PoC for ThinkPHP security flaw sparks furious scans for vulnerable sites, most of which are based in China.
Over 45,000 Chinese websites have been under a barrage of attacks from miscreants looking to gain access to web servers,
ZDNet has learned.
The attacks have targeted websites built with
ThinkPHP, a Chinese-made PHP framework that is very popular among the local web development scene.
All attacks started after Chinese cyber-security firm VulnSpy posted a
proof-of-concept exploit for ThinkPHP on ExploitDB, a website popular for hosting free exploit code.
The proof-of-concept code exploits a vulnerability in the framework's invokeFunction method to execute malicious code on the underlying server. The vulnerability is remotely exploitable, as most vulnerabilities in web-based apps tend to be, and can allow an attacker to gain control over the server.