Programmer Think

ThinkPHP6.0 deserialization vulnerability preface In learning the master's thinkphp6 Recurrence of deserialization vulnerability in 0. X article I found that the TP version I downloaded was the repaired version. So change the old chain to reach RCE. Before reading this article, let's take a look at the above-mentioned master's article. Repai ...

Vulnerability summary The flaw lies in that the bottom layer of ThinkPHP does not check the validity of the controller name well, resulting in that the user can call any method of any class without opening the forced routing, which eventually leads to a remote code execution vulnerabilityVulnerability impact version: 5.0.7<=ThinkPHP5 ...

Vulnerability environment Vulnerability test environment: PHP5 6+ThinkPHP5. zero point two fourVulnerability test code: application / index / controller / index php <?php namespace app\index\controller; class Index { public function index() { $Gyan = unserialize($_GET['d1no']); var_dump($Gyan); return '&lt ...

ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux ThinkPHP5.0.24Vulnerability code<?php namespace app\index\controller; class Index { public function test01(){ $code = $_POST['code']; unserialize(base64_decode($code)); } } payload/index.php/index/index/test01 POST code=TzoyNzoidGhpbmtccHJvY2Vzc1xwa ...