Shulou(Shulou.com)05/31 Report--

Thinkcmf website latest vulnerability repair methods, in view of this problem, this article introduces the corresponding analysis and answers in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

Recently, it has been found that many APP programs use thinkcmf, and there is a getshell vulnerability in the source code of this program. Our Sine security has urgently analyzed and fixed this high-risk vulnerability. Attackers can execute arbitrary script code on remote servers by constructing specific request packet get requests.

According to the configuration in index.php, the project path is application, open the Controller directory under Portal, and select a control class file.

It is found that his parent class is Common\ Controller\ HomebaseController.

Add the following test code to HomeBaseController

ThinkPHP is a set of application framework based on MVC, which is divided into three core components: model (M), view (V) and controller (C).

Because the added code is in the controller, the corresponding function name can be specified through the a parameter according to the ThinkPHP framework convention, but the modifier of the function must be Public, and the added code meets this condition.

You can access it through the following URL, and you can add the GET parameter arg1 to pass to the function.

Cmfx-master/?a=test_public&arg1=run%20success

There are some functions with access to public in the HomeBaseController class, focusing on display functions. If you look at the description, you can customize the loading template, and use the $this- > parseTemplate function to determine the template path according to the convention. If it does not meet the previous convention, it will start to match from the current directory.

Then call the display method of the THinkphp Controller function

/ * *

* load the template and page output to return the output

* @ access public

* @ param string $templateFile template file name

* @ param string $charset template output character set

* @ param string $contentType output type

* @ param string $content template output

* @ return mixed

, /

Public function display ($templateFile =', $charset ='', $contentType ='', $content ='', $prefix ='') {

Parent::display ($this- > parseTemplate ($templateFile), $charset, $contentType,$content,$prefix)

}

The next step is to call the fetch method of Think View, where the TMPL_ENGINE_TYPE is Think, and the final template content parsing is completed in ParseTemplateBehavior.

Any file can be loaded by calling the following

Http://127.0.0.1:81/cmfx-master/?a=display&templateFile=README.md

Fifth, implementation loopholes

Suggestions for repairing website vulnerabilities

The focus of the problem found through the audit code is to modify the modifier template functions of display and fetch functions. If you are not familiar with the program code, it is recommended to contact a professional website security company to fix the loophole. Domestic professionals such as Sinesafe, Green Alliance, Qiming Star, and so on. For many app calls the api interface source code of this program, it is recommended that we should first carry out comprehensive website vulnerability detection and penetration testing in order to prevent the harm caused by such attacks in advance.

This is the answer to the question about the repair method of the latest loophole in the thinkcmf website. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.