欢迎光临走客
我们一直在你服务

Discuz uc.key泄露导致代码注入漏洞

Discuz中,uc_key是UC客户端与服务端通信的通信密钥,discuz中的/api/uc.php存在代码写入漏洞,导致黑客可写入恶意代码获取uckey,最终进入网站后台,造成数据泄漏。您也可以登录官方网站更新到最新版本解决。【注意:该补丁为云盾自研代码修复方案,云盾会根据您当前代码是否符合云盾自研的修复模式进行检测,如果您自行采取了底层/框架统一修复、或者使用了其他的修复方案,可能会导致您虽然已经修复了改漏洞,云盾依然报告存在漏洞,遇到该情况可选择忽略该漏洞提示】

阿里云为了让大家能够去花钱开通他们的安骑士也是够够的了,经常自己研发出一些DISCUZ的漏洞出来,结果要修复还得让咱开通专业版的安骑士,开通也就算了,可是这价格,杠杠的都快赶超服务器的价格了!!!好了,废话不多说,方法送上。
其实这个解决方法还是非常简单的,因为这个问题在最新版的DISCUZ程序里面已经修复好了,您只需要下载DISCUZ最新版程序,然后将api目录下面的uc.php这个文件替换到自己的网站里面就可以啦!
BINGO,搞定!
也可以直接用下面的uc.php直接替换:

代码如下
[toggle hide=”no” title=”” color=””]

' ? substr($configfile, 0, -2) : $configfile;
				$configfile = preg_replace("/define('UC_API',s*'.*?');/i", "define('UC_API', '".addslashes($UC_API)."');", $configfile);
				if($fp = @fopen(DISCUZ_ROOT.'./config/config_ucenter.php', 'w')) {
					@fwrite($fp, trim($configfile));
					@fclose($fp);
				}
			}
		}
		return API_RETURN_SUCCEED;
	}

	function updateclient($get, $post) {
		global $_G;

		if(!API_UPDATECLIENT) {
			return API_RETURN_FORBIDDEN;
		}

		$cachefile = DISCUZ_ROOT.'./uc_client/data/cache/settings.php';
		$fp = fopen($cachefile, 'w');
		$s = "<?phprn"; $s .= '$_CACHE['settings'] = '.var_export($post, TRUE).";rn"; fwrite($fp, $s); fclose($fp); return API_RETURN_SUCCEED; } function updatecredit($get, $post) { global $_G; if(!API_UPDATECREDIT) { return API_RETURN_FORBIDDEN; } $credit = $get['credit']; $amount = $get['amount']; $uid = $get['uid']; if(!getuserbyuid($uid)) { return API_RETURN_SUCCEED; } updatemembercount($uid, array($credit => $amount));
		C::t('common_credit_log')->insert(array('uid' => $uid, 'operation' => 'ECU', 'relatedid' => $uid, 'dateline' => time(), 'extcredits'.$credit => $amount));

		return API_RETURN_SUCCEED;
	}

	function getcredit($get, $post) {
		global $_G;

		if(!API_GETCREDIT) {
			return API_RETURN_FORBIDDEN;
		}
		$uid = intval($get['uid']);
		$credit = intval($get['credit']);
		$_G['uid'] = $_G['member']['uid'] = $uid;
		return getuserprofile('extcredits'.$credit);
	}

	function getcreditsettings($get, $post) {
		global $_G;

		if(!API_GETCREDITSETTINGS) {
			return API_RETURN_FORBIDDEN;
		}

		$credits = array();
		foreach($_G['setting']['extcredits'] as $id => $extcredits) {
			$credits[$id] = array(strip_tags($extcredits['title']), $extcredits['unit']);
		}

		return $this->_serialize($credits);
	}

	function updatecreditsettings($get, $post) {
		global $_G;

		if(!API_UPDATECREDITSETTINGS) {
			return API_RETURN_FORBIDDEN;
		}

		$outextcredits = array();
		foreach($get['credit'] as $appid => $credititems) {
			if($appid == UC_APPID) {
				foreach($credititems as $value) {
					$outextcredits[$value['appiddesc'].'|'.$value['creditdesc']] = array(
						'appiddesc' => $value['appiddesc'],
						'creditdesc' => $value['creditdesc'],
						'creditsrc' => $value['creditsrc'],
						'title' => $value['title'],
						'unit' => $value['unit'],
						'ratiosrc' => $value['ratiosrc'],
						'ratiodesc' => $value['ratiodesc'],
						'ratio' => $value['ratio']
					);
				}
			}
		}
		$tmp = array();
		foreach($outextcredits as $value) {
			$key = $value['appiddesc'].'|'.$value['creditdesc'];
			if(!isset($tmp[$key])) {
				$tmp[$key] = array('title' => $value['title'], 'unit' => $value['unit']);
			}
			$tmp[$key]['ratiosrc'][$value['creditsrc']] = $value['ratiosrc'];
			$tmp[$key]['ratiodesc'][$value['creditsrc']] = $value['ratiodesc'];
			$tmp[$key]['creditsrc'][$value['creditsrc']] = $value['ratio'];
		}
		$outextcredits = $tmp;

		$cachefile = DISCUZ_ROOT.'./uc_client/data/cache/creditsettings.php';
		$fp = fopen($cachefile, 'w');
		$s = "<?phprn";
		$s .= '$_CACHE['creditsettings'] = '.var_export($outextcredits, TRUE).";rn";
		fwrite($fp, $s);
		fclose($fp);

		return API_RETURN_SUCCEED;
	}

	function addfeed($get, $post) {
		global $_G;

		if(!API_ADDFEED) {
			return API_RETURN_FORBIDDEN;
		}
		return API_RETURN_SUCCEED;
	}
}

[/toggle]

赞(0) 打赏
未经允许不得转载:走客 » Discuz uc.key泄露导致代码注入漏洞

评论 1

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    新春佳节到。祝好!祝好!

    屌炸天 10个月前 (02-06) 来自天朝的朋友 搜狗浏览器 Windows 7 回复

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏