xss00170200(XS001106080US)

今日搞笑 2022年05月29日
本文导读目录:

Discuz! System Error 您当前的访问请求当中含有非法字符,已经被系统拒绝 PH

解决方案如下:

\source\class\discuz的discuz_application.php

查找

private function _xss_check() {

static $check = array('"', '', '', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');

if(isset($_GET['formhash']) $_GET['formhash'] !== formhash()) {

system_error('request_tainting');

}

if($_SERVER['REQUEST_METHOD'] == 'GET' ) {

$temp = $_SERVER['REQUEST_URI'];

} elseif(empty ($_GET['formhash'])) {

$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');

} else {

$temp = '';

}

if(!empty($temp)) {

$temp = strtoupper(urldecode(urldecode($temp)));

foreach ($check as $str) {

if(strpos($temp, $str) !== false) {

system_error('request_tainting');

}

}

}

return true;

}

复制代码

替换为:

     

private function _xss_check() {

$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));

if(strpos($temp, '') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {

system_error('request_tainting');

}

return true;

}

关键词: xss00170200
我来说两句
黑客技术 2年前 (2022-05-29) | 回复
cation.php查找private function _xss_check() {static $check = array('"', '', '', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');if(isset($_GET['formha
黑客技术 2年前 (2022-05-29) | 回复
本文导读目录:1、Discuz! System Error 您当前的访问请求当中含有非法字符,已经被系统拒绝 PHDiscuz! System Error 您当前的访问请求当中
supreme 11个月前 (11-22) | 回复
I simply wished to thank you so much yet again. I'm not certain the things I would have accomplished in the absence of the type of points discussed by you about my field. Previously it was the frightful concern in my view, but discovering this well-written style you treated that made me to weep over fulfillment. I'm grateful for your advice as well as wish you really know what an amazing job you were providing teaching people using your web site. I'm certain you have never come across all of us.
goldengoosesale 10个月前 (12-08) | 回复
I have to point out my gratitude for your kindness in support of men who absolutely need guidance on the concept. Your special dedication to getting the solution across had been extraordinarily beneficial and have in every case permitted ladies like me to achieve their desired goals. Your personal insightful advice denotes much to me and still more to my fellow workers. With thanks; from everyone of us.