Home > Backend Development > PHP Tutorial > ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

藏色散人
Release: 2023-04-06 12:40:02
forward
8533 people have browsed it

This article mainly introduces to you the repair plan for high-risk remote code execution vulnerabilities in ThinkPHP < 5.0.24. I hope it will be helpful to friends in need!

ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

Vulnerability description
Due to flaws in the ThinkPHP5.0 framework’s method processing of the Request class, hackers construct specific Requests can be made directly to GetWebShell.

Vulnerability Rating
Severe

Affected Version
ThinkPHP 5.0 Series< 5.0.24

Secure Version
ThinkPHP 5.0 Series 5.0.24
ThinkPHP 5.1 Series 5.1.31

Security Recommendations
Upgrade ThinkPHP to a secure version

Repair method 1. Open

thinkphplibrarythinkRequest.php

Search

public function method($method = false)
    {
        if (true === $method) {
            // 获取原始请求类型
            return $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
        } elseif (!$this->method) {
            if (isset($_POST[Config::get(&#39;var_method&#39;)])) {
                $this->method = strtoupper($_POST[Config::get(&#39;var_method&#39;)]);
                $this->{$this->method}($_POST);
            } elseif (isset($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;])) {
                $this->method = strtoupper($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;]);
            } else {
                $this->method = $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
            }
        }
        return $this->method;
    }
Copy after login

Change to:

public function method($method = false)
    {
        if (true === $method) {
            // 获取原始请求类型
            return $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
        } elseif (!$this->method) {
            if (isset($_POST[Config::get(&#39;var_method&#39;)])) {
                $method = strtoupper($_POST[Config::get(&#39;var_method&#39;)]);
                if (in_array($method, [&#39;GET&#39;, &#39;POST&#39;, &#39;DELETE&#39;, &#39;PUT&#39;, &#39;PATCH&#39;])) {
                    $this->method = $method;
                    $this->{$this->method}($_POST);
                } else {
                    $this->method = &#39;POST&#39;;
                }
                unset($_POST[Config::get(&#39;var_method&#39;)]);
            } elseif (isset($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;])) {
                $this->method = strtoupper($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;]);
            } else {
                $this->method = $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
            }
        }
        return $this->method;
    }
Copy after login

Save and overwrite The test is correct and the vulnerability fix is ​​completed.

The above is the detailed content of ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:aliyun.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template