我最近在使用 最土团购系统 因为是开源吗,所以选择了最土。当我程序安装好了之后,就有一个用户来注册了,看了下注册邮箱,我闷住了。注册邮箱:[email protected] (每30秒这个邮箱就有退信邮箱发给我,我看了,这个邮箱老是在使用密码找回功能,然后退回来的邮箱里说到:说这个邮箱收不到邮件 好像才被退回的。)之前在安装好最土的时候,用360检测,首页没有高危漏洞,但是现在扫描出来360却提示我网站首页 邮箱订阅 注册 页面出现漏洞打开360提示我的漏洞地址 看了下地址,我的域名 后面都会有:<script>alert(42873)</script>小弟承认知识不够,想知道如何处理? 现在这个 最土是最新版本,没有补丁更新。如果需要添加什么代码来处理这个问题,麻烦说下这段代码是放在 首页index.php 文件里,还是模板里。小弟在此谢谢了。
首页index.php的代码<?php
require_once(dirname(__FILE__) . '/app.php');if(!$INI['db']['host']) redirect( WEB_ROOT . '/install.php' );
if($city&&option_yes('rewritecity')){
redirect(WEB_ROOT."/{$city['ename']}");
}$request_uri = 'index';$group_id = abs(intval($_GET['gid']));if (option_yes('indexmulti')&& option_yes('indexpage')) {
$city_id = abs(intval($city['id']));
$now = time();
$size = abs(intval($INI['system']['indexteam']));
if ($size<=1) return current_team($city_id);
$condition = array(
'team_type' => 'normal',
"begin_time < '{$now}'",
"end_time > '{$now}'",
);
if($group_id) $condition['group_id']=$group_id;
$condition[] = "(city_ids like '%@{$city_id}@%' or city_ids like '%@0@%') or (city_ids = '' and city_id in(0,{$city_id}))";
$count = Table::Count('team', $condition);
list($pagesize, $offset, $pagestring) = pagestring($count, $size);
$teams = DB::LimitQuery('team', array(
'condition' => $condition,
'order' => 'ORDER BY `sort_order` DESC, `id` DESC',
'size' => $pagesize,
'offset' => $offset,
));
$disable_multi = true;
die(require_once( dirname(__FILE__) . '/multi.php'));}else{
$team = $teams = index_get_team($city['id'],$group_id);
if ($team && $team['id']) {
$_GET['id'] = abs(intval($team['id']));
die(require_once( dirname(__FILE__) . '/team.php'));
}
elseif ($teams) {
$disable_multi = true;
die(require_once( dirname(__FILE__) . '/multi.php'));
}
}include template('subscribe');
首页index.php的代码<?php
require_once(dirname(__FILE__) . '/app.php');if(!$INI['db']['host']) redirect( WEB_ROOT . '/install.php' );
if($city&&option_yes('rewritecity')){
redirect(WEB_ROOT."/{$city['ename']}");
}$request_uri = 'index';$group_id = abs(intval($_GET['gid']));if (option_yes('indexmulti')&& option_yes('indexpage')) {
$city_id = abs(intval($city['id']));
$now = time();
$size = abs(intval($INI['system']['indexteam']));
if ($size<=1) return current_team($city_id);
$condition = array(
'team_type' => 'normal',
"begin_time < '{$now}'",
"end_time > '{$now}'",
);
if($group_id) $condition['group_id']=$group_id;
$condition[] = "(city_ids like '%@{$city_id}@%' or city_ids like '%@0@%') or (city_ids = '' and city_id in(0,{$city_id}))";
$count = Table::Count('team', $condition);
list($pagesize, $offset, $pagestring) = pagestring($count, $size);
$teams = DB::LimitQuery('team', array(
'condition' => $condition,
'order' => 'ORDER BY `sort_order` DESC, `id` DESC',
'size' => $pagesize,
'offset' => $offset,
));
$disable_multi = true;
die(require_once( dirname(__FILE__) . '/multi.php'));}else{
$team = $teams = index_get_team($city['id'],$group_id);
if ($team && $team['id']) {
$_GET['id'] = abs(intval($team['id']));
die(require_once( dirname(__FILE__) . '/team.php'));
}
elseif ($teams) {
$disable_multi = true;
die(require_once( dirname(__FILE__) . '/multi.php'));
}
}include template('subscribe');
360提示我的就这个,不知道为什么 会有这个邮箱?[email protected]小弟跪求解决之法。
当向 subscribe.php 页面POST用户填写的email后,其合法性并未得到验证,而且也不会对< 和 >转义。解决办法:
修改 /subscribe.php 程序页
在 die(include template('subscribe_success')); 这句代码前加上一句
$safe_email = htmlspecialchars( $_POST['email'] );然后修改模板文件页 subscribe_success (在 include/template/ 文件夹里)
将 {$_POST['email']} 替换为经过转义的安全的值 {$safe_email}
还有个首页:/index.php?gid=0"><script>alert(42873)</script> 请问这是什么意思?
麻烦在看下首页出现的代码:/index.php?gid=0"><script>alert(42873)</script>是什么意思,要如何修改?
你可以直接检测$_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] 若返回false 就是有问题,直接exit得了function checkUserInput($check)
{
$scripting = '/(%3C|<|<|<)\s*(script|\?)/iU';
$ascii_chars = '/%(0|1)(\d|[a-f])/i';
if (is_array($check)) {
foreach ($check as $check_val) {
if (!checkUserInput($check_val)) {
return FALSE;
}
}
return TRUE;
} else {
if (preg_match($scripting, $check) || preg_match($ascii_chars, $check)) {
return FALSE;
}
return TRUE;
}
}