MetInfo Arbitrary File Read Scanner

MetInfo is a widely used content management system (CMS) that is developed with PHP and MySQL, primarily employed by businesses and organizations for managing and publishing web content. It allows users to build websites without extensive coding knowledge, featuring a customizable and user-friendly interface. Typically, MetInfo is used by small to medium-sized businesses that need a cost-effective solution for web content management. The CMS is versatile, supporting a range of functionalities from content and media management to SEO optimization. As a web-based application, it can be accessed by administrators and editors from anywhere, provided they have internet access. Its architecture supports extensibility and integration with various plugins and themes, facilitating a diverse range of use cases.

An arbitrary file read vulnerability allows attackers to read files from a server that should not be accessible under normal conditions. This type of vulnerability often arises when user input is improperly validated, allowing attackers to traverse the file system. In the case of MetInfo, the vulnerability is located within the `old_thumb.class.php` file. Vulnerabilities of this nature can lead to significant data exposure if sensitive files, such as configuration or database files, are accessed. Implementing robust validation and access control is vital to prevent unauthorized file access. Such vulnerabilities underscore the importance of regular software updates and security practices to protect sensitive data.

The arbitrary file read vulnerability in MetInfo v6.0.0 is located in the `old_thumb.class.php` file. Attackers can manipulate the file path parameter in HTTP requests to read sensitive files stored on the server. By altering the file path, an attacker can bypass directory restrictions and access files outside of the intended directory structure. The particular request shown in the nuclei template demonstrates how an attacker can exploit this issue by using specific path traversal sequences. The vulnerability can lead to information leakage, which poses a serious security risk if the compromised files contain sensitive configuration details or user data. Proper sanitization and validation of user inputs are critical to mitigating this vulnerability.

If exploited, this vulnerability can allow malicious actors to read files containing sensitive information, potentially including database credentials, configuration secrets, and other critical application data. Unauthorized access to these files can lead to further compromise of the application and underlying server. Attackers with access to configuration files might escalate their privileges or conduct additional attacks, such as injecting malicious code or gaining administrative access. In severe cases, this can lead to data breaches, loss of customer trust, or compliance violations. Timely mitigation and regular security reviews are essential to protect against such potential threats.

REFERENCES

• https://www.metinfo.cn