-
Notifications
You must be signed in to change notification settings - Fork 99
FrequentlyAskedQuestions
File Inclusion.
All lowercase: fimap.
A clean inclusion doesn't have any appendix. For example the PHP code:
<? include($_GET["inc"]); ?>
will produce a clean inclusion bug.
A dirty inclusion have a forced appendix. For example the PHP code:
<? include($_GET["inc"] . ".php"); ?>
will produce a dirty inclusion bug.
dynamic_rfi (dynamic_remote_file_inclusion) is a special mode of fimap.
If you want to use RFI by hand you usually have to upload your payloads to a server and execute them thru a FI bug on the victim server.
But why shouldn't a tool do that stuff for you?
You can choose between 'local' and 'ftp' mode.
Based on your mode, fimap will automaticly copy the payloads to either your local machine or the given ftp server, execute them and finally delete them.
Also (which is only possible with dyn_rfi) you can exploit includes like:
- include($_GET["inc"] . "/lang/index.php"); ?>
where no Null-Byte is possible. The dyn_rfi "engine" will create needed folders and files automaticly. No headache! With this in mind you can imagine that RFI scanning with dyn_rfi enabled is more efficient than just trying a few remote sites._
To test if you have dyn_rfi correctly configured you can start fimap with --test-rfi
Yes! This means usually that fimap has found a FI-Bug but hasn't any readable files. In that case it could be possible to upload (for example) a manipulated Image and use this as inclusion point! Take care!
YES! They will find you and bust you!
DON'T USE THIS TOOL ON SERVERS WHERE YOU DONT HAVE PERMISSION TO PENTEST OR YOU'RE IN JAIL FASTER THAN SPEED OF LIGHT!
It's because this tool should provide you a realistic and easy way to test how secure your server really is. Maybe you host different sites for different customers - in that case you can see how vulnerable your whole system is if one of your customer "codes" an inclusion-bug. You can see how deep the impact is if your customers have spent too few time and love to the security.
Yes man! It would be crap if not. Basicly there are 2 files.
~/fimap.log which will save all bugs found by fimap while scanning - regardless if the bug is useful to attack or not.
~/fimap_results.xml is the storage of fimap where all valuable bugs will be stored in a sexy computer friendly format for later attacking. If you have found some LFI/RFI bugs you might want to start fimap with the -x parameter!
First of all download the SVN version and verify that your bug still exists in the SVN snapshot. If it's fixed thanks for your time! If not feel free to file a new bug in the issues tracker here! I usually fix bugs very quickly so if you are annoyed of a bug it's in your interest to report it :)
Sure!
Yes it does!
Mac? What's that?
Contact me if you want to join this epic project now!
- E-Mail\Jabber:
fimap.dev@gmail.com
Europe.