Dedecms 360网站安全卫士100%漏洞修复

Dedecms 360网站安全卫士100%漏洞修复,按照官方的程序是100%的安全的,昨天去版权后360网站卫士提示有sql漏洞,是因为只注释掉加密字符串,后面的特殊操作一起注释掉就会100%安全了,不在提示sql注册漏洞了。

/*
$arrs1 = array(0x63,0x66,0x67,0x5f,0x70,0x6f,0x77,0x65,0x72,0x62,0x79);
$arrs2 = array(0x20,0x3c,0x61,0x20,0x68,0x72,0x65,0x66,0x3d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
0x77,0x77,0x77,0x2e,0x64,0x65,0x64,0x65,0x63,0x6d,0x73,0x2e,0x63,0x6f,0x6d,0x20,0x74,0x61,0x72,
0x67,0x65,0x74,0x3d,0x27,0x5f,0x62,0x6c,0x61,0x6e,0x6b,0x27,0x3e,0x50,0x6f,0x77,0x65,0x72,0x20,
0x62,0x79,0x20,0x44,0x65,0x64,0x65,0x43,0x6d,0x73,0x3c,0x2f,0x61,0x3e);

//特殊操作
if(isset($GLOBALS[‘arrs1’]))
{
$v1 = $v2 = ”;
for($i=0;isset($arrs1[$i]);$i++)
{
$v1 .= chr($arrs1[$i]);
}
for($i=0;isset($arrs2[$i]);$i++)
{
$v2 .= chr($arrs2[$i]);
}
$GLOBALS[$v1] .= $v2;
}

*/

为什么会这样呢?后面的特殊操作看起来像是解密程序。本地运行了下结果,就是版权了。如下图:

Dedecms版权

发表评论

电子邮件地址不会被公开。 必填项已用*标注

This site uses Akismet to reduce spam. Learn how your comment data is processed.