Shulou(Shulou.com)06/01 Report--

This article mainly introduces "ThinkPHP5.0. Vulnerability analysis and repair of remote command execution", in the daily operation, I believe that many people in ThinkPHP5.0. There are doubts about the vulnerability analysis and repair methods of remote command execution. The editor has consulted all kinds of data and sorted out simple and easy-to-use operation methods, hoping to help you answer the doubts of "ThinkPHP5.0. Vulnerability analysis and repair methods of remote command execution"! Next, please follow the editor to study!

0x01 scope of influence

ThinkPHP 5.0.x:5.0.x ~ 5.0.23

0x02 repair recommendation

Official update in GitHub: version update

Upgrade the code to the latest version 5.0.24

It is also recommended that users turn off debug mode in the online environment.

0x03 repair recommendation

The vulnerability is highly harmful and has a serious impact:

0x04 vulnerability analysis

The vulnerability mainly occurs in the method method of the ThinkPHPRequest class (thinkphp/library/think/Request.php)

The Request class can implement some settings for HTTP requests, where the member method method is used to get the current request type, which is defined as follows:

When the parameter passed in is false, the configuration item var_method is taken, and its default value is _ method

$this- > {$this- > method} ($_ POST); any method of the current class can be called through the post parameter _ method.

You can override the value of any member property by calling the constructor of the current class:

Here, by overriding the filter attribute, the filter attribute holds the function for global filtering.

However, in thinkphp5.0.23, the filter value is re-assigned to a null value, making it unavailable.

The param method of the Request class is called when debug is opened in thinkphp/library/think/App.php.

The method method is called in the thinkphp/library/think/Request.php param method and the parameter is set to true.

When the parameter is true, the server method is called

You will go to the input method and override the value of the server member property as array () through the previous method. The input method code is as follows:

Eventually, filterValue will be called to form arbitrary code execution:

At this point, the study on "ThinkPHP5.0. Vulnerability analysis and repair methods for remote command execution" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.