:: مطرود من قبل الإدارة ::
|
هذا الموضوع لســد ثغــرات المجلة ( مهم جداً)وهما 6 ثغرات يجب التعامل معهم
بسم الله الرحمن الرحيم
اولا ثغرة الاعضاء
افتح ملف
رمز:
mkportal/modules/blog/index.php
وابحث عن
كود PHP:
function clean_template ($t="") {
$t = str_replace( "&#" , "", $t );
$t = str_replace( ">" , ">", $t );
$t = str_replace( "<" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
$t = preg_replace( "/<******/i" , "" , $t );
$t = preg_replace( "/java******/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vb******/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );
return $t;
}
واستبدله بهذا الكود
كود PHP:
function clean_template ($t="") {
$t = str_replace( "&#" , "", $t );
$t = str_replace( ">" , ">", $t );
$t = str_replace( "<" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
while( preg_match( "#******(.+?)/******#ies" , $t ) ) {
$t = preg_replace( "#******(.+?)/******#ies", "" , $t);
}
$t = preg_replace( "/java******/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vb******/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );
return $t;
}
التعديل الأخير تم بواسطة op4host ; 04-01-2008 الساعة 10:58 AM.
|