PHPCMS vulnerability frontend injection leads to arbitrary file reading

About the repair issue of arbitrary file reading vulnerability caused by phpcms front-end injection

简介：
phpcms的/phpcms/modules/content/down.php 文件中，对输入参数 $_GET['a_k'] 未进行严格过滤，导致SQL注入的发生，黑客
可利用该漏洞读取任意文件。
…
阿里云服务器提示漏洞问题。

Solution:

1. According to the vulnerability prompt in the introduction, find the corresponding location of the corresponding file down.php (near lines 18 and 89), and add or replace the corresponding code.

The patch code snippet is as follows:

$a_k = safe_replace($a_k);
parse_str($a_k);

The modified patch code snippet is as follows:

The first modification, near line 18:

The second modification, near line 89:

Note: The contents of the first and second patch codes are the same.

The third modification, near line 120:

The patch code snippet is as follows:

$fileurl = str_replace(array(&#39;<&#39;,&#39;>&#39;), &#39;&#39;,$fileurl); 
file_down($fileurl, $filename);

Note: After actual testing, as much as possible between the above two lines of code There should be no other code to avoid being detected by Alibaba Cloud and the repair result will be invalid.

The screenshot of the modified patch code snippet is as follows:

2. Then, upload the modified file to the corresponding file location on the server and overwrite it directly;

3. Finally, log in to the Alibaba Cloud backend and click Verify (screenshot below) to complete the vulnerability repair.

The above is all about the "phpcms front-end injection leading to arbitrary file reading vulnerability" vulnerability repair content.

PHP Chinese website, a large number of free PHPCMS tutorials, welcome to learn online!

The above is the detailed content of PHPCMS vulnerability frontend injection leads to arbitrary file reading. For more information, please follow other related articles on the PHP Chinese website!