Flir - Local File Inclusion

By kannthu

High

Vidoc Module

#flir#lfi

Description

Author: pikpikcu Classification CWE-ID: CWE-22 CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS-Score: 7.5 Flir is vulnerable to local file inclusion. Reference - https://juejin.cn/post/6961370156484263972 Metadata max-request: 1

Module preview

Concurrent Requests (1)

1. HTTP Request template

GET/download.php?file=/...

Matching conditions

regex: root:.*:0:0:and

status: 200

Passive global matcher

No matching conditions.

On match action

Report vulnerability