How to reproduce the vulnerabilities created by arbitrary thinkphp6 files 11/01 Update SLTechnology News&Howtos

How to reproduce the vulnerabilities created by arbitrary thinkphp6 files

2025-11-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article to share with you is about how to carry out thinkphp6 arbitrary file creation vulnerability reproduction, Xiaobian feel quite practical, so share to everyone to learn, I hope you can read this article after some harvest, not much to say, follow Xiaobian to see it.

01 Background

Recently, Qianxin released a ThinkPHP 6.0 "arbitrary" file creation vulnerability security risk notice. DYSRC analyzed the vulnerability at the first time and successfully reproduced the vulnerability.

Vulnerability impact: top-think/framework 6.x < 6.0.2

02 Positioning problem

Based on arbitrary file creation and recent commit history, it can be inferred that 1bbe75019 is the patch for this issue. You can see that the patch restricts sessionid to letters and numbers, which makes the problem even more obvious.

03 Principle analysis

Putting aside the above problem, let's take a look at how thinkphp stores sessions.

ThinkcontractSessionHandlerInterface

SessionHandlerInterface::write method is executed when localizing session data and is automatically executed at the end of each request.

See how the thinksessiondriverFile class is implemented.

First generate the file name from $sessID by getFileName, and then writeFile writes to the file.

Follow up getFileName and concatenate the passed $sessID directly as the file name. Since $sessID is controllable, file names are controllable.

04 Presentation

At this point in the analysis, the entire vulnerability flow was basically clear. The local demo results are given below.

The above is how to make thinkphp6 arbitrary file creation vulnerability recurrence, Xiaobian believes that some knowledge points may be what we see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.