找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 2581|回复: 0

[分享] 阿里云提示 Didcuz memcache+ssrf GETSHELL漏洞修复方法

[复制链接]
发表于 2017-11-15 11:53:55 | 显示全部楼层 |阅读模式 来自 中国–河南–新乡
近期很多使用阿里云的站长收到了阿里云给出的漏洞消息,漏洞名称如下:
Discuz memcache+ssrf GETSHELL漏洞
这里给大家提供一个简单的修复方案!
首先找到这个文件
source/function/function_core.php
搜索代码:
  1. function output_replace($content) {  
  2.     global $_G;  
  3.     if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;  
  4.     if(!empty($_G['setting']['output']['str']['search'])) {  
  5.         if(empty($_G['setting']['domain']['app']['default'])) {  
  6.             $_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);  
  7.         }  
  8.         $content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);  
  9.     }  
  10.     if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {  
  11.         if(empty($_G['setting']['domain']['app']['default'])) {  
  12.             $_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);  
  13.             $_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);  
  14.         }  
  15.   
  16.   
  17.         foreach($_G['setting']['output']['preg']['search'] as $key => $value) {  
  18.             $content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);  
  19.         }  
  20.     }  
  21.   
  22.   
  23.     return $content;
复制代码
添加一行代码,如下
  1. function output_replace($content) {  
  2.     global $_G;  
  3.     if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;  
  4.     if(!empty($_G['setting']['output']['str']['search'])) {  
  5.         if(empty($_G['setting']['domain']['app']['default'])) {  
  6.             $_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);  
  7.         }  
  8.         $content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);  
  9.     }  
  10.     if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {  
  11.         if(empty($_G['setting']['domain']['app']['default'])) {  
  12.             $_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);  
  13.             $_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);  
  14.         }  
  15.          
  16.         if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }//本行代码为新增代码  
  17.          
  18.         foreach($_G['setting']['output']['preg']['search'] as $key => $value) {  
  19.             $content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);  
  20.         }  
  21.     }  
  22.   
  23.   
  24.     return $content;  
  25. }  
复制代码
然后将修改好的文件保存,上传到服务器目录覆盖一下,然后去阿里云对应漏洞提示后面点击“验证一下”,验证时候漏洞提示就会消失!
问题解决!

发帖求助前要善用【论坛搜索】功能,那里可能会有你要找的答案;

如何回报帮助你解决问题的坛友,好办法就是点击帖子下方的评分按钮给对方加【金币】不会扣除自己的积分,做一个热心并受欢迎的人!

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则 需要先绑定手机号

关闭

站长推荐上一条 /1 下一条

QQ|侵权投诉|广告报价|手机版|小黑屋|西部数码代理|飘仙建站论坛 ( 豫ICP备2022021143号-1 )

GMT+8, 2024-12-26 04:22 , Processed in 0.045863 second(s), 8 queries , Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表