技術(shù)文章
阿里云提示Discuz memcache+ssrf GETSHELL漏洞如何解決
發(fā)布日期:2019-08-15 閱讀次數(shù):2242 字體大小:

一般這個漏洞都是下面文件,source/function/function_core.php

搜索下面代碼:

$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);

在此行代碼前增加下面代碼:

if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }

加完代碼以后效果:

if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }
$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);

上傳文件,重新進(jìn)行驗證就可以解決。