dedecms低于5.7SP2任意文件上传漏洞

Created2020-05-11|Updated2022-05-01|web安全

|Word count:1.3k|Reading time:NaN:aNmin|Post View:

漏洞分析

文件/dede/file_class.php

修复方法：

打开/dede/file_class.php
找到大概第161行的代码：

1	else if(preg_match("/\.(".$fileexp.")/i",$filename))

修改为：

1	else if(substr($filename, -strlen($fileexp))===$fileexp)

Author: cheng

Link: https://ckcah.github.io/2020/05/11/dedecms%E4%BD%8E%E4%BA%8E5-7SP2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E/

Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Related Articles

文件上传绕过总结

Comment

ValineGitalk