沪上花 發表於 2023-9-6 00:00:00

360提示DedeCms全局变量覆盖漏洞(临时解决方法)

<p>
        <span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>描述: 目标存在全局变量覆盖漏洞。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>1.受影响版本DEDECMS 5.7、5.6、5.5。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>2.漏洞文件/include/common.inc.php </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>3.DEDECMS的全局变量初始化存在漏洞,可以任意覆盖任意全局变量。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>危害: </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>1.黑客可以通过此漏洞来重定义数据库连接。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>2.通过此漏洞进行各种越权操作构造漏洞直接写入webshell后门。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>解决方案: </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>临时解决方案: </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>在 /include/common.inc.php 中 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>找到注册变量的代码 </span></p>
<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
        <p class="right">
                <span><u>复制代码</u></span></p>
        <p>
                代码如下:</p>
</div>
<p class="msgborder" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
        <br>
        foreach(Array('_GET','_POST','_COOKIE') as $_request) <br>
        { <br>
        foreach($$_request as $_k =&gt; $_v) ${$_k} = _RunMagicQuotes($_v); <br>
        } </p>
<p>
        <br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>修改为 </span></p>
<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
        <p class="right">
                <span><u>复制代码</u></span></p>
        <p>
                代码如下:</p>
</div>
<p class="msgborder" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
        <br>
        foreach(Array('_GET','_POST','_COOKIE') as $_request) <br>
        { <br>
        foreach($$_request as $_k =&gt; $_v) { <br>
        if( strlen($_k)&gt;0 &amp;&amp; eregi('^(cfg_|GLOBALS)',$_k) ){ <br>
        exit('Request var not allow!'); <br>
        } <br>
        ${$_k} = _RunMagicQuotes($_v); <br>
        } <br>
        } </p>
頁: [1]
查看完整版本: 360提示DedeCms全局变量覆盖漏洞(临时解决方法)