漏洞名稱(chēng):phpcms注入漏洞
文件路徑:/phpcms/modules/member/index.php
修復(fù)方法來(lái)源于網(wǎng)絡(luò),由風(fēng)信網(wǎng)整理提供。
源代碼大概615行:
if(empty($_SESSION['connectid'])) {
//判斷驗(yàn)證碼
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
if ($_SESSION['code'] != strtolower($code)) {
$_SESSION['code'] = '';
showmessage(L('code_error'), HTTP_REFERER);
}
$_SESSION['code'] = '';
}
$username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
針對(duì)phpsso模塊添加過(guò)濾代碼,最好的方式應(yīng)該是將轉(zhuǎn)義和過(guò)濾放在數(shù)據(jù)庫(kù)操作的前一步,這樣可以極有效緩解SQL注入帶來(lái)的問(wèn)題
修改代碼:
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
改為:
$password = isset($_POST[‘password‘]) && trim($_POST[‘password‘]) ? addslashes(urldecode(trim($_POST[‘password‘]))) : showmessage(L(‘password_empty‘), HTTP_REFERER);
文件路徑:/phpcms/modules/member/index.php
修復(fù)方法來(lái)源于網(wǎng)絡(luò),由風(fēng)信網(wǎng)整理提供。
源代碼大概615行:
if(empty($_SESSION['connectid'])) {
//判斷驗(yàn)證碼
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
if ($_SESSION['code'] != strtolower($code)) {
$_SESSION['code'] = '';
showmessage(L('code_error'), HTTP_REFERER);
}
$_SESSION['code'] = '';
}
$username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
針對(duì)phpsso模塊添加過(guò)濾代碼,最好的方式應(yīng)該是將轉(zhuǎn)義和過(guò)濾放在數(shù)據(jù)庫(kù)操作的前一步,這樣可以極有效緩解SQL注入帶來(lái)的問(wèn)題
修改代碼:
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
改為:
$password = isset($_POST[‘password‘]) && trim($_POST[‘password‘]) ? addslashes(urldecode(trim($_POST[‘password‘]))) : showmessage(L(‘password_empty‘), HTTP_REFERER);