DEDECMS Security Chapter: template path encryption

Source: Internet
Author: User
Keywords Use

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

DEDECMS has been used in various industries, and the popularity is very high. At present, the installation of the program has reached 700,000, more than 60% of the site is using the dream-woven cms. Also won a lot of Webmaster's love. Use the DEDECMS webmaster to know the default path name and file name. Then, the template is so insecure, assuming you spend money on the template, the template is placed on the default path, which can be completely replicated at any time. I'll share it with you here. Dedecms Security Article: template path encryption.

Instance:

Step 1:templets/default/Transfer Directory or rename

Using the templets/default/Default template path vulnerability, here is a shared article: http://admin5.com/article/20120827/455476.shtml just do a simple path renaming then you need the following steps 2.

Step 2:templets/default/images/templets/default/js/templets/default/style/It is best to move out of the templets/default/default path.

These 3 default paths are also extremely threatening, but renaming/default/also makes template paths leak.

(1): Website domain name/templets/default/images/logo.gif

(2): the website domain name/templets/default/images/logo.gif replaces the website domain name/templets/default/index.htm then to view the source file, the source code displays.

The image below is to rename/templets/default/to/templets/mobanlujing/

  

Although the path has been renamed to:/templets/mobanlujing/, images is always in the subordinate directory.

  

So just renamed/default/or can tell you need to imitate your station friend, another need to modify relative to the page related to the picture, the relative address of the CSS changed to absolute address. So if there are a few people copy you, SEO optimization, Baidu will be thought to be cheating repeat station.

How to transfer:

1. Cut the figure below

  

2. Paste to Wwwroot

  

How to Modify

Here take index.htm as an example

A)

  

Modified into

  

Replace the. com with its own domain name.

Two)

And then/style/dedecms.css to see the following figure

  

Modified to:

  

Replace the. com with its own domain name.

Three)

Finally will. /images/Replace with the following figure

  

Replace the. com with its own domain name.

Please analogy modify the corresponding page, the final generation of HTM can, OK, here, I hope every webmaster can maximize the avoidance of loopholes, articles by http://www.tea5998.com original, reprint please keep this link

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.