简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

藏色散人
藏色散人forward
2019-04-29 09:08:168493browse

This article mainly introduces to you the repair plan for high-risk remote code execution vulnerabilities in ThinkPHP < 5.0.24. I hope it will be helpful to friends in need!

ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability

Vulnerability description
Due to flaws in the ThinkPHP5.0 framework’s method processing of the Request class, hackers construct specific Requests can be made directly to GetWebShell.

Vulnerability Rating
Severe

Affected Version
ThinkPHP 5.0 Series< 5.0.24

Secure Version
ThinkPHP 5.0 Series 5.0.24
ThinkPHP 5.1 Series 5.1.31

Security Recommendations
Upgrade ThinkPHP to a secure version

Repair method 1. Open

thinkphplibrarythinkRequest.php

Search 

public function method($method = false)
    {
        if (true === $method) {
            // 获取原始请求类型
            return $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
        } elseif (!$this->method) {
            if (isset($_POST[Config::get(&#39;var_method&#39;)])) {
                $this->method = strtoupper($_POST[Config::get(&#39;var_method&#39;)]);
                $this->{$this->method}($_POST);
            } elseif (isset($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;])) {
                $this->method = strtoupper($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;]);
            } else {
                $this->method = $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
            }
        }
        return $this->method;
    }

Change to: 

public function method($method = false)
    {
        if (true === $method) {
            // 获取原始请求类型
            return $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
        } elseif (!$this->method) {
            if (isset($_POST[Config::get(&#39;var_method&#39;)])) {
                $method = strtoupper($_POST[Config::get(&#39;var_method&#39;)]);
                if (in_array($method, [&#39;GET&#39;, &#39;POST&#39;, &#39;DELETE&#39;, &#39;PUT&#39;, &#39;PATCH&#39;])) {
                    $this->method = $method;
                    $this->{$this->method}($_POST);
                } else {
                    $this->method = &#39;POST&#39;;
                }
                unset($_POST[Config::get(&#39;var_method&#39;)]);
            } elseif (isset($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;])) {
                $this->method = strtoupper($_SERVER[&#39;HTTP_X_HTTP_METHOD_OVERRIDE&#39;]);
            } else {
                $this->method = $this->server(&#39;REQUEST_METHOD&#39;) ?: &#39;GET&#39;;
            }
        }
        return $this->method;
    }

Save and overwrite The test is correct and the vulnerability fix is ​​completed.

The above is the detailed content of ThinkPHP < 5.0.24 Repair plan for high-risk remote code execution vulnerability. For more information, please follow other related articles on the PHP Chinese website!

php thinkphp
Statement:
This article is reproduced at:aliyun.com. If there is any infringement, please contact admin@php.cn delete
Previous article:A brief discussion on the prevention and solution of cache penetration and cache invalidation in redisNext article:A brief discussion on the prevention and solution of cache penetration and cache invalidation in redis

Related articles

See more