Commit fbdf5bf6 authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com

Fixed Issue 81 reported by dookie [atom] kali [dot] org

fimap failed to check vulnerabilties blindly which had no local files
readable. I assumed that /etc/passwd is always readable.
Sadly in my fresh debian test setup i could not read /etc/passwd (or any other local file
defined in the xml files) - hence fimap did not even try to check for RFI.

Now fimap also tests for RFI vulns while operated in blindmode.

Thank you alot Dookie for this report!
parent eec29970
<?xml version="1.0" encoding="UTF-8"?>
<fimap language="generic" revision="2">
<fimap language="generic" revision="3">
<!-- WTF is this file?
This file describes the basic scan parameters of fimap.
You can add much more files but read this facts:
......@@ -86,8 +86,11 @@
<file path="/etc/passwd" find="root:" flags="r" unix="1" windows="0"/>
<file path="c:\boot.ini" find="[operating" flags="r" unix="0" windows="1"/>
<file path="c:\windows\win.ini" find="[fonts" flags="r" unix="0" windows="1"/>
</blind_files>
<file path="http://www.tha-imax.de/fimap_testfiles/test" find="This is the right thing." flags="rR" unix="1" windows="1"/>
<file path="http://www.tha-imax.de/fimap_testfiles/test.php" find="This is the right thing." flags="rR" unix="1" windows="1"/>
<file path="http://www.tha-imax.de/fimap_testfiles/test.html" find="This is the right thing." flags="rR" unix="1" windows="1"/>
<file path="http://www.tha-imax.de/fimap_testfiles/test.inc" find="This is the right thing." flags="rR" unix="1" windows="1"/>
</blind_files>
<methods>
<unix concatcommand=";">
<shellquiz source="cm5kMSA9IHJhbmRvbS5yYW5kcmFuZ2UoMTAsIDk5KQpybmQyID0gcmFuZG9tLnJhbmRyYW5nZSgxMCwgOTkpCnJlc3VsdCA9IHN0cihybmQxICogcm5kMikKc2hlbGxjb2RlID0gImVjaG8gJCgoJWQqJWQpKSIlKHJuZDEsIHJuZDIpCnJldCA9IChzaGVsbGNvZGUsIHJlc3VsdCk=" />
......@@ -111,4 +114,4 @@
<language name="PHP" langfile="php.xml" />
<language name="Perl" langfile="perl.xml" />
</languagesets>
</fimap>
</fimap>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<fimap language="php" revision="3" force_inclusion_test="0" autor="Iman Karim (ikarim2s@smail.inf.fh-brs.de)" >
<fimap language="php" revision="4" force_inclusion_test="0" autor="Iman Karim (imax@tha-imax.de)" >
<snipe regex="Failed opening( required)* '(?P&lt;incname&gt;[\d\w/\.\-:\\]*?%s[\d\w/\.\-\\]*?)' (for inclusion)*" />
<relative_files>
......@@ -10,7 +10,7 @@
</absolute_files>
<remote_files>
<file path="http://www.phpbb.de/index.php" find="Willkommen auf phpBB.de" flags="rR" unix="1" windows="1"/>
<file path="http://www.tha-imax.de/fimap_testfiles/test" find="This is the right thing." flags="rR" unix="1" windows="1"/>
</remote_files>
<log_files>
......
......@@ -340,6 +340,12 @@ class targetScanner (baseClass.baseClass):
if (doBreak):
return(ret) # <-- Return if we found one blindly readable file.
# When this is a remote file inclusion test done blindly, we do not want to bruteforce
# subdirectories with ../../http://www.... nonsense.
if ("R" in fileobj.getFlags()):
break
return(ret)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment