Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What are the cases of PHPCMS injecting vulnerability patches?

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

This article will explain in detail what cases are related to PHPCMS injection vulnerability patches. Xiaobian thinks it is quite practical, so share it with you for reference. I hope you can gain something after reading this article.

1. Wide byte injection vulnerability

The requested URL/phpcms/modules/pay/respond.php was not found on this server.

original code

$payment = $this->get_by_code($_GET['code']);

replaced with

$payment = $this->get_by_code(mysql_real_escape_string($_GET['code']));

2. Phpcms injection vulnerability

The requested URL/phpcms/modules/post/post.php was not found on this server.

if ($_GET['group']) {

to add

$_GET['group'] = preg_replace('#`#', '', $_GET['group']);

3. Phpcms foreground injection leads to arbitrary file reading vulnerability patch

/phpcms/modules/content/down.php

(1) Position about 17 lines

parse_str($a_k);

replaced with

$a_k = safe_replace($a_k); parse_str($a_k);

(2) Position about 89 lines

parse_str($a_k);

replaced with

$a_k = safe_replace($a_k); parse_str($a_k);

(3) Position about 120 lines

$filename = date('Ymd_his').random(3). '. '.$ ext;

to add

$fileurl = str_replace(array(''), '',$fileurl);

4. Phpcms injection vulnerability

The requested URL/member/index.php was not found on this server.

Original Code:

$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'),HTTP_REFERER);

Replace with:

$password = isset($_POST['password']) && trim($_POST['password']) ? addslashes(urldecode(trim($_POST['password']))) : showmessage(L('password_empty'), HTTP_REFERER);

5. PHPCMS V9.6.2 SQL Injection Vulnerability

(1) phpcms/libs/classes/param.class.php position about 109 lines

original code

$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;

replaced with

$value = isset($_COOKIE[$var])? addslashes(sys_auth($_COOKIE[$var],'DECODE')):$default;

(2)/phpsso_server/phpcms/libs/classes/param.class.php position about 108 lines

original code

return isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;

replaced with

return isset($_COOKIE[$var]) ? addslashes(sys_auth($_COOKIE[$var],'DECODE')) : $default;

6, phpcms somewhere logic problem causes getshell

The requested URL/phpcms/libs/classes/attachment.class.php was not found on this server.

function download($field, $value,$watermark = '0',$ext = 'gif|jpg|jpeg|bmp|png', $absurl = '', $basehref = ''){

to add

$extArray=explode('|',$ext); if(! empty($extArray) && is_array($extArray)){ foreach($extArray as $k => $v){ if(! in_array(strtolower($v), array ('gif ','jpg ','jpeg','bmp','png')); exit ('0');//loop if One does not match, return 0 directly } }

In this way, add a judgment, if the allowed file formats are 'gif',' jpg','jpeg',' bmp','png' these, continue, otherwise jump out, of course, the format here can be increased as needed.

7. phpcms injection vulnerability

/api/phpsso.php is located at about 128 lines

original code

$arr['uid'] = intval($arr['uid']);$phpssouid = $arr['uid'];

Replace with, 2-in-1 code

$phpssouid = intval($arr['uid']);

8. Problems with phpcms authkey generation algorithm lead to authkey disclosure

Regenerate the key value according to the following function, and then find caches/configs/system.php and replace the two parameters.

About PHPCMS injection vulnerability patch cases have what to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report