|
|
mkportal |
Merhaba Aşağıdaki güvenlik riski MKPortal coderı meo tarafından bulunmuş Mesajın orjinali http://mkportal.gen.tr/forum/index.php?topic=1729.0 /mkportal/modules/blog/index.php dosyasını açın function clean_template fonksiyonunu bulun: Kod: function clean_template ($t="") { $t = str_replace( "&#" , "", $t ); return $t; Bununla değişin function clean_template ($t="") { $t = str_replace( "&#" , "", $t ); return $t; Kaydedin Aşağıdaki dosyayı açın: /mkportal/modules/gallery/index.php Bul: Kod: $file = $_FILES['FILE_UPLOAD']['tmp_name']; Kod: $check = @fopen($file, "r"); Kaydedin İyi çalışmalar
ve yamanmıştır.
Ayrıca yine gallery modülünde bir risk vardır. Bunlar sadece riskli
kodların engellenmesi için. Siz yinede yapın.
$t = str_replace( ">" , ">", $t );
$t = str_replace( "<" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
$t = preg_replace( "/<script/i" , "" , $t );
$t = preg_replace( "/javascript/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vbscript/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );
}
$t = str_replace( ">" , ">", $t );
$t = str_replace( "<" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
while( preg_match( "#script(.+?)/script#ies" , $t ) ) {
$t = preg_replace( "#script(.+?)/script#ies", "" , $t);
}
$t = preg_replace( "/javascript/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vbscript/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );
}
$file_name = $_FILES['FILE_UPLOAD']['name'];
$file_type = $_FILES['FILE_UPLOAD']['type'];
$peso = $_FILES['FILE_UPLOAD']['size'];
} Altına ekle:
$check = @fread($check, filesize($file));
if (preg_match("/html/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/javascript/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/about/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/vbscript/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/alert/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/onmouseover/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/onclick/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/onload/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/onsubmit/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("#script(.+?)/script#ies", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} if (preg_match("/<?php/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
} @fclose($check);