From 181752a78604296d91016eaba27c8af6ed7a6f9f Mon Sep 17 00:00:00 2001
From: pwnhxl <718701810@qq.com>
Date: Wed, 8 Mar 2023 17:56:47 +0800
Subject: [PATCH] thinkphp-detect

---
 technologies/thinkphp-detect.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 technologies/thinkphp-detect.yaml

diff --git a/technologies/thinkphp-detect.yaml b/technologies/thinkphp-detect.yaml
new file mode 100644
index 0000000000..b6ba24bd04
--- /dev/null
+++ b/technologies/thinkphp-detect.yaml
@@ -0,0 +1,31 @@
+id: thinkphp-detection
+
+info:
+  name: ThinkPHP - Detect
+  author: pwnhxl
+  severity: info
+  description: ThinkPHP Development framework Detect
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+  tags: thinkphp,tech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?s={{randstr}}&c={{randstr}}&a={{randstr}}&s={{randstr}}"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '/Library/Think/Think.class.php'
+          - '{ Fast & Simple OOP PHP Framework } -- [ WE CAN DO IT JUST THINK ]'
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - 'X-Powered-By: ThinkPHP'