PHP Dedecms注入漏洞
搜索:
PHP">$cfg_not_allowall = "PHP|pl|cgi|asp|aspx|jsp|PHP3|shtm|shtml";
PHP">$cfg_not_allowall = "PHP|pl|cgi|asp|aspx|jsp|PHP3|shtm|shtml|htm|html";
搜索:
PHP">$image_dd = @getimagesize($$_key);
PHP">if($image_dd == false){ continue; }
添加后如下:
PHP">$image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit('Upload filetype not allow !'); }
修改前请做好备份。