Weaving dream dedecms background file media_add.php arbitrary upload vulnerability solution

Others 2022-04-29 06:50:34 views: 0

After Zhimeng is installed on the Alibaba Cloud server, the Alibaba Cloud background will prompt the media_add.php background file to upload the vulnerability arbitrarily. The resulting file is the media_add.php file in the background management directory. Let me share with you the repair method for this vulnerability:

 

First find and open the media_add.php file in the background management directory, and find the following code in it:


 

1 $fullfilename = $cfg_basedir.$filename;


Add the following code above it:        

 
1 if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))){
2                 ShowMsg("你指定的文件名被系统禁止!",'java script:;');
3                 exit();
4             }
 
 
 
After adding, save and replace the original file.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326543407&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com