dedecms上传漏洞(uploadsafe.inc.php)
文件:uploadsafe.inc.php
路径:…/include/uploadsafe.inc.php
路径:…/include/uploadsafe.inc.php
解决方案:
1、查找文件位置:/include/uploadsafe.inc.php ,大概在42行左右,找到:
${$_key.’_size’} = @filesize($$_key);
}
修改为:
${$_key.’_size’} = @filesize($$_key);
} $imtypes = array(“image/pjpeg”, “image/jpeg”, “image/gif”, “image/png”, “image/xpng”, “image/wbmp”, “image/bmp”); if(in_array(strtolower(trim(${$_key.’_type’})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) { exit(‘Upload filetype not allow !’); } }
2、查找文件位置:/include/uploadsafe.inc.php ,找到(第二次出现的地方):
$image_dd = @getimagesize($$_key);
修改为:
$image_dd = @getimagesize($$_key); if($image_dd == false){ continue; }
原文链接:https://blog.csdn.net/L_melody/article/details/86550344
