A few days ago, the server has been running bandwidth running full, thought it was a large flow did not pay attention to, and later found that it seems to be invasion control to different servers to send packets, only to know that there is a loophole, and later found One Soft Blind Box V2 version of the exhaust, is the use of the old framework version, the following to do an emergency repair tutorial!
Just solved a ThinkPHP <5.0.24 Request.php remote code execution vulnerability, One Soft Blind Box V2 there is a remote vulnerability problem!
ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31 & & 5.2.* Full Version Remote Code Execution Vulnerability Handbook
http://blog.nsfocus.net/thinkphp-5-0-5-0-23-rce/Another ThinkPHP 5 <=5.0.22 Remote Code Execution High Risk Vulnerability What to do? See below for the solution!
- Open your website and go to the root directory. Follow this path to the thinkphp\library\think\App.php file.
- Mine is on line 553 everyone may be different, you can search for it exactly
$controller = strip_tags($result[1] ? : $config['default_controller']);3. Then insert after this line:
if (!preg_match('/^[A-Za-z](\w|\.) *$/', $controller)){
throw new HttpException(404, 'controller not exists:' . $controller);
}
感谢您的来访,获取更多精彩文章请收藏。
THE END
![One key deployment tutorial] anonymous letter build / novice 1 minute on-line to build anonymous letter / Pagoda one key rapid deployment / a letter source code rapid deployment - Jinan OneSoft network technology](https://www.99blog.cn/wp-content/uploads/2022/08/b99a030f33000949-300x54.png)
English 
简体中文 
