Vulnerability Description
Since the name of the controller ThinkPHP5 framework without adequate safety testing, resulting in the absence of forced open route, the hacker configuration specific request can be directly GetWebShell.
Vulnerability Scoring
serious
Affects Version
ThinkPHP 5.0 Series <5.0.23
ThinkPHP Series 5.1 <5.1.31
Security version
ThinkPHP 5.0 Series 5.0.23
ThinkPHP 5.1 Series 5.1.31
ThinkPHP5. * Releases security updates
The updated version mainly related to a security update, since the frame controller name without adequate testing may result in a possible turn in the absence of mandatory routing of
getshell
vulnerability, including the affected version5.0
and5.1
the version recommended to update to the latest version as soon as possible.
If various reasons, temporarily unable to update to the latest version (earlier versions upgrade to the latest version there may be compatibility issues, please refer to the official manual upgrade first guide section)
Manual correction
Version 5.1
parseUrl method thinkphp / library / think / route / dispatch / Url.php class, parses the controller plus added
if ($controller && !preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
throw new HttpException(404, 'controller not exists:' . $controller);
}
Version 5.0
Acquisition controller module code behind methods thinkphp / library / think / App.php class with
if (!preg_match('/^[A-Za-z](\w|\.)*$/', $controller)) {
throw new HttpException(404, 'controller not exists:' . $controller);
}
Upgrade Framework
Into the root directory of the code execution composer update
Note: This method is not recommended upgrade directly, easily lead to incompatibilities, especially if you have to think like this upgrade repair, it is recommended in advance back up the code.
Currently thinkphp latest version (5.0.23) and 5.1 (5.1.31) of 5.0, has fixed this vulnerability, we suggest that you use the latest version of the project.