Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ThinkPHP - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#thinkphp#rce
Description

What is "ThinkPHP - Remote Code Execution?"

The "ThinkPHP - Remote Code Execution" module is designed to detect a vulnerability in the ThinkPHP framework. ThinkPHP versions 5.0.22 and 5.1.29 are susceptible to remote code execution if the website doesn't have mandatory routing enabled, which is the default setting. This vulnerability allows an attacker to execute malicious code on the target system, potentially leading to unauthorized access, data modification, and control over the compromised system.

This module has a severity level of critical, indicating the high risk associated with the vulnerability.

This module was authored by dr_set.

Impact

The impact of the "ThinkPHP - Remote Code Execution" vulnerability can be severe. An attacker exploiting this vulnerability can:

- Execute arbitrary code on the target system - Obtain sensitive information - Modify data - Gain full control over the compromised system

How does the module work?

The "ThinkPHP - Remote Code Execution" module works by sending a specific HTTP request to the target system and then analyzing the response. The module uses the following matching conditions to identify the presence of the vulnerability:

- The response must contain the words "PHP Extension", "PHP Version", and "ThinkPHP". - The response status code must be 200.

Here is an example of the HTTP request sent by the module:

GET /?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1

If the response meets all the matching conditions, the module will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET?s=index/think\app/i...
Matching conditions
word: PHP Extension, PHP Version, ThinkPHPand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability