1. Home
  2. uploadsafe.inc.php

uploadsafe.inc.php

dedecms上传漏洞uploadsafe.inc.php修复方法(dedecms 5.3)

Submitted by phifans on Tue, 12/20/2022 - 10:29

今天分享的漏洞是一个关于织梦dedecms上传漏洞修复方法,主要是文件/include/uploadsafe.inc.php。

      有2个地方:

      1、搜索 ${$_key.'_size'} = @filesize($$_key);      }(大概在42,43行左右)

      替换成

          ${$_key.'_size'} = @filesize($$_key);

       } $imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp"); if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit('Upload filetype not allow !'); } }    

Tags
dedecms
dedecms上传漏洞
uploadsafe.inc.php

dedecms上传漏洞uploadsafe.inc.php修复方法(dedecms 5.5及以上

Submitted by phifans on Tue, 12/20/2022 - 10:27

 第8行或者搜索:$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml";

 

替换成$cfg_not_allowall = "php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml|htm|html";

 

第二处:搜索:$image_dd = @getimagesize($$_key);

 

在下面加:if($image_dd == false){ continue; } 

如:
        $image_dd = @getimagesize($$_key);

        if($image_dd == false){ continue; } 

        if (!is_array($image_dd))

        {

            exit('Upload filetype not allow !');

        }

备注:修改前请做好备份。

Tags
dedecms
dedecms上传漏洞
uploadsafe.inc.php
Subscribe to uploadsafe.inc.php