织梦dedecms的注入漏洞pm.php修复方法
/member/pm.php这个是dedecms注入漏洞,处理方案如下:
打开/member/pm.php,搜索:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
else if($dopost=='read') { $sql = "SELECT * FROM `dede_member_friends` WHERE mid='{$cfg_ml->M_ID}' AND ftype!='-1' ORDER BY addtime DESC LIMIT 20"; $friends = array(); $dsql->SetQuery($sql); $dsql->Execute(); while ($row = $dsql->GetArray()) { $friends[] = $row; } //$id注入 $row = $dsql->GetOne("SELECT * FROM `dede_member_pms` WHERE id='$id' AND (fromid='{$cfg_ml->M_ID}' OR toid='{$cfg_ml->M_ID}')");//ID没过滤 if(!is_array($row)) { ShowMsg('对不起,你指定的消息不存在或你没权限查看!','-1'); exit(); } //$id注入 $dsql->ExecuteNoneQuery("UPDATE `dede_member_pms` SET hasview=1 WHERE id='$id' AND folder='inbox' AND toid='{$cfg_ml->M_ID}'"); $dsql->ExecuteNoneQuery("UPDATE `dede_member_pms` SET hasview=1 WHERE folder='outbox' AND toid='{$cfg_ml->M_ID}'"); include_once(dirname(__FILE__).'/templets/pm-read.htm'); exit(); } |
替换为
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
else if($dopost=='read') { $sql = "Select * From `dede_member_friends` where mid='{$cfg_ml->M_ID}' And ftype!='-1' order by addtime desc limit 20"; $friends = array(); $dsql->SetQuery($sql); $dsql->Execute(); while ($row = $dsql->GetArray()) { $friends[] = $row; } /* $id过滤 */ $id = intval($id); /* */ $row = $dsql->GetOne("Select * From `dede_member_pms` where id='$id' And (fromid='{$cfg_ml->M_ID}' Or toid='{$cfg_ml->M_ID}')"); if(!is_array($row)) { ShowMsg('对不起,你指定的消息不存在或你没权限查看!','-1'); exit(); } $dsql->ExecuteNoneQuery("Update `dede_member_pms` set hasview=1 where id='$id' And folder='inbox' And toid='{$cfg_ml->M_ID}'"); $dsql->ExecuteNoneQuery("Update `dede_member_pms` set hasview=1 where folder='outbox' And toid='{$cfg_ml->M_ID}'"); include_once(dirname(__FILE__).'/templets/pm-read.htm'); exit(); } |
①本站所有织梦模板资源均来自用户分享和网络收集,如果侵犯了您的权益,请联系网站客服处理
②本站提供的织梦源码,均带数据及演示地址。可以在任一源码详情页查看演示地址。
③由于博主时间紧缺,所有模板源码不提供技术支持。仅部分收费原创源码提供售后
④如遇模板源码下载链接打不开或者有错误,请联系网站客服QQ指出纠正。
⑤人民币与金币汇率为1比1,即1元=1金币
织梦楼 » 织梦dedecms的注入漏洞pm.php修复方法
织梦楼 » 织梦dedecms的注入漏洞pm.php修复方法