漏洞路径:phpcms\modules\member\index.php
修复:
搜索:
改为:
- $r = $this->db->get_one(array('userid'=>intval($_userid))); if($r[username]!=$_username){ return '2'; } $this->_init_phpsso();
复制代码
搜索:
- $password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
复制代码
改为:
- $password = isset($_POST['password']) && trim($_POST['password']) ? addslashes(urldecode(trim($_POST['password']))) : showmessage(L('password_empty'), HTTP_REFERER); ;
复制代码
|