Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Example Analysis of thinkphp 5.1 deserialization Utilization chain

2025-01-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

Editor to share with you the example analysis of thinkphp 5.1 deserialization utilization chain, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Thinkphp 5.1deserialization pop chain Analysis

Here we choose 5.1 for analysis, and 5.2 is not much different from this, so I'll choose one.

Because there is a public poc on the Internet, we can use poc to reverse analyze the pop chain. A way to write poc first:

As you can see, this poc finally serializes an Windows instance, so the trigger point of deserialization must be the magic methods in Windows, such as weakup (), destruct (), and so on. Let's take a look at the source code. In the Windows class, there is a magic method _ _ destruct (), which is called when the object is destroyed, in which two functions are called

Public function _ destruct () {$this- > close (); $this- > removeFiles ();}

There are no operations we are interested in in the close function, but the removeFiles () function is more interesting:

Private function removeFiles () {foreach ($this- > files as $filename) {if (file_exists ($filename)) {@ unlink ($filename);}} $this- > files = [];}

The object's files variable is traversed, and if the value is a path to an existing file, delete is performed. We can control the $this- > files variable, so if there is a deserialization point, here is an arbitrary file deletion vulnerability. To demonstrate this vulnerability more clearly, let's construct the PoC ourselves:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 220

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report