The vulnerability shared today is a method for fixing the upload vulnerability of Dedecms in Dreamweaving, mainly the file /include/uploadsafe.inc.php.
There are 2 places:
1. Search for ${$_key.'_size'} = @filesize($$_key); } (about 42,43 lines)
replace with
${$_key.'_size'} = @filesize($$_key);
} $imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp"); if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit('Upload filetype not allow !'); } }
2. Search for $image_dd = @getimagesize($$_key); (about 53 lines)
replace with
$image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } The old rule is to mark the modified place in the big red place, then save it, and then back up the original file, for example, the file name becomes uploadsafe.inc .php.16.08.09.bak. Then upload the modified file.