Home >Backend Development >PHP Tutorial >Solution to dedecms SESSION variable coverage leading to SQL injection common.inc.php

Solution to dedecms SESSION variable coverage leading to SQL injection common.inc.php

不言
不言Original
2018-04-03 17:21:101766browse


dedecms SESSION variable coverage leads to SQL injection solution to common.inc.php:

Patch file: /include/common.inc. php

Vulnerability description: In /plus/advancedsearch.php of dedecms, the value is obtained directly from SESSION[SESSION[sqlhash] as $query and brought into the SQL query. The prerequisite for the exploitation of this vulnerability is session.auto_start = 1 starts an automatic SESSION session. The Cloud Shield team has implemented a general unified defense in the variable registration entrance of dedemcs, prohibiting the incoming SESSION variables

dedecms SESSION variable overwriting causes Solution to SQL injection common.inc.php

1. Search for the following code (line 68):

if( strlen($svar)>0 && preg_match('#^(cfg_|GLOBALS|_GET|_POST|_COOKIE)#',$svar) )

2. Replace 68 lines of code. The replacement code is as follows:

if( strlen($svar)>0 && preg_match('#^(cfg_|GLOBALS|_GET|_POST|_COOKIE|_SESSION)#',$svar) )

Please back up the file before modifying it and copy the new /include/common.inc.php file This problem can be solved by uploading and replacing the one on the Alibaba Cloud server.


The above is the detailed content of Solution to dedecms SESSION variable coverage leading to SQL injection common.inc.php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn