Home > Website Builders > Cloud Servers

Discuz Forum Program Vulnerabilities and solutions

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest stationmaster buy cloud host technology Hall

Today, a number of forums have been exploded vulnerability problem: discuz! 5.5 Cross-site patching [for 0324]

As the forum is dealing with discuz! Code, there is no strict filtering of user input, which can cause some users to use this BUG to publish malicious code.

When viewing this kind of post, malicious code will pose a threat to members of the forum who use IE, and not to FireFox and other browser users.

To prevent the members of your site from being harassed by such malicious code, please amend it according to the following methods:

Patching method A: manual modification

Open include/discuzcode.func.php

Found it
Copy Content to Clipboard
Code:

The following are the referenced contents:
"/\[align= ([^\[\<]+?) \]/i ",
"/\[float= ([^\[\<]+?) \]/i "modified to
Copy Content to Clipboard
Code:

The following are the referenced contents:
"/\[align= (left|center|right) \]/i",
"/\[float= (left|right) \]/i"
Problem patch complete.

The other is to increase the behavior of the jump code in the WYSIWYG form to prevent the method

You can read the data in DZ transcoding can be filtered out "expression" today many of the forum was burst into a loophole problem: discuz! 5.5 Cross-site patching [for 0324]

  

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
java errors and solutions sql errors and solutions database performance issues and solutions computer programming problems and solutions application program and system program exchange server 2010 problems and solutions differentiate algorithm and program

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
direct digital landing development documentation data user director of marketing deploy it ddos how to description of products and services ddos information data website domain to dns

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More