Alibaba hinted at the solution to the Discuz memcache+ssrf GETSHELL vulnerability

Little scum · Posted on 6/8/2016 11:58:23 AM

Many students must have received Alibaba Cloud tips about the discuz memcache+ssrf GETSHELL vulnerability, but you need to pay at least 100 yuan to purchase Alibaba Cloud Cloud Shield Knight.

Vulnerability description: An SSRF vulnerability exists in discuz, which allows an attacker to use SSRF to write WEBSHELL malicious code to disk through memcache mediation when memcache is configured, resulting in database leakage

Use the Cloud Shield Knight Repair /source/function/function_core.php, you don't need to overwrite it with the following file before purchasing.

Here is a screenshot after the fix is complete:

Since it is repaired by itself, Alibaba Cloud will prompt "the vulnerability file has been modified".

Repair principle, on line 1089 of the function_core.php, modify two sentences:

Login is visible.

Lazy Pack Download:

function_core_gbk.rar (18.19 KB, Number of downloads: 20)

function_core_utf.rar (18.21 KB, Number of downloads: 4)

test136 · Posted on 6/14/2016 1:04:22 PM

Looking for this

Gu Yan said · Posted on 6/14/2016 6:26:08 PM

I kept emailing me about this bug for the first two days

43732099 · Posted on 6/20/2016 2:33:27 PM

Good things

[Mutual Assistance] Alibaba hinted at the solution to the Discuz memcache+ssrf GETSHELL vulnerability

Related Posts

Sections viewed