Vulnerability name: dedecms cookies leak leads to SQL vulnerability
Patch file: /member/article_add.php
Patch source: cloud shield self-developed
Vulnerability description: The core cookie used to defend against CSRF is leaked in the article publishing form of dedecms, and the same cookie is also used for verification in other core payment systems. Hackers can use the leaked cookie to pass background verification and perform background injection.
Solution
Search code:
if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
As shown in the figure:
Modify the code to:
if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) )
As shown in the figure: