Thinkphp 5.0.24存在反序化漏洞,入口点在thinkphp/library/think/process/pipes/Windows.php中__destruct魔术方法。
修复
thinkphp/library/think/process/pipes/Windows.php
方法1:修改removeFiles方法
- /**
- * 删除临时文件
- */
- private function removeFiles()
- {
- foreach ($this->files as $filename) {
- if(is_object($filename)){
- continue;
- }
- if (file_exists($filename)) {
- @unlink($filename);
- }
- }
- $this->files = [];
- }
复制代码
方法2:在Windows.php中添加两个方法
- public function __sleep()
- {
- throw new Exception('Cannot serialize '.__CLASS__);
- }
-
- public function __wakeup()
- {
- throw new Exception('Cannot unserialize '.__CLASS__);
- }
复制代码
同名文件覆盖 漏洞修复 |