Tencent cloud report website has ThinkPHP 5.0.22 remote code execution high-risk vulnerability fixes

A few days ago, the server has been running bandwidth running full, thought it was a large flow did not pay attention to, and later found that it seems to be invasion control to different servers to send packets, only to know that there is a loophole, and later found One Soft Blind Box V2 version of the exhaust, is the use of the old framework version, the following to do an emergency repair tutorial!

Image [1],Tencent cloud report website has ThinkPHP 5.0.22 remote code execution high-risk vulnerability repair

Just solved a ThinkPHP <5.0.24 Request.php remote code execution vulnerability, One Soft Blind Box V2 there is a remote vulnerability problem!

ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31 & & 5.2.* Full Version Remote Code Execution Vulnerability Handbook

http://blog.nsfocus.net/thinkphp-5-0-5-0-23-rce/

Another ThinkPHP 5 <=5.0.22 Remote Code Execution High Risk Vulnerability What to do? See below for the solution!

  1. Open your website and go to the root directory. Follow this path to the thinkphp\library\think\App.php file.
  2. Mine is on line 553 everyone may be different, you can search for it exactly
$controller = strip_tags($result[1] ? : $config['default_controller']);

3. Then insert after this line:

if (!preg_match('/^[A-Za-z](\w|\.) *$/', $controller)){
         throw new HttpException(404, 'controller not exists:' . $controller);
   }
Image [2],Tencent cloud report website has ThinkPHP 5.0.22 remote code execution high-risk vulnerability repair

Image [3],Tencent cloud report website has ThinkPHP 5.0.22 remote code execution high-risk vulnerability repair
------ This page is closed, please share if you like ------

Thanks for visiting, get more great articles please bookmark this site.

© copyright statement
THE END
If you like it, support it.
kudos11 share (joys, benefits, privileges etc) with others
Recommended