Menu:

Recent Entries

About

Sirius

板工秀勇與阿吉管理中

Categories

FreeNX [1]
有關模板 [4]
Ubuntu相關 [1]
MySQL [4]
TinyMCE [3]
學用Blog [2]
系統修改 [4]
LightBox [1]
校務系統 [3]
xoops [5]
硬體相關 [2]
Lifetype系統更新 [10]
Windows相關 [5]
IMageMagick [1]
XPress [1]
CSS [1]
站務公告 [7]
Plugins套用修改 [3]
設備使用 [1]
Moodle [1]
電腦教室管理 [0]

Links

LiftType教學
- LifeType 線上教學(官網)
- 部落格教室(怡杰老師)
- 阿欣部落
- 阿杰老師部落格教室

Syndicate

RSS 0.90
RSS 1.0
RSS 2.0
Atom 0.3

Version:

andreas01 v1.3

phpmailer 的 shell command 漏洞修補

sirius | 04 十月, 2007 10:29

XOOPS的漏洞修補
本文引用自:http://xoops.tnc.edu.tw/modules/news/index.php?storytopic=7 

phpmailer 是許多套件採用的 PHP 類別, 用來提供傳遞電子郵件的功能。

phpmailer 在 sendmail_send 函式的處理有 bug,可造成執行任意程式碼的漏洞。

修補方法: 利用 escapeshellcmd 和 escapeshellarg 做安全過濾。

方法一: 自行手動修改

XOOPS 2.0.x 的使用者,請編輯 class/mail/phpmailer/class.phpmailer.php

把:

function SendmailSend($header, $body) { if ($this->Sender != "") $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender); else $sendmail = sprintf("%s -oi -t", $this->Sendmail);

改為:

function SendmailSend($header, $body) { if ($this->Sender != "") $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); else $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));

XOOPS 2.2.x 的使用者,請編輯 class/mail/phpmailer/class.phpmailer.php

把:

function sendmail_send($header, $body) { if ($this->Sender != "") $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender); else $sendmail = sprintf("%s -oi -t", $this->Sendmail);

改成:

function sendmail_send($header, $body) { if ($this->Sender != "") $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); else $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
====
方法二:

或者把以下的修正檔放入 class/mail/phpmailer 目錄中, 解壓覆蓋掉 class.phpmailer.php

XOOPS 2.0.x 的使用者,請下載:
http://xoops.tnc.edu.tw/uploads/xoops-2.0-phpmailer-class.zip

XOOPS 2.2.x 的使用者,請下載:
http://xoops.tnc.edu.tw/uploads/xoops-2.2-phpmailer-class.zip


消息來源:

http://h.root.tw/modules/news/article.php?storyid=40

Posted in xoops . 迴響: (10769). 引用:(60). 靜態連結網址
«Next post | Previous post»

Comments

  1. 1. money in shorts  |  09/22,2021 at 07:22

    I got this web site from my friend who informeed me about this site and at the moment this time I am breowsing this site and rsading very informative content here.

  2. 2. Air Fryer  |  09/22,2021 at 07:16

    This is really interesting, You are a very skilled blogger.
    I've joined your feed and look forward to seeking more of your excellent post.
    Also, I have shared your site in my social networks!

  3. 3. daftar slot online  |  09/22,2021 at 07:05

    Good day! I just wish to offer you a big thumbs up for your great info you
    have right here on this post. I'll be coming back
    to your blog for more soon.

  4. 4. Telltrue  |  09/22,2021 at 06:36

    I am extremely impressed with your writing
    skills and also with the layout on your weblog.
    Is this a paid theme or did you modify it yourself? Anyway keep up
    the nice quality writing, it is rare to see a nice blog like
    this one today.

  5. 5. Telltrue  |  09/22,2021 at 06:13

    Hello to every one, the contents present at this website are in fact remarkable for people experience,
    well, keep up the good work fellows.

  6. 6. 대구유흥 트위터  |  09/22,2021 at 06:00

    Thanks for finally writing about >部落格系統管理 | phpmailer 的 shell command 漏洞修補

  7. 7. 대구출장 도메인  |  09/22,2021 at 05:46

    Hello there! Do you know if they make any plugins to
    assist with Search Engine Optimization? I'm trying to get my blog to rank for some targeted keywords but I'm not
    seeing very good success. If you know of any please share.
    Kudos!

  8. 8. mackenzie childs  |  09/22,2021 at 04:30

    Link exchange is nothing else however it is simply placing the
    other person's blog link on your page at proper place and
    other person will also do same in favor of you.

  9. 9. dispensario di marijuana vicino a me  |  09/22,2021 at 04:13

    Hello there, just became alert to your blog through Google,
    and found that it is truly informative. I'm going
    to watch out for brussels. I'll be grateful if you continue
    this in future. Numerous people will be benefited from your writing.
    Cheers!

  10. 10. Keluaran sydney  |  09/22,2021 at 04:10

    What's up colleagues, its enormous article on the topic of tutoringand
    fully explained, keep it up all the time.

  11. 11. www.defiendetusalud.org  |  09/22,2021 at 04:10

    Hi there! Do you know if they make any plugins to help with
    Search Engine Optimization? I'm trying to get my blog to rank
    for some targeted keywords but I'm not seeing very good gains.
    If you know of any please share. Cheers!

  12. 12. seorankhigher  |  09/22,2021 at 04:02

    Great article! We will be linking to this particularly great article on our website.
    Keep up the great writing.

  13. 13. 라이브딜러카지노  |  09/22,2021 at 03:35

    Hey there, You've done an excellent job. I will certainly digg it and personally recommend to my friends.
    I am sure they will be benefited from this web site.

  14. 14. 대구오피 정보안내  |  09/22,2021 at 03:18

    I like what you guys are up too. Such clever work and coverage!

    Keep up the awesome works guys I've you guys to my blogroll.

  15. 15. 더킹카지노  |  09/22,2021 at 02:51

    I've been browsing on-line more than 3 hours lately, yet I by no means found any
    fascinating article like yours. It is beautiful price enough for me.
    Personally, if all webmasters and bloggers made just right content as you did, the web can be much more useful than ever before.

  16. 16. 7Bit Casino  |  09/22,2021 at 02:45

    Howdy this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.

    I'm starting a blog soon but have no coding knowledge so I wanted to get guidance from someone
    with experience. Any help would be enormously appreciated!

  17. 17. カジノ オンライン  |  09/22,2021 at 02:37

    If some one wants expert view about running a blog then i propose him/her to visit this web
    site, Keep up the nice job.

  18. 18. 유흥  |  09/22,2021 at 02:32

    Asking questions are really good thing if you are not understanding
    something totally, except this piece of writing offers good understanding even.

  19. 19. http://pixelscholars.org/engl202-022/members/mariasex63/activity/1215637  |  09/22,2021 at 02:14

    I seriously love your site.. Great colors & theme.
    Did you build this web site yourself? Please reply back as
    I'm hoping to create my own website and would like to know where you got this from or what the theme
    is named. Thanks!

  20. 20. nutshellurl.com  |  09/22,2021 at 01:12

    Hi there! This blog post couldn't be written much better!
    Reading through this article reminds me of my previous roommate!
    He constantly kept talking about this. I am going to forward this post to him.
    Fairly certain he'll have a great read. Many thanks for sharing!

Leave a Reply

發表迴響
 authimage