ZZZCMS RCE is a false positive if we see phpinfo() without posting any data

2023-09-25 16:24:23 +02:00 · 2023-09-25 16:24:23 +02:00 · 8e3d9c97ce
parent 109a3790d1
commit 8e3d9c97ce
1 changed files with 14 additions and 1 deletions
--- a/http/cves/2019/CVE-2019-9041.yaml
+++ b/http/cves/2019/CVE-2019-9041.yaml
@ -23,6 +23,13 @@ info:
  tags: cve,cve2019,zzzcms,rce,edb

 http:
+  - method: POST
+    path:
+      - "{{BaseURL}}/search/"
+
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+
  - method: POST
    path:
      - "{{BaseURL}}/search/"
@ -36,7 +43,13 @@ http:
    matchers-condition: and
    matchers:
      - type: word
-        part: body
+        part: body_1
+        words:
+          - "phpinfo"
+        negative: true
+
+      - type: word
+        part: body_2
        words:
          - "phpinfo"
          - "PHP Version"