Skip to content
/ Thinkphp5.x- Public

Thinkphp5.x 漏洞验证工具和带有漏洞版本的thinkphp

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

littlebin404/Thinkphp5.x-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
images
images
 
 
README.md
README.md
 
 
ThinkPHP_getshell-v2.exe
ThinkPHP_getshell-v2.exe
 
 
thinkphp_5.0.15_full.zip
thinkphp_5.0.15_full.zip
 
 

Repository files navigation

1.以带有漏洞的thinkphp版本为验证对象。工具测试结果如下: iamge iamge

用菜刀进行连接: iamge

验证成功!

Thinkphp v5.0.x补丁地址: https://github.com/top-think/framework/commit/b797d72352e6b4eb0e11b6bc2a2ef25907b7756f

Thinkphp v5.1.x补丁地址: https://github.com/top-think/framework/commit/802f284bec821a608e7543d91126abc5901b2815

整个thinkphp框架里对控制器没有进行严格的过滤与查找,使攻击者可以伪造恶意参数进行插入,原因是过滤的正则表达式没有正确使用,导致可以绕过。

About

Thinkphp5.x 漏洞验证工具和带有漏洞版本的thinkphp

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published