修复supesite用户投稿被恶意灌入数据的漏洞_PHP世纪网

根据论坛网友反馈,supesite投稿被人恶意使用程序灌入数据,supesite后台关闭了游客投稿也无法阻碍数据的灌入。

漏洞解决方法:

修改source/cp_news.php文件

查找并删除如下代码

if(!checkperm(‘allowpost’)) {

showmessage(‘no_permission’, S_URL.’/cp.php?ac=news’);

}

查找

$channel = $type = empty($_GET[‘type’]) ? ‘news’ : trim($_GET[‘type’]);

在下面添加

if(!checkperm(‘allowpost’)) {

showmessage(‘no_permission’, S_URL.’/cp.php?ac=news’);

}

(责任编辑:admin)

通过修复supesite用户投稿被恶意灌入数据的漏洞_PHP世纪网.

~~~~~~~~~~~~~~

DZ的功能虽然很强大,可是问题与漏洞也不少,要管理好一个网站,除了时间、精力,更需要技术。

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com 徽标

You are commenting using your WordPress.com account. Log Out /  更改 )

Google+ photo

You are commenting using your Google+ account. Log Out /  更改 )

Twitter picture

You are commenting using your Twitter account. Log Out /  更改 )

Facebook photo

You are commenting using your Facebook account. Log Out /  更改 )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.