Mini Mouse 9.2.0 - Local File Inclusion

What is "Mini Mouse 9.2.0 - Local File Inclusion?"

The "Mini Mouse 9.2.0 - Local File Inclusion" module is designed to detect local file inclusion vulnerabilities. It specifically targets the Mini Mouse 9.2.0 software. This vulnerability allows remote unauthenticated attackers to include and disclose the content of locally stored files. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.

This module was authored by 0x_Akoko.

Impact

A successful exploitation of the local file inclusion vulnerability in Mini Mouse 9.2.0 can lead to unauthorized access to sensitive files stored on the target system. This can potentially expose confidential information, such as configuration files, user credentials, or other sensitive data.

How does the module work?

The module sends HTTP requests to the target system, specifically targeting the "/file=C:%5CWindows%5Cwin.ini" path. It uses the GET method to retrieve the content of the specified file.

The module includes two matching conditions to determine if the vulnerability is present. First, it checks the response status code, expecting a 200 status. Additionally, it searches for specific words in the response body, including "bit app support," "fonts," and "extensions." If both conditions are met, the module identifies the presence of the local file inclusion vulnerability.

It's important to note that the module does not disclose the actual JSON definitions used for the detection. Instead, it focuses on providing a technical description of the module's functionality.