Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to reproduce the vulnerabilities created by arbitrary thinkphp6 files

2025-03-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/03 Report--

This article to share with you is about how to carry out thinkphp6 arbitrary file creation vulnerability reproduction, Xiaobian feel quite practical, so share to everyone to learn, I hope you can read this article after some harvest, not much to say, follow Xiaobian to see it.

01 Background

Recently, Qianxin released a ThinkPHP 6.0 "arbitrary" file creation vulnerability security risk notice. DYSRC analyzed the vulnerability at the first time and successfully reproduced the vulnerability.

Vulnerability impact: top-think/framework 6.x < 6.0.2

02 Positioning problem

Based on arbitrary file creation and recent commit history, it can be inferred that 1bbe75019 is the patch for this issue. You can see that the patch restricts sessionid to letters and numbers, which makes the problem even more obvious.

03 Principle analysis

Putting aside the above problem, let's take a look at how thinkphp stores sessions.

ThinkcontractSessionHandlerInterface

SessionHandlerInterface::write method is executed when localizing session data and is automatically executed at the end of each request.

See how the thinksessiondriverFile class is implemented.

First generate the file name from $sessID by getFileName, and then writeFile writes to the file.

Follow up getFileName and concatenate the passed $sessID directly as the file name. Since $sessID is controllable, file names are controllable.

04 Presentation

At this point in the analysis, the entire vulnerability flow was basically clear. The local demo results are given below.

The above is how to make thinkphp6 arbitrary file creation vulnerability recurrence, Xiaobian believes that some knowledge points may be what we see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Files vulnerabilities problems file names analysis time more knowledge articles systems patches demonstrations practical obvious security success history principles letters on this vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi macOS NVidia Redmi Shulou Information OPPO Reno Microsoft Shulou Technology Huawei Linux Apple vpn MySQL Docker MariaDB Shulou Tech Info Xiaomi macOS NVidia Redmi Shulou Information OPPO Reno Microsoft Shulou Technology Huawei Linux Apple vpn MySQL Docker MariaDB Shulou Tech Info

Share To

Related

Development

More Development >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report