dedecms过滤逻辑不严导致上传漏洞。文件位置:/include/uploadsafe.inc.php
修复方法:
首先找到这个文件/include/uploadsafe.inc.php;有两处代码需要修改:
1、搜索,(大概在44行左右)
$imtypes = array
在这行代码上面加入以下代码:
$imtypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/bmp"); if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { $image_dd = @getimagesize($$_key); if($image_dd == false){ continue; } if (!is_array($image_dd)) {exit('Upload filetype not allow !'); }}
2、1、搜索,(大概在53行左右)
$image_dd = @getimagesize($$_key);
替换成:
$image_dd = @getimagesize($$_key); if($image_dd == false){continue;}