add ThinkPHP 6.x反序列化POP链（一）

2025-08-13 11:28:28 +00:00 · 2020-06-22 12:24:28 +08:00 · 2020-06-22 12:24:28 +08:00 · ef1931ac0b
commit ef1931ac0b
parent 65fa3fa7b7
2 changed files with 1 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -124,6 +124,7 @@
 - [CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC](https://github.com/motikan2010/CVE-2020-5398/)
 - [PHPOK v5.3&v5.4getshell](https://www.anquanke.com/post/id/194453) | [phpok V5.4.137前台getshell分析](https://forum.90sec.com/t/topic/728) | [PHPOK 4.7从注入到getshell](https://xz.aliyun.com/t/1569)
 - [thinkphp6 session 任意文件创建漏洞复现 含POC](./books/thinkphp6%20session%20任意文件创建漏洞复现%20含POC.pdf) --- 原文在漏洞推送公众号上
+- [ThinkPHP 6.x反序列化POP链（一）](./books/ThinkPHP%206.x反序列化POP链（一）.pdf)
 - [WordPress InfiniteWP - Client Authentication Bypass (Metasploit)](https://www.exploit-db.com/exploits/48047)
 - [【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution](https://www.exploit-db.com/exploits/48051)
 - [CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC](https://github.com/Saferman/CVE-2020-7471)
--- a/6.x反序列化POP链（一）.pdf
+++ b/6.x反序列化POP链（一）.pdf