25 September 2006 | 17,294 views

FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability

Don't let a Dragon into your website!

A useful tool for anyone working with PHP applications.

FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable.

php fis.php [local file] [remote file] [remote FIS ID file]

[local file]
The local copy of the PHP source file used by FIS to map the variables for the audit.

[remote file]
The remote copy of the source executed by a remote webserver, the file we will audit.

[remote FIS ID file]
The FIS ID file is used to check whether a variable is exploitable or not. It contains PHP code that simply echoes a unique MD5 hash used for identification.

FIS is intended to be used by penetration testers, not script kidies nor malicious users. It creates a lot of noise on the remote host and can be easily discovered with a simple glance at
the webserver logs, which makes it useless as a cracking tool.

FIS, currently, supports audits using only GET requests. COOKIE & POST support is not yet implemented.

FIS automatically logs extra audit information in “fis.log” in the working directory.

FIS Website

You can download FIS directly here.


Recent in Countermeasures:
- Facebook Launches ThreatExchange – Security Clearinghouse API
- Acunetix OVS Review (Online Vulnerability Scanner)
- isowall – Completely Isolate A Device From The Local Network

Related Posts:
- LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
- inspathx – Tool For Finding Path Disclosure Vulnerabilities
- fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,410 views
- Password Hasher Firefox Extension - 117,195 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,589 views

Low-cost VPS Hosting

5 Responses to “FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability”

  1. dre 8 October 2006 at 12:14 am Permalink

    you guys have a habit of posting web application attack tools which no longer exist. Both Oedipus and now FIS websites no longer exist!

  2. Darknet 8 October 2006 at 6:06 pm Permalink

    Ah that sucks, it was up when I posted this I checked.

    I think I have a copy somewhere, I’ll upload it when I get chance.

  3. Zapotek 9 October 2006 at 1:26 pm Permalink

    I had some probs with my hosting company…
    It’s up now, sorry.

    Oh yeah, Zapotek here….. hehehe

    SegFault.Gr will move again but it’ll be up again shortly. ;)

  4. Darknet 15 October 2006 at 3:21 pm Permalink

    Thanks for the update Zapotek :)

  5. Zapotek 26 November 2007 at 1:14 am Permalink

    Since I still get visitor looking for FIS from this article,
    I thought I’d let you know that the new link is: