Website Threat Inspector - Two plugins for detecting high-risk vulnerabilities of Metinfo and ThinkPHP
Aug 28 2018
Content
Target Users: Users of Metinfo and ThinkPHP3.2. Features released: Two plugins for detecting high-risk vulnerabilities. 1. PoC released for the latest high-risk vulnerability of Metinfo, such as arbitrary file access, XXE (XML external entity injection attack) and sensitive information leakage. 2. ThinkPHP3.2 SQL injection detection. Attackers can construct malicious SQL statements or exploit this vulnerability to initiate attacks and obtain sensitive data and permissions of databases. We recommend users of Metinfo and ThinkPHP conduct proactive security checks.