Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to solve the problem of v9 wide byte injection of PHPCMS vulnerabilities. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Vulnerability repair Scheme of "phpcms v9 wide Byte injection problem"

Introduction: vulnerability name: phpcmsv9 wide byte injection problem patch file: www/phpcms/modules/pay/respond.php patch source: cloud shield self-developed vulnerability description: later versions of phpcmsv9.5.9 start to use mysqli support by default. In phpcms/modules/pay/respond.php, the code logic is not rigorous enough, resulting in wide byte injection. [note: this patch is a self-developed code repair solution for Cloud Shield. Cloud Shield will test whether your current code conforms to the repair mode developed by Cloud Shield. If you adopt a unified repair of the underlying / framework, or use other repair schemes, it may cause you to report a vulnerability even though you have fixed it. In this case, you can choose to ignore the vulnerability hint. Aliyun vulnerability hint.

Solution:

1. Open www/phpcms/modules/pay/respond.php. Line 14 or so of the code

2. Find respond_get () and replace it with the following code, as follows:

Public function respond_get () {if ($_ GET ['code']) {$code = mysql_real_escape_string ($_ GET [' code']); / / pay attention to modifying $payment = $this- > get_by_code ($code); / / pay attention to modifying if (! $payment) showmessage (L ('payment_failed')); $cfg = unserialize_config ($payment [' config']); $pay_name = ucwords ($payment ['pay_code']) Pc_base::load_app_class ('pay_factory','',0); $payment_handler = new pay_factory ($pay_name, $cfg); $return_data = $payment_handler- > receive (); if ($return_data) {if ($return_data [' order_status'] = = 0) {$this- > update_member_amount_by_sn ($return_data ['order_id']) } $this- > update_recode_status_by_sn ($return_data ['order_id'], $return_data [' order_status']); showmessage (L ('pay_success'), APP_PATH.'index.php?m=pay&c=deposit');} else {showmessage (L (' pay_failed'), APP_PATH.'index.php?m=pay&c=deposit') }} else {showmessage (L ('pay_success'));}}

For the added code, the screenshot example is as follows:

3. Then, upload the modified file to the corresponding file location on the server and overwrite it directly.

4. Finally, log in to the Aliyun backend and click verify (screenshot below) to complete the vulnerability repair.

How to solve the problem of v9 wide byte injection of PHPCMS loopholes is shared here. I hope the above content can be helpful to everyone and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.