Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Cyber Attackers Exploit ThinkPHP Vulnerabilities
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Cyber Attackers Exploit ThinkPHP Vulnerabilities

Highlights

  • Cyber attackers target ThinkPHP using known vulnerabilities.

  • "Dama" web shell enables advanced control but lacks OS command support.

  • Upgrading to ThinkPHP 8.0 is crucial for security.

Kaan Demirel
Last updated: 7 June, 2024 - 3:17 pm 3:17 pm
Kaan Demirel 12 months ago
Share
SHARE

A surge of cyber attacks has brought attention to the persistent issue of vulnerabilities in widely-used software. Researchers from Akamai have recently uncovered a new wave of attacks targeting ThinkPHP, a popular PHP framework. These attacks exploit known vulnerabilities to install remote shells, allowing attackers to gain unauthorized access to affected systems. The resurgence of these attacks highlights ongoing challenges in cybersecurity and the need for robust security measures.

Contents
Exploitation TacticsSecurity Recommendations

ThinkPHP is a PHP framework designed to simplify web application development by providing extensive libraries and components. It was launched by TopThink in China and has since gained popularity for its ease of use and flexibility. ThinkPHP’s vulnerabilities, such as CVE-2018-20062 and CVE-2019-9082, have been the focus of recent cyber attacks aiming to exploit these weaknesses for malicious purposes.

Earlier reports of ThinkPHP vulnerabilities revealed similar exploitation methods. Researchers noted that attackers frequently targeted unpatched systems, deploying web shells to control compromised servers. While previous attacks also utilized Chinese servers to host malicious files, the recent surge indicates a more coordinated effort. The sophistication of the “Dama” web shell, with capabilities like system information gathering and database access, shows an evolution in the tools used by cyber criminals. Despite the advanced features, “Dama” lacks command-line interface support for direct OS commands, which is unusual for a tool of its kind.

Exploitation Tactics

The latest attacks involve downloading a file named “public.txt” from a compromised Chinese server. This file then saves as “roeter.php” on the victim’s system, opening a password-protected, obfuscated web shell. Originating mainly from Zenlayer cloud IP addresses in Hong Kong, the attacks utilize the “Dama” web shell to navigate, edit, and delete files. It also modifies file system timestamps, uploads files, collects system data, performs port scans, and escalates privileges by disabling PHP constraints and scheduling tasks for high-privileged user additions.

Security Recommendations

It is critical for users of ThinkPHP to upgrade to the latest version, 8.0, to mitigate these vulnerabilities. Despite some customers not using ThinkPHP being targeted, indiscriminate attacks suggest a broader threat landscape. The possible objectives of these cyber attacks range from botnet recruitment to ransomware deployment, extortion, intelligence acquisition, and lateral movement within networks.

Key Insights:

  • ThinkPHP’s known vulnerabilities remain a target for cyberattacks.
  • The “Dama” web shell offers advanced features but lacks direct OS command support.
  • Upgrade to ThinkPHP version 8.0 is essential to mitigate risks.

The sophisticated nature of recent attacks on ThinkPHP applications underscores the evolving threat landscape in cybersecurity. The “Dama” web shell’s capabilities demonstrate the increasing complexity of tools used by cyber attackers. The absence of direct OS command support in “Dama” is notable, as it reflects a trade-off between functionality and stealth. Users must remain vigilant and promptly apply security updates to protect against these and other emerging threats. Regularly monitoring network activity and implementing robust security protocols can also help mitigate the risks associated with these vulnerabilities.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

International Sting Disrupts Core Ransomware Infrastructure

Authorities Disrupt DanaBot Cybercrime Network with Global Effort

Global Operation Disrupts 10 Million Device Malware Network

Russian Cyber Group Targets Western Firms Supporting Ukraine

Global Operation Strikes Lumma Stealer’s Core Infrastructure

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Warner Bros. Faces $200M Loss with Suicide Squad Game
Next Article Fibocom Introduces AI Solutions for Compute-intensive Applications

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Gamers Debate AMD RX 7600 XT’s 8GB VRAM Claim
Computing
Brian Eno Urges Microsoft to Halt Tech Dealings with Israel
Gaming
Tesla Prepares Subtle Updates for Model S and X in 2025
Electric Vehicle
Nvidia’s RTX 5080 Super Speculation Drives Mixed Gamer Expectations
Computing
Tesla Eyes Massive Valuation as Robotaxi Platform Launch Approaches
Electric Vehicle
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?