Create thinkphp-errors.yaml

misconfiguration/thinkphp-errors.yaml

@@ -0,0 +1,52 @@
+id: thinkphp-errors
+
+info:
+  name: ThinkPHP - Errors
+  author: j4vaovo
+  severity: medium
+  metadata:
+    verified: "true"
+    fofa-query: app="ThinkPHP" && title="System Error"
+  tags: thinkphp,misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DATABASE_PASSWORD</td>"
+          - "REDIS_PASSWORD</td>"
+          - "ROCKETMQ_SECRET_KEY</td>"
+          - "WECHAT_SECRET_KEY</td>"
+          - "JWT_KEY</td>"
+          - "JWT_SECRET</td>"
+          - "API_KEY</td>"
+          - "ACCESS_KEY</td>"
+          - "ACCESS_KEY_SECRET</td>"
+        condition: or
+
+      - type: word
+        part: body
+        words:
+          - "<title>系统发生错误</title>"
+          - "<title>System Error</title>"
+        condition: or
+
+      - type: word
+        part: body
+        words:
+          - "Exception"
+          - "REQUEST_TIME"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+          - 500
+          - 404
+        condition: or