Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ThinkPHP - Remote Code Execution" module is designed to detect a vulnerability in the ThinkPHP framework. ThinkPHP versions 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. This vulnerability allows an attacker to execute malicious code on the target system, potentially leading to unauthorized access, data modification, and control over the compromised system.
This module has a severity level of critical, indicating the high risk associated with the vulnerability.
This module was authored by dr_set.
The impact of the "ThinkPHP - Remote Code Execution" vulnerability can be severe. An attacker exploiting this vulnerability can:
- Execute arbitrary code on the target system - Obtain sensitive information - Modify data - Gain full control over the compromised systemThe "ThinkPHP - Remote Code Execution" module works by sending a specific HTTP request to the target system and then analyzing the response. The module uses the following matching conditions to identify the presence of the vulnerability:
- The response must contain the words "PHP Extension", "PHP Version", and "ThinkPHP". - The response status code must be 200.Here is an example of the HTTP request sent by the module:
GET /?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1
If the response meets all the matching conditions, the module will report the vulnerability.