In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article mainly introduces how to read arbitrary files caused by the foreground injection of PHPCMS vulnerabilities, which can be used for reference by friends who need it. I hope you will learn a lot after reading this article. Next, let the editor take you to learn about it.
On the repair of arbitrary file reading vulnerabilities caused by phpcms foreground injection
Introduction: phpcms / phpcms/modules/content/down.php file, the input parameter $_ GET ['axik'] is not strictly filtered, resulting in the occurrence of SQL injection, hackers can use this vulnerability to read any file. Ali CVM prompts for vulnerabilities.
Solution:
1. According to the vulnerability tips in the introduction, find the corresponding location of the corresponding file down.php (near lines 18 and 89), and add or replace the corresponding code.
The patch snippet is as follows:
$aqik = safe_replace ($aqk); parse_str ($aqik)
Screenshots of the modified patch code snippet are as follows:
The first modification, near line 18:
The second modification, near line 89:
Note: the contents of the patch code in the first and second places are the same.
The third modification, near line 120:
The patch snippet is as follows:
$fileurl = str_replace (array ('),'', $fileurl); file_down ($fileurl, $filename)
Note: after actual testing, there should be no other code between the above two lines of code as far as possible, so as to avoid being detected by Ali Cloud as invalid repair.
Screenshots of the modified patch code snippet are as follows:
2. Then, upload the modified file to the corresponding file location on the server and overwrite it directly.
3. Finally, log in to the Aliyun backend and click verify (screenshot below) to complete the vulnerability repair.
Thank you for reading this article carefully. I hope it will be helpful for everyone to share the foreground injection of PHPCMS vulnerabilities that leads to the reading of arbitrary files. At the same time, I also hope that you can support us, pay attention to the industry information channels, and find out if you encounter problems. Detailed solutions are waiting for you to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
