Discuz forum program vulnerabilities and Solutions

today is the explosion of vulnerabilities in many forums: Discuz! 5.5 – [For 0324]

repair problems

because the forum in the process of Discuz code, there is no strict filtering user input content, can lead to some users to use this BUG release malicious code.

watch this post, malicious code will use the IE browser members of the forum pose a threat to FireFox and other browser users invalid.

in order to avoid harassment of members of your site by such malicious code, please follow the following methods:

repair method A: manual modification

open include/discuzcode.func.php

found
copy to clipboard code:

following referenced content:

" /[align= ([^[< ]/i"]+?);,

" /[float= ([^[< ]/i"]+?);

change to
copy to clipboard code:

following referenced content:

" /[align= (left|center|right) ]/i",

" /[float= (left|right) ]/i"

problem repair completed.

another way is to use the WYSIWYG form to increase the behavior of the jump code prevention method

to DZ transcoding when reading data can be filtered out "expression  "; today many forum is the explosion of vulnerabilities: Discuz! 5.5 – [For 0324]

repair problems

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *