Home>Article>Backend Development> ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability
This article mainly introduces to you the repair plan for high-risk remote code execution vulnerabilities in ThinkPHP < 5.0.24. I hope it will be helpful to friends in need!
Vulnerability description
Due to flaws in the ThinkPHP5.0 framework’s method processing of the Request class, hackers construct specific Requests can be made directly to GetWebShell.
Vulnerability Rating
Severe
Affected Version
ThinkPHP 5.0 Series< 5.0.24
Secure Version
ThinkPHP 5.0 Series 5.0.24
ThinkPHP 5.1 Series 5.1.31
Security Recommendations
Upgrade ThinkPHP to a secure version
Repair method 1. Open
thinkphplibrarythinkRequest.php
Search
public function method($method = false) { if (true === $method) { // 获取原始请求类型 return $this->server('REQUEST_METHOD') ?: 'GET'; } elseif (!$this->method) { if (isset($_POST[Config::get('var_method')])) { $this->method = strtoupper($_POST[Config::get('var_method')]); $this->{$this->method}($_POST); } elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { $this->method = strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']); } else { $this->method = $this->server('REQUEST_METHOD') ?: 'GET'; } } return $this->method; }
Change to:
public function method($method = false) { if (true === $method) { // 获取原始请求类型 return $this->server('REQUEST_METHOD') ?: 'GET'; } elseif (!$this->method) { if (isset($_POST[Config::get('var_method')])) { $method = strtoupper($_POST[Config::get('var_method')]); if (in_array($method, ['GET', 'POST', 'DELETE', 'PUT', 'PATCH'])) { $this->method = $method; $this->{$this->method}($_POST); } else { $this->method = 'POST'; } unset($_POST[Config::get('var_method')]); } elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { $this->method = strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']); } else { $this->method = $this->server('REQUEST_METHOD') ?: 'GET'; } } return $this->method; }
Save and overwrite The test is correct and the vulnerability fix is completed.
The above is the detailed content of ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability. For more information, please follow other related articles on the PHP Chinese website!