analyzeURL(ret, k, v, self.config["p_post"], False)
File "/home/wishnu/fimap-read-only/src/targetScanner.py", line 119, in
analyzeURL
result.append((rep, self.readFiles(rep)))
File "/home/wishnu/fimap-read-only/src/targetScanner.py", line 546, in
readFiles
fl = settings["dynamic_rfi"]["ftp"]["ftp_path"] + rep.getAppendix()
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
thanks
wishnusakti
Original issue reported on code.google.com by [email protected]
on 7 Jun 2010 at 3:32
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.