phpcms用户登录注入漏洞 修复
漏洞路径:phpcms\modules\member\index.php修复:
搜索:
$this->_init_phpsso();
改为:
$r = $this->db->get_one(array('userid'=>intval($_userid))); if($r!=$_username){ return '2'; } $this->_init_phpsso();
搜索:
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
改为:
$password = isset($_POST['password']) && trim($_POST['password']) ? addslashes(urldecode(trim($_POST['password']))) : showmessage(L('password_empty'), HTTP_REFERER); ;
**** Hidden Message *****
页:
[1]