dedecms支付模塊注入漏洞:引起的文件是/include/payment/alipay.php
問題解決:找到:$order_sn = trim($_GET['out_trade_no']);
將其修改為如下代碼:$order_sn = trim(addslashes($_GET['out_trade_no']));
-----------------------------------------------------------------------
dedecms media_add.php dedecms后臺文件任意上傳漏洞:引起的文件是/dede/media_add.php
問題解決:搜索$fullfilename = $cfg_basedir.$filename;(大概在69行左右)
替換成if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) { ShowMsg("你指定的文件名被系統(tǒng)禁止����!",'java script:;'); exit(); } $fullfilename = $cfg_basedir.$filename;
--------------
dedecms 5.7sp1中最新/plus/download.php下載重定向漏洞:引起的文件是/plus/download.php
問題解決:
將/plus/download.php中第67行header("location:$link");
替換為:if(stristr($link,$cfg_basehost))
{
header("location:$link");
}
else
{
header("location:$cfg_basehost");
}
-------------------
common.inc.php漏洞 目標存在全局變量覆蓋漏洞:引起的文件 include/common.inc.php
問題解決:
在 /include/common.inc.php 中找到注冊變量的代碼foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) ${$_k} = _RunMagicQuotes($_v);
}
修改為:foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) {
if( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
exit('Request var not allow!');
}
${$_k} = _RunMagicQuotes($_v);
}
}
-----------------------------------
dedecms織夢soft_add.php文件暴模版SQL注入漏洞:引起的文件是 /member/soft_add.php
找到下面這句:(第154行)$urls .= “{dede:link islocal=’1′ text='{$servermsg1}’} $softurl1 {/dede:link}\r\n”;
替換成:if (preg_match(“#}(.*?){/dede:link}{dede:#sim”, $servermsg1) != 1) { $urls .= “{dede:link islocal=’1′ text='{$servermsg1}’} $softurl1 {/dede:link}\r\n”; }
----------------DedeCMS 5.7 /include/dialog/config.php 跨站腳本漏洞 引起的文件:include/dialog/config.php
方案一:
首先第一步:定位到include/dialog/config.php文件��,在$gurl = “../../{$adminDirHand}/login.php?gotopage=”.urlencode($dedeNowurl);上面添加如下語句:
$adminDirHand = HtmlReplace($adminDirHand, 1);
第二步:plus目錄下的bshare.php文件117行 $uuid = isset($uuid)? $uuid : ”;改成 $uuid = isset($uuid)? htmlspecialchars($uuid) : ”;
之后用360的網(wǎng)站漏洞測試過后�����,就可以發(fā)現(xiàn)網(wǎng)站的XXS漏洞消失了.
蘇公網(wǎng)安備32058302003559
