PHP Dedecms注入漏洞
搜索:
PHP">$cfg_not_allowall = "PHP|pl|cgi|asp|aspx|jsp|PHP3|shtm|shtml";
PHP">$cfg_not_allowall = "PHP|pl|cgi|asp|aspx|jsp|PHP3|shtm|shtml|htm|html";
搜索:
PHP">$image_dd = @getimagesize($$_key);
PHP">if($image_dd == false){ continue; }
添加后如下:
PHP">$image_dd = @getimagesize($$_key);
if($image_dd == false){ continue; }
if (!is_array($image_dd))
{
exit('Upload filetype not allow !');
}
修改前请做好备份。
原文链接:https://www.f2er.com/dedecms/403896.html