In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article will explain in detail what cases are related to PHPCMS injection vulnerability patches. Xiaobian thinks it is quite practical, so share it with you for reference. I hope you can gain something after reading this article.
1. Wide byte injection vulnerability
The requested URL/phpcms/modules/pay/respond.php was not found on this server.
original code
$payment = $this->get_by_code($_GET['code']);
replaced with
$payment = $this->get_by_code(mysql_real_escape_string($_GET['code']));
2. Phpcms injection vulnerability
The requested URL/phpcms/modules/post/post.php was not found on this server.
if ($_GET['group']) {
to add
$_GET['group'] = preg_replace('#`#', '', $_GET['group']);
3. Phpcms foreground injection leads to arbitrary file reading vulnerability patch
/phpcms/modules/content/down.php
(1) Position about 17 lines
parse_str($a_k);
replaced with
$a_k = safe_replace($a_k); parse_str($a_k);
(2) Position about 89 lines
parse_str($a_k);
replaced with
$a_k = safe_replace($a_k); parse_str($a_k);
(3) Position about 120 lines
$filename = date('Ymd_his').random(3). '. '.$ ext;
to add
$fileurl = str_replace(array(''), '',$fileurl);
4. Phpcms injection vulnerability
The requested URL/member/index.php was not found on this server.
Original Code:
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'),HTTP_REFERER);
Replace with:
$password = isset($_POST['password']) && trim($_POST['password']) ? addslashes(urldecode(trim($_POST['password']))) : showmessage(L('password_empty'), HTTP_REFERER);
5. PHPCMS V9.6.2 SQL Injection Vulnerability
(1) phpcms/libs/classes/param.class.php position about 109 lines
original code
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
replaced with
$value = isset($_COOKIE[$var])? addslashes(sys_auth($_COOKIE[$var],'DECODE')):$default;
(2)/phpsso_server/phpcms/libs/classes/param.class.php position about 108 lines
original code
return isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
replaced with
return isset($_COOKIE[$var]) ? addslashes(sys_auth($_COOKIE[$var],'DECODE')) : $default;
6, phpcms somewhere logic problem causes getshell
The requested URL/phpcms/libs/classes/attachment.class.php was not found on this server.
function download($field, $value,$watermark = '0',$ext = 'gif|jpg|jpeg|bmp|png', $absurl = '', $basehref = ''){
to add
$extArray=explode('|',$ext); if(! empty($extArray) && is_array($extArray)){ foreach($extArray as $k => $v){ if(! in_array(strtolower($v), array ('gif ','jpg ','jpeg','bmp','png')); exit ('0');//loop if One does not match, return 0 directly } }
In this way, add a judgment, if the allowed file formats are 'gif',' jpg','jpeg',' bmp','png' these, continue, otherwise jump out, of course, the format here can be increased as needed.
7. phpcms injection vulnerability
/api/phpsso.php is located at about 128 lines
original code
$arr['uid'] = intval($arr['uid']);$phpssouid = $arr['uid'];
Replace with, 2-in-1 code
$phpssouid = intval($arr['uid']);
8. Problems with phpcms authkey generation algorithm lead to authkey disclosure
Regenerate the key value according to the following function, and then find caches/configs/system.php and replace the two parameters.
About PHPCMS injection vulnerability patch cases have what to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.