Solution to SQL vulnerability article_add.php caused by dedecms cookies leak - Code World

Solution to SQL vulnerability article_add.php caused by dedecms cookies leak

Others 2022-05-16 22:17:20 views: 0

Vulnerability name: dedecms cookies leak leads to SQL vulnerability

Patch file: /member/article_add.php

Patch source: cloud shield self-developed

Vulnerability description: The core cookie used to defend against CSRF is leaked in the article publishing form of dedecms, and the same cookie is also used for verification in other core payment systems. Hackers can use the leaked cookie to pass background verification and perform background injection.

Solution

Search code:

if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))

As shown in the figure:

Modify the code to:

if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) )

As shown in the figure:

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326567260&siteId=291194637

Solution to SQL vulnerability article_add.php caused by dedecms cookies leak

Solution to SQL vulnerability article_add.php caused by dedecms cookies leak

Solution to SQL vulnerability inc_archives_functions.php caused by dedecms cookies leak

Solution to /include/common.inc.php vulnerability of dedecms security vulnerability

A memory leak caused by SQL join

Weaving dream dedecms background file media_add.php arbitrary upload vulnerability solution

Weaving dream dedecms background file media_add.php arbitrary upload vulnerability solution

How to fix SQL injection vulnerability in album_add.php file of Dreamweaving Dedecms

How to fix SQL injection vulnerability in album_add.php file of Dreamweaving Dedecms

Dream weaving DedeCMS select_soft_post.php arbitrary file upload vulnerability solution

Dream weaving DedeCMS select_soft_post.php arbitrary file upload vulnerability solution

Memory leak caused by Handler

Memory leak caused by OSSClient

Crash caused by BinderProxy leak

Dedecms template soft_add.phpSQL injection vulnerability repair method

Dedecms template soft_add.phpSQL injection vulnerability repair method

Dedecms template soft_add.phpSQL injection vulnerability repair method

The solution to the accident caused by the memory overflow of PHP

The solution to the accident caused by the memory overflow of PHP

Memory leak solution

How to solve the /plus/guestbook/edit.inc.php security vulnerability of dedecms?

Dream weaving dedecms upload vulnerability uploadsafe.inc.php repair method

Dream weaving dedecms upload vulnerability uploadsafe.inc.php repair method

Memory leak caused by Android development Handler

Memory leak caused by handler (case one)

Actual combat | RCE caused by actuator/health leak

Note: SQL leak filled

D-Link DCS password leak vulnerability

PHP code audit: SQL injection vulnerability

PHP Code Audit 4—Sql Injection Vulnerability

Recommended

Ranking

A quick primer on numpy basics

Two sister tease python project

Java | Multiple keywords in the replacement content are returned to the front end in red style

C ++: references

The string leetcood 1018 is a binary prefix divisible by 5

Flutter 布局组件

Java combat spingboot-redis

PMP pre-exam sprint and wrong questions sorting

ActiveMq C# Message Features: Delayed and Timed Message Delivery

DSP28377S_ copy a program from the RAM to FLASH portion DETAILS

Daily

More

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)