阿里云提示Discuz memcache+ssrf GETSHELL漏洞如何解决
一般这个漏洞都是下面文件,source/function/function_core.php
搜索下面代码:
$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);
在此行代码前增加下面代码:
if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }
加完代码以后效果:
if (preg_match("(/|#|\+|%).*(/|#|\+|%)e", $_G['setting']['output']['preg']['search']) !== FALSE) { die("request error"); }
$content = preg_replace($_G['setting']['output']['preg']['search'], $_G['setting']['output']['preg']['replace'], $content);
上传文件,重新进行验证就可以解决。
