dedecms的变量覆盖漏洞导致注入漏洞文件是:include/filter.inc.php
防御方法/include/filter.inc.php/
*** 过滤不相关内容**
@access public*
@param string $fk 过滤键*
@param string $svar 过滤值*
@return string*
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
function _FilterAll($fk, &$svar){
global $cfg_notallowstr,$cfg_replacestr;
if( is_array($svar) ){
foreach($svar as $_k => $_v){
$svar[$_k] = _FilterAll($fk,$_v);
}
}else{
if($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $svar)){
ShowMsg(" $fk has not allow words!",'-1');
exit();
}
if($cfg_replacestr!=''){
$svar = preg_replace('/'.$cfg_replacestr.'/i', "***", $svar);
}
}
if (!$magic_quotes_gpc){
$svar = addslashes($svar);
}
return addslashes($svar);
return $svar;
}
版权声明:本站所有图片/内容除标明原创外,均来自网络转载,版权归原作者所有,如果有侵犯到您的权益,请联系本站删除,谢谢!
