In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article will explain in detail the logical problems related to PHPCMS vulnerabilities lead to getshell solutions, Xiaobian feels quite practical, so share it with you as a reference, I hope you can gain something after reading this article.
About phpcms somewhere logic problem causes getshell fix problem
Introduction: 1. Vulnerability name: phpcms somewhere logic problem causes getshell2. Patch file: /phpcms/libs/classes/attachment.class.php3. Patch Source: Cloud Shield Self-Research 4. Vulnerability Description: In phpcms/phpcms/libs/classes/attachment.class.php, there is no type restriction on the input parameter $ext, resulting in a logic vulnerability. [Note: This patch is Cloud Shield self-developed code repair solution. Cloud Shield will detect whether your current code conforms to Cloud Shield self-developed repair mode. If you adopt the underlying/framework unified repair or use other repair solutions, Cloud Shield may still report the existence of vulnerabilities although you have fixed the vulnerabilities. In this case, you can choose to ignore the vulnerability prompt]... Alibaba Cloud Vulnerability Prompt.
Solution:
1. According to the vulnerability description, find the corresponding position of the corresponding file attachment.class.php (near line 144), and add the patch code.
The patch codes are as follows:
if($ext !== 'gif|jpg|jpeg|bmp|png'){ if(! in_array(strtoupper($ext),array ('JPG ',' GIF','BMP','PNG',' JPEG')) exit ('Additional extensions must be gif, jpg, jpeg, bmp、png');}
After adding the code, the screenshot is as follows:
2. Then, upload the modified file to the corresponding file location on the server and overwrite it directly;
3. Finally, log in to Alibaba Cloud background and click Verify (screenshot below) to complete the vulnerability repair.
About PHPCMS vulnerability logic problem caused getshell solution to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
