阿里云提示 Didcuz memcache+ssrf GETSHELL漏洞修复方法
2017-04-07 15:52
615 查看
近期很多使用阿里云的站长收到了阿里云给出的漏洞消息,漏洞名称如下:
Discuz memcache+ssrf GETSHELL漏洞
这里给大家提供一个简单的修复方案!
首先找到这个文件
source/function/function_core.php
搜索代码:
添加一行代码,如下
问题解决!
Discuz memcache+ssrf GETSHELL漏洞
这里给大家提供一个简单的修复方案!
首先找到这个文件
source/function/function_core.php
搜索代码:
function output_replace($content) {
global $_G;
if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;
if(!empty($_G['setting']['output']['str']['search'])) {
if(empty($_G['setting']['domain']['app']['default'])) {
$_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);
}
$content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);
}
if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {
if(empty($_G['setting']['domain']['app']['default'])) {
$_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);
$_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);
}
foreach($_G['setting']['output']['preg']['search'] as $key => $value) {
$content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);
}
}
return $content;
}添加一行代码,如下
function output_replace($content) {
global $_G;
if(defined('IN_MODCP') || defined('IN_ADMINCP')) return $content;
if(!empty($_G['setting']['output']['str']['search'])) {
if(empty($_G['setting']['domain']['app']['default'])) {
$_G['setting']['output']['str']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['str']['replace']);
}
$content = str_replace($_G['setting']['output']['str']['search'], $_G['setting']['output']['str']['replace'], $content);
}
if(!empty($_G['setting']['output']['preg']['search']) && (empty($_G['setting']['rewriteguest']) || empty($_G['uid']))) {
if(empty($_G['setting']['domain']['app']['default'])) {
$_G['setting']['output']['preg']['search'] = str_replace('\{CURHOST\}', preg_quote($_G['siteurl'], '/'), $_G['setting']['output']['preg']['search']);
$_G['setting']['output']['preg']['replace'] = str_replace('{CURHOST}', $_G['siteurl'], $_G['setting']['output']['preg']['replace']);
}
if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }//本行代码为新增代码
foreach($_G['setting']['output']['preg']['search'] as $key => $value) {
$content = preg_replace_callback($value, create_function('$matches', 'return '.$_G['setting']['output']['preg']['replace'][$key].';'), $content);
}
}
return $content;
}然后将修改好的文件保存,上传到服务器目录覆盖一下,然后去阿里云对应漏洞提示后面点击“验证一下”,验证时候漏洞提示就会消失!问题解决!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Didcuz memcache+ssrf GETSHELL漏洞解决方法
- Didcuz memcache+ssrf GETSHELL漏洞
- discuz教程:阿里提示Discuz memcache+ssrf GETSHELL漏洞的解决方法 终极解决办法 最新版
- Discuz memcache+ssrf GETSHELL漏洞的问题
- 阿里云提出的漏洞(Phpcms V9某处逻辑问题导致getshell漏洞解决方法)的问题
- aspcms后台拿shell漏洞(非添加模块)及修复方法
- 关于阿里云ECS Centos 5/6/7 Linux Glibc库严重安全漏洞修复方法
- struts修复GetShell漏洞,将2.1.8.1升级至2.3.28
- 阿里云提示Discuz uc.key泄露导致代码注入漏洞uc.php的解决方法
- 阿里云去手机提示:你有1台主机在本次安全扫描中发现了两个漏洞,请及时修复。
- Memcache未授权访问漏洞简单修复方法
- 关于阿里云ECS Centos 5/6/7 Linux Glibc库严重安全漏洞修复方法
- 漏洞修复之阿里云bash shell漏洞
- thinksns V3(开源微博系统) getshell 漏洞附利用方法
- 关于DEDE GETSHELL漏洞的另类 提交方法
- 360提示DedeCms全局变量覆盖漏洞(临时解决方法)
- 狂盗小说小偷GETshell漏洞
- PJBlog 3.2.9.518 getwebshell 漏洞
- 打不开内存卡,U盘提示未格式化的修复方法