.. / CVE-2022-25481

Exploit for ThinkPHP 5.0.24 - Information Disclosure (CVE-2022-25481)

Description:

ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.

Nuclei Template

View the template here CVE-2022-25481.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-25481.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/Lyther/VulnDiscover/blob/master/Web/ThinkPHP_InfoLeak.md
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2022-25481
https://github.com/20142995/sectool

.. / CVE-2022-25481 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for ThinkPHP 5.0.24 - Information Disclosure (CVE-2022-25481)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-25481