ThinkPHP6.0.0-6.0.1. thinkphp6 session arbitrary file creation vulnerability POC
https://www.uedbox.com/post/65126/
https://www.php.cn/phpkj/thinkphp/441727.html
On January 13, 2020, Thinkphp 6.0.2 was released, and a repair was indicated on the details page Session安全隐患
. After analysis, the vulnerability allows an attacker to create arbitrary files and delete arbitrary files with the session enabled in the target environment, and can also getshell under certain circumstances .
The specific affected version is ThinkPHP6.0.0-6.0.1.
Vulnerability reproduction
Add the following action in the index controller