dedecms SESSION variable coverage leads to SQL injection solution to common.inc.php:
Patch file: /include/common.inc. php
Vulnerability description: In /plus/advancedsearch.php of dedecms, the value is obtained directly from SESSION[SESSION[sqlhash] as $query and brought into the SQL query. The prerequisite for the exploitation of this vulnerability is session.auto_start = 1 starts an automatic SESSION session. The Cloud Shield team has implemented a general unified defense in the variable registration entrance of dedemcs, prohibiting the incoming SESSION variables
dedecms SESSION variable overwriting causes Solution to SQL injection common.inc.php
1. Search for the following code (line 68):
if( strlen($svar)>0 && preg_match('#^(cfg_|GLOBALS|_GET|_POST|_COOKIE)#',$svar) )
2. Replace 68 lines of code. The replacement code is as follows:
if( strlen($svar)>0 && preg_match('#^(cfg_|GLOBALS|_GET|_POST|_COOKIE|_SESSION)#',$svar) )
Please back up the file before modifying it and copy the new /include/common.inc.php file This problem can be solved by uploading and replacing the one on the Alibaba Cloud server.
The above is the detailed content of Solution to dedecms SESSION variable coverage leading to SQL injection common.inc.php. For more information, please follow other related articles on the PHP Chinese website!