{"id":350,"date":"2006-09-25T04:48:24","date_gmt":"2006-09-25T04:48:24","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2006\/09\/fis-file-inclusion-scanner-v01-php-vulnerability\/"},"modified":"2010-06-18T09:10:33","modified_gmt":"2010-06-18T08:10:33","slug":"fis-file-inclusion-scanner-v01-php-vulnerability","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2006\/09\/fis-file-inclusion-scanner-v01-php-vulnerability\/","title":{"rendered":"FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability"},"content":{"rendered":"
<\/p>\n
A useful tool for anyone working with PHP applications.<\/p>\n
DESCRIPTION<\/strong> USAGE<\/strong> [local file]<\/strong> [remote file]<\/strong> [remote FIS ID file]<\/strong> INTENDED AUDIENCE<\/strong> FEATURES<\/strong> LOGGING<\/strong>
\n————
\nFIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP\/HTTP variables and then performs a security audit,in order to find out which of them are exploitable.<\/p>\n
\n——
\nphp fis.php [local file] [remote file] [remote FIS ID file]<\/p>\n
\n————–
\nThe local copy of the PHP source file used by FIS to map the variables for the audit.<\/p>\n
\n————–
\nThe remote copy of the source executed by a remote webserver, the file we will audit.<\/p>\n
\n———————-
\nThe FIS ID file is used to check whether a variable is exploitable or not. It contains PHP code that simply echoes a unique MD5 hash used for identification.<\/p>\n
\n——————
\nFIS is intended to be used by penetration testers, not script kidies nor malicious users. It creates a lot of noise on the remote host and can be easily discovered with a simple glance at
\nthe webserver logs, which makes it useless as a cracking tool.<\/p>\n
\n———
\nFIS, currently, supports audits using only GET requests. COOKIE & POST support is not yet implemented.<\/p>\n
\n———
\nFIS automatically logs extra audit information in “fis.log” in the working directory.<\/p>\n