阿里云提示Discuz memcache+ssrf GETSHELL漏洞如何解决

时间 2019-11-13

标签阿里提示 discuz memcache+ssrf memcache ssrf getshell 漏洞如何解决栏目阿里巴巴繁體版

原文原文链接

通常这个漏洞都是下面文件，source/function/function_core.phpphp

搜索下面代码：spa

$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);

在此行代码前增长下面代码：code

if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }

加完代码之后效果：blog

if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }
$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);

上传文件，从新进行验证就能够解决。io