简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > PHP Tutorial > body text

Gansu Provincial Administration for Industry and Commerce Online Business Processing System Backdoors in some PHP management system programs

WBOY
Release: 2016-07-29 08:40:28
Original
2766 people have browsed it

我倒不怎么关心提示框,SABLOG怎么知道我的版本有漏洞呢,程序肯定有后门.每次登陆后台自动检测官方版本跟当前版本对比.嗯.后来找到了.在templates/admin/main.php最后的一部分.删掉如下代码就OK了.
其实这个不足以导致被黑的,现在一般有点常识的,密码都比较复杂,几个数字+几个字母,MD5的话一般很难跑出来.当然有彩虹表的话,另说...

复制代码 代码如下:




目前流行的程序里,不止SABLOG一个,Discuz,DEDECMS都是有这样的后门的.这样的后门官方的真正用意很难说.
为了让用户及时得到最新的补丁,最新的版本是一方面,其他的,随便人家怎么发挥了...
但是这个东西有好的一面,也有坏的一面,一旦官方被黑,后果可想而知,所有的用户就被"批量挂马"了.
现在干脆都给发出来吧.先来个DEDECMS的,标示出来的删掉就行:

复制代码 代码如下:


/include/inc_functions.php
function GetNewInfo(){
if(!isset($GLOBALS['__funAdmin'])) require_once(dirname(__FILE__)."/inc/inc_fun_funAdmin.php");
return SpGetNewInfo();
}
/include/inc/inc_fun_funAdmin.php
function SpGetNewInfo(){
global $cfg_version;
$nurl = $_SERVER["HTTP_HOST"];
if( eregi("[a-z\-]{1,}\.[a-z]{2,}",$nurl) ){ $nurl = urlencode($nurl); }
else{ $nurl = "test"; }
$gs = "";
return $gs;
}
dede/index_body.php(其中dede为后台目录)



DedeCms最新消息


再把DZ的"后门"发出来吧.admin\global.func.php里面查找"function cpfooter",替换成如下的function:

复制代码 代码如下:


function cpfooter() {
global $version, $adminid, $db, $tablepre, $action, $bbname, $charset, $timestamp, $isfounder, $insenz;
global $_COOKIE, $_SESSION, $_DCOOKIE, $_DCACHE, $_DSESSION, $_DCACHE, $_DPLUGIN, $sqldebug, $debuginfo;
$infmessage = '';
?>





updatesession();
}


There is also a function in this file. It is not necessary and can be removed:

Copy code The code is as follows:


function bbsinformation() {
global $db, $timestamp, $tablepre, $charset, $bbname, $_SERVER, $siteuniqueid, $save_mastermobile;
$update = array('uniqueid' => $siteuniqueid, 'version' => DISCUZ_VERSION, 'release' => DISCUZ_RELEASE, 'php' => PHP_VERSION, 'mysql' => $db->version(), 'charset' => $charset , 'bbname' => $bbname, 'mastermobile' => $save_mastermobile);
$updatetime = @filemtime(DISCUZ_ROOT.'./forumdata/updatetime.lock');
if(emptyempty($updatetime) || ($timestamp - $updatetime > 3600 * 4)) {
@touch(DISCUZ_ROOT.'./forumdata/updatetime.lock');
$update['members'] = $db->result_first("SELECT COUNT (*) FROM {$tablepre}members");
$update['threads'] = $db->result_first("SELECT COUNT(*) FROM {$tablepre}threads");
$update['posts' ] = $db->result_first("SELECT COUNT(*) FROM {$tablepre}posts");
$query = $db->query("SELECT special, count(*) AS spcount FROM {$tablepre} threads GROUP BY special");
while($thread = $db->fetch_array($query)) {
$thread['special'] = intval($thread['special']);
$update[' spt_'.$thread['special']] = $thread['spcount'];
}
}
$data = '';
foreach($update as $key => $value) {
$data . = $key.'='.rawurlencode($value).'&';
}
return 'update='.rawurlencode(base64_encode($data)).'&md5hash='.substr(md5($_SERVER['HTTP_USER_AGENT '].implode('', $update).$timestamp), 8, 8).'×tamp='.$timestamp;
}


There is also admin/home.inc.php, about 193~196 lines (Official original version of DZ6.1.0 UTF-8), here:

Copy code The code is as follows:


showtablerow('', array('class="vtop td24 lineheight"', 'class="lineheight smallfont "'), array(
lang('home_discuz_version'),
'Discuz! '.DISCUZ_VERSION.' Release '.DISCUZ_RELEASE.' '.lang('home_check_newversion').' '
));


Although there is no direct communication with the official here,,,, I watched If you want to patch it, just go to the official website and check it out. Also, if you don’t need all the files with insenz in their file names, delete them directly. It’s of no use.

The above has introduced some backdoors in the PHP management system program of the Gansu Provincial Administration for Industry and Commerce's online business processing system, including the content of the Gansu Provincial Administration for Industry and Commerce's online business processing system. I hope it will be helpful to friends who are interested in PHP tutorials. .

Related labels:
甘肃省工商行政管理局网上业务办理系统
source:php.cn
Previous article:Variable definition PHP variable definition and variable substitution methods Next article:Wireshark packet capture analysis PHP Chinese garbled solution summary analysis
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1498
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
1659
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1407
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1336
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1386
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!