I do not care about the hint box, sablog how to know that my version has a loophole, the program must have a back door. Automatic detection of the official version of the background is compared with the current version. Well, I found it later. In the last part of templates/admin/main.php. Delete the following code. .
In fact, this is not enough to lead to being black, and now generally a little common sense, passwords are more complex, a few numbers + several letters, MD5 words are generally difficult to run out. Of course, there is a rainbow table, another said ...
Copy CodeThe code is as follows:
In the current popular program, more than Sablog one, discuz,dedecms have such a backdoor. The real purpose of such a backdoor is hard to say.
In order to let users get the latest patches in time, the latest version is on one hand, others, how to play ...
But this thing has the good side, also has the bad side, once the official is black, the consequence can be imagined, all users are "the bulk hangs the horse".
Now just give it all up. First, a dedecms, the marked out of the deletion on the line:
Copy CodeThe code is as follows:
/include/inc_functions.php
function Getnewinfo () {
if (!isset ($GLOBALS [' __funadmin '])) require_once (DirName (__file__). " /inc/inc_fun_funadmin.php ");
return Spgetnewinfo ();
}
/include/inc/inc_fun_funadmin.php
function Spgetnewinfo () {
Global $cfg _version;
$nurl = $_server["Http_host"];
if (Eregi ("[a-z\-]{1,}\.[ A-z]{2,} ", $nurl)) {$nurl = UrlEncode ($nurl);}
else{$nurl = "Test";}
$gs = "";
return $gs;
}
Dede/index_body.php (where Dede is the background directory)
DEDECMS Latest News
Then the DZ "back door" out. Admin\global.func.php find "function Cpfooter" and replace it with the following function:
Copy CodeThe code is as follows:
function Cpfooter () {
Global $version, $adminid, $db, $tablepre, $action, $bbname, $charset, $timestamp, $isfounder, $insenz;
Global $_cookie, $_session, $_dcookie, $_dcache, $_dsession, $_dcache, $_dplugin, $sqldebug, $debuginfo;
$infmessage = ";
?>
Updatesession ();
}
This file also has a function, unnecessary, can be removed:
Copy CodeThe code is as follows:
function Bbsinformation () {
Global $db, $timestamp, $tablepre, $charset, $bbname, $_server, $siteuniqueid, $save _mastermobile;
$update = Array (' uniqueid ' = = $siteuniqueid, ' version ' = = discuz_version, ' release ' = = discuz_release, ' php ' => ; Php_version, ' mysql ' = $db->version (), ' CharSet ' and $charset, ' bbname ' + $bbname, ' mastermobile ' + $save _mastermobile);
$updatetime = @filemtime (discuz_root. /forumdata/updatetime.lock ');
if (Emptyempty ($updatetime) | | ($timestamp-$updatetime > 3600 * 4)) {
@touch (Discuz_root. /forumdata/updatetime.lock ');
$update [' members '] = $db->result_first ("Select COUNT (*) from {$tablepre}members");
$update [' threads '] = $db->result_first ("Select COUNT (*) from {$tablepre}threads");
$update [' posts '] = $db->result_first ("Select COUNT (*) from {$tablepre}posts");
$query = $db->query ("Select Special, COUNT (*) as Spcount from {$tablepre}threads GROUP by Special");
while ($thread = $db->fetch_array ($query)) {
$thread [' special '] = Intval ($thread [' Special ']);
$update [' Spt_ '. $thread [' special ']] = $thread [' Spcount '];
}
}
$data = ";
foreach ($update as $key = = $value) {
$data. = $key. ' = '. Rawurlencode ($value). ' & ';
}
Return ' update= '. Rawurlencode (Base64_encode ($data)). ' &md5hash= '. substr (MD5 ($_server[' http_user_agent '].implode (", $update). $timestamp), 8, 8). ' Xtamp= '. $timestamp;
}
There are admin/home.inc.php, probably 193~196 (DZ6.1.0 UTF-8 official original), here:
Copy CodeThe code is as follows:
Showtablerow (', ', Array (' class= ' vtop td24 lineheight "', ' class=" lineheight smallfont "'), Array (
Lang (' Home_discuz_version '),
' discuz! '. Discuz_version. ' Release '. Discuz_release. ' '. Lang (' home_check_newversion '). ' '
));
Although there is no direct communication with the official, but,,, I look uncomfortable, want to patch themselves often go to the official see is. There are also all file names that contain Insenz files, which are not necessary to be deleted directly. No use.
http://www.bkjia.com/PHPjc/320437.html www.bkjia.com true http://www.bkjia.com/PHPjc/320437.html techarticle I do not care about the prompt box, sablog How to know that my version has a loophole, the program must have a back door. Automatic detection of the official version of the background is compared with the current version. Well, I found it later .
