阿里云提示 Didcuz memcache+ssrf GETSHELL漏洞修复方法
来源:互联网 发布:销售知乎 编辑:程序博客网 时间:2024/04/29 09:19
近期很多使用阿里云的站长收到了阿里云给出的漏洞消息,漏洞名称如下:
Discuz memcache+ssrf GETSHELL漏洞
这里给大家提供一个简单的修复方案!
首先找到这个文件
source/function/function_core.php
搜索代码:
function output_replace($content) {global $_G;if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;if(!empty($_G['setting']['output']['str']['search'])) {if(empty($_G['setting']['domain']['app']['default'])) {$_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);}$content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);}if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {if(empty($_G['setting']['domain']['app']['default'])) {$_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);$_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);}foreach($_G['setting']['output']['preg']['search'] as $key => $value) {$content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);}}return $content;}
添加一行代码,如下
function output_replace($content) {global $_G;if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;if(!empty($_G['setting']['output']['str']['search'])) {if(empty($_G['setting']['domain']['app']['default'])) {$_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);}$content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);}if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {if(empty($_G['setting']['domain']['app']['default'])) {$_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);$_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);}if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }//本行代码为新增代码foreach($_G['setting']['output']['preg']['search'] as $key => $value) {$content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);}}return $content;}然后将修改好的文件保存,上传到服务器目录覆盖一下,然后去阿里云对应漏洞提示后面点击“验证一下”,验证时候漏洞提示就会消失!
问题解决!
0 0
- 阿里云提示 Didcuz memcache+ssrf GETSHELL漏洞修复方法
- Didcuz memcache+ssrf GETSHELL漏洞
- Didcuz memcache+ssrf GETSHELL漏洞解决方法
- Discuz memcache+ssrf GETSHELL漏洞的问题
- WebLogic SSRF 及漏洞修复
- 阿里云漏洞修复
- SSRF漏洞
- SSRF漏洞
- Memcache未授权访问漏洞简单修复方法
- SSRF原理以及漏洞挖掘方法
- 乌云多数已修复SSRF漏洞可被绕过
- 漏洞修复之阿里云bash shell漏洞
- web漏洞详解及修复建议--阿里云
- linux阿里云centos6.5漏洞修复命令
- SSRF漏洞利用框架
- SSRF 漏洞的寻找
- ssrf漏洞科普
- SSRF漏洞笔记
- Android 动画-前言
- 初识LISP(1)——基本的结构、语法与数据类型
- composer 下载更新慢
- Oracle建立表空间和用户
- 欢迎使用CSDN-markdown编辑器
- 阿里云提示 Didcuz memcache+ssrf GETSHELL漏洞修复方法
- lambda表达式
- 金明的预算方案 01背包变形
- 121. Best Time to Buy and Sell Stock
- 金融保险中的几个概念
- Websocket
- oracle中的表空间
- Android 自定义View
- 一个TextView 显示多种样式的文本