nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

ThinkPHP 5.0.1 - Remote Code Execution (thinkphp-501-rce)

Open ehsandeep opened this issue 2 years ago • 1 comments

Nuclei Version:

latest

Template file:

vulnerabilities/thinkphp/thinkphp-501-rce.yaml

Command to reproduce:

This will match with any host that have phpinfo content in the response, but not necessarily rce as a result of payload, payload + matchers to need to improve to confirm the rce.

ehsandeep avatar Sep 17 '22 13:09 ehsandeep

might be better for this one (have experienced this FP in the past) to use interactsh to confirm execution of code?

EvergreenCartoons avatar Sep 19 '22 19:09 EvergreenCartoons

This issue has been fixed in this PR

princechaddha avatar Nov 29 '22 13:11 princechaddha