Commit ccc2a061 authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com

Cookie\Header attacking implemented. Needs testing a bit.

parent ae09f929
......@@ -82,7 +82,7 @@ class codeinjector(baseClass):
if (kernel == ""): kernel = None
payload = "%s%s%s" %(prefix, shcode, suffix)
if (ispost == 0):
path = fpath.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload))
fpath = fpath.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload))
elif (ispost == 1):
postdata = postdata.replace("%s=%s" %(param, paramvalue), "%s=%s"%(param, payload))
elif (ispost == 2):
......@@ -93,7 +93,7 @@ class codeinjector(baseClass):
sys_inject_works = False
working_shell = None
url = "http://%s%s" %(hostname, path)
url = "http://%s%s" %(hostname, fpath)
code = None
......@@ -617,17 +617,19 @@ class codeinjector(baseClass):
file = n.getAttribute("file")
param = n.getAttribute("param")
mode = n.getAttribute("mode")
ispost = n.getAttribute("ispost")=="1"
ispost = int(n.getAttribute("ispost"))
if (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] not in ("ftp", "local")):
doRemoteWarn = True
if (mode.find("x") != -1 or (mode.find("R") != -1 and settings["dynamic_rfi"]["mode"] in ("ftp", "local"))):
choose[idx] = n
if (ispost==1):
if (ispost == 0):
textarr.append("[%d] URL: '%s' injecting file: '%s' using POST-param: '%s'" %(idx, path, file, param))
else:
elif (ispost == 1):
textarr.append("[%d] URL: '%s' injecting file: '%s' using GET-param: '%s'" %(idx, path, file, param))
elif (ispost == 2):
textarr.append("[%d] URL: '%s' injecting file: '%s' using HEADER-param: '%s'" %(idx, path, file, param))
idx = idx +1
if (idx == 1):
......
......@@ -31,8 +31,6 @@ import language
import sys,os
import tarfile, tempfile
import shutil
# To change this template, choose Tools | Templates
# and open the template in the editor.
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$30.08.2009 19:57:21$"
......@@ -93,7 +91,8 @@ def show_help(AndQuit=False):
print " -P , --post=POSTDATA The POSTDATA you want to send. All variables inside"
print " will also be scanned for file inclusion bugs."
print " --cookie=COOKIE Define the cookie which should be send with each request."
print " Also the cookie will be scanned for file inclusion bugs."
print " Also the cookies will be scanned for file inclusion bugs."
print " Multiple cookies should be concat with ';'."
print " --ttl=SECONDS Define the TTL (in seconds) for requests. Default is 30 seconds."
print " --no-auto-detect Use this switch if you don't want to let fimap automaticly detect"
print " the target language in blind-mode. In that case you will get some"
......@@ -597,7 +596,7 @@ if __name__ == "__main__":
sys.exit(1)
if (config["p_monkeymode"] == True):
print "Experimental blind FI-error checking enabled."
print "Blind FI-error checking enabled."
......
......@@ -57,22 +57,21 @@ class singleScan(baseClass):
header = "[%d] Possible File Inclusion"%(idx)
if (report.getLanguage() != None):
header = "[%d] Possible %s-File Inclusion"%(idx, report.getLanguage())
boxarr.append("::REQUEST::")
boxarr.append(" [URL] %s"%report.getURL())
if (report.getPostData() != None and report.getPostData() != ""): boxarr.append(" [POST] %s"%report.getPostData())
if (report.isPost == 1):
boxarr.append(" [POSTPARM] %s"%report.getVulnKey())
elif (report.isPost == 2):
boxarr.append(" [VULN HEAD] %s"%report.getVulnHeader())
boxarr.append(" [VULN PARA] %s"%report.getVulnKey())
if (report.getHeader() != None and report.getHeader().keys() > 0):
modkeys = ",".join(report.getHeader().keys())
boxarr.append(" [HEAD SENT] %s"%(modkeys))
elif (report.isPost == 0):
boxarr.append(" [PARAM] %s"%report.getVulnKey())
boxarr.append("::VULN INFO::")
if (report.isPost == 0):
boxarr.append(" [GET PARAM] %s"%report.getVulnKey())
elif (report.isPost == 1):
boxarr.append(" [POSTPARM] %s"%report.getVulnKey())
elif (report.isPost == 2):
boxarr.append(" [VULN HEAD] %s"%report.getVulnHeader())
boxarr.append(" [VULN PARA] %s"%report.getVulnKey())
if (report.isBlindDiscovered()):
boxarr.append(" [PATH] Not received (Blindmode)")
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment