码库记事本

码库记事本

dedecms的变量覆盖漏洞导致注入漏洞

小诸哥 0

dedecms的变量覆盖漏洞导致注入漏洞文件是:include/filter.inc.php

防御方法/include/filter.inc.php/

*** 过滤不相关内容**

@access  public*

@param  string $fk 过滤键*

@param  string $svar 过滤值*

@return  string*

$magic_quotes_gpc = ini_get('magic_quotes_gpc');

function _FilterAll($fk, &$svar){

global $cfg_notallowstr,$cfg_replacestr;

if( is_array($svar) ){

foreach($svar as $_k => $_v){

$svar[$_k] = _FilterAll($fk,$_v);

}

}else{

if($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $svar)){

ShowMsg(" $fk has not allow words!",'-1');

exit();

}

if($cfg_replacestr!=''){

$svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar);

}

}

if (!$magic_quotes_gpc){

$svar = addslashes($svar);

}

return addslashes($svar);

return $svar;

}

标签: 漏洞 注入漏洞