0x01 vulnerability Profile
Since ThinkPHP5 frame controller name without adequate safety monitoring, without leading to the forced opening of the route, you can disguise a particular request may be directly Getshell (controls server)
0x02 environment to build
Phpstudy: php-5.5.38+Apache
Download flawed version I downloaded version is thinkphp_5.0.22 build a good future in Fig.
Download Link: http://www.thinkphp.cn/donate/download/id/1261.html
0x03 vulnerability payload
Phpinfo page:
Execute whoami command:
Write shell :
Then you'll know how to do it.
Ha ha ha
0X03 bug fixes
We recommend that you update to the latest version