1. Wide byte injection vulnerability
/phpcms/modules/pay/respond.php Location is about 16 Line
original code
$payment = $this->get_by_code($_GET['code']);
is replaced with
$payment = $this->get_by_code(mysql_real_escape_string($_GET['code']));
2. phpcms injection vulnerability
/phpcms/modules/poster/poster .php position is about 221 lines after
if ($_GET['group']) {, add
$_GET['group'] = preg_replace('#`#', '', $_GET['group']);
3, phpcms front-end injection leads to arbitrary file reading vulnerability patch
/phpcms/ modules/content/down.php
(1) Replace line 17
parse_str($a_k);
with
$a_k = safe_replace($a_k); parse_str($a_k);
(2) Line 89
parse_str($a_k);
Replace with
$a_k = safe_replace($a_k); parse_str($a_k);
(3) and add
$filename = date('Ymd_his').random(3).'.'.$ext;
# after line 120 of position 3.
$fileurl = str_replace(array('<','>'), '',$fileurl);
4, phpcms injection vulnerability
/phpcms/modules/member/index.php is located at about 615 lines
Original code:
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'),HTTP_REFERER);
Replaced with:
$password = isset($_POST['password']) && trim($_POST['password']) ? addslashes(urldecode(trim($_POST['password'] ))) : showmessage(L('password_empty'), HTTP_REFERER);
5, PHPCMS V9.6.2 SQL Injection vulnerability
(1) phpcms/libs/classes/param.class.php is located at about line 109
The original code
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
is replaced with
$value = isset($_COOKIE[$var])?addslashes(sys_auth($_COOKIE[$var],'DECODE')):$default;
(2)/phpsso_server/phpcms/libs/classes/param.class.php is located at about 108 lines
The original code
return isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
is replaced with
return isset($_COOKIE[$var]) ? addslashes(sys_auth($_COOKIE[$var],'DECODE')) : $default;
6. A logical problem somewhere in phpcms caused getshell
/phpcms/libs/classes/attachment.class.php to be located at line 143 of
function download($field, $value,$watermark = '0',$ext = 'gif|jpg|jpeg|bmp|png', $absurl = '', $basehref = ''){followed by
$extArray=explode('|',$ext);
if(!empty($extArray) && is_array($extArray)){
foreach($extArray as $k => $v){
if(!in_array(strtolower($v), array('gif','jpg','jpeg','bmp','png'))); exit('0');//循环判断如果
有一个不符合,直接返回 0
}
}In this way, add a judgment. If the allowed file formats are 'gif', 'jpg', 'jpeg', 'bmp', 'png', continue, otherwise it will jump out. Of course, the formats here can be increased as needed. several.
7. phpcms injection vulnerability
/api/phpsso.php is located at about 128 lines
The original code
$arr['uid'] = intval($arr['uid']); $phpssouid = $arr['uid'];
is replaced by , two-in-one code
$phpssouid = intval($arr['uid']);
8. phpcms authkey generation algorithm problem leads to authkey leakage
Follow the following function to regenerate the key value, and then find caches/configs Just replace the two parameters in /system.php and it will be ok
<?php
function random($length, $chars = '0123456789') {
$hash = '';
$max = strlen($chars) - 1;
for($i = 0; $i < $length; $i++) {
$hash .= $chars[mt_rand(0, $max)];
}
return $hash;
}
echo random(20, 'authkey').'<br/>';
echo random(32, 'phpssoauthkey');exit;
?>PHP Chinese website, a large number of free PHPCMS tutorials, welcome to learn online!
The above is the detailed content of PHPCMS various injection vulnerability patches. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
WebStorm Mac version
Useful JavaScript development tools
Dreamweaver CS6
Visual web development tools
