ThinkPHP 2/3 - Remote Code Execution

What is "ThinkPHP 2/3 - Remote Code Execution?"

The "ThinkPHP 2/3 - Remote Code Execution" module is designed to detect a vulnerability in ThinkPHP 2.x and 3.0 in Lite mode. This vulnerability allows remote attackers to execute arbitrary code by exploiting the "s" parameter. The severity of this vulnerability is classified as critical.

This module was authored by dr_set.

Impact

If successfully exploited, this vulnerability can have severe consequences. Attackers can execute malicious code, gain unauthorized access to sensitive information, manipulate data, and take full control of compromised systems without the need for valid credentials.

How the module works?

The module sends an HTTP GET request to the target with a specific path parameter. For example:

/index.php?s=/index/index/name/$%7B@phpinfo()%7D

The module then applies matching conditions to the response to determine if the vulnerability is present. The matching conditions include:

- Checking if the response contains the words "PHP Extension," "PHP Version," and "ThinkPHP." - Verifying that the response status code is 200.

If all matching conditions are met, the module reports the vulnerability.

For more information, refer to the reference.