How to prevent hackers from exploiting new dedecms vulnerabilities

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

School, Back-to-school, and the Internet in the dormitory, but now the campus network security? During the summer vacation, the DEDECMS system exposes the serious loophole, this system exists in many school's campus network, the hacker uses this loophole to be able to control the campus network, carries on the horse, embeds the virus ... However, there are many computer experts in the campus network, we will take a look at the "Red Hat" students to their school site security test.

My net name is "Red cap", I guess every university campus, there are people like me, we have a good understanding of computers, in the face of the Internet ocean, like the pool of Phelps. No matter what you need to find, as long as it exists in the Internet, or live on the internet for a while, I can help you find the source, or help you get the things you are interested in. You guessed right, I was a hacker, active in the campus of hackers.

I think of myself as a master, to help students from other hackers steal the stolen account, in the Internet café let a nuisance constantly change the computer, but also tried to invade NASA's computer network.

This is the day of school, and I'm going to have a security check on my school website. Perhaps you have to ask, why do you have to the school's website for security testing? Our school uses the DEDECMS system (the Chinese name is the Dream Content management System), this system is used in many schools.

Game theme: Attack Dedecms Whole station system

Technical Difficulty: ★★★★

Key knowledge: How to use new dedecms vulnerabilities to invade

The DEDECMS system is used by many schools and does not allow me to have the idea of testing my school's website. Really let me have this idea of the reason is that the system recently exposed a serious loophole, do not know the network management to fill the loophole did not, if there is no replenishment, everyone back to school after the campus network is dangerous.

Dedecms Hidden URL Coding Vulnerability

This dedecms new vulnerability is a URL codec vulnerability, resulting in the vulnerability occurs because the designer of the Dedecms in joblist.php, guestbook_admin.php, etc. Hackers can use these vulnerabilities to query the database of sensitive information, such as Administrator password, encryption key, etc., once the sensitive information is hackers master, to the campus network hanging Horse is easy thing, really dangerous.

Small knowledge: encoding is the conversion of source object content to a standard format content according to a standard. The decoding corresponds to the encoding, which restores the encoded content to the original object content using the same standard as the encoding. The purpose of the codec was to encrypt the information, and it was difficult to identify the encrypted content without knowing the coding standard.

Combat invasion

Now that we know the cause of the loophole, let's examine it by hand. At present, there are two schemes to achieve the dedecms of the whole station system intrusion, a PHP script intrusion scheme, the use of this scheme, you need to first debug your own native PHP environment, and then login to invade the target site, in the PHP environment run the vulnerability test code. However, this approach is relatively complex to implement, so I use the second type of detection, through the vulnerability detection injection program directly injected.

First, log on to the school's website. Then open the DEDECMS Vulnerability Injection detection program, click the "Target Infomation" tab option, in the "URL" after the search for the DEDECMS system vulnerabilities of the URL to copy and paste into the address input box, where the DEDECMS Web site path address. include/htmledit/index.php "Gets the physical path to the site.

After you log on to the system, copy the path to the Web site in the browser's address bar, such as [url=http://www.hacker.com/dedecms5/include/htmledit/index.php?modetype=basic& height[]=chinaren]http://www.hacker.com/dedecms5/include/htmledit/index.php?modetype=basic&height[]= Chinaren[/url], then copy and paste submit the test, paste it and click the "Check" button to test whether the site meets the criteria.

At the prompt site for "ready!" After reading, click on the "get!" below button。 At this point, if "file_priv" a hint of "YES", you can successfully obtain the physical path of the site host, indicating that the site has a loophole, you can invade (Figure 1).

After the "FILE_PRIV" hint is "YES", click the "Get the Shell" tab option, then enter the PHP backdoor code after "PHP code", enter the path to save the backdoor file in "Save path", and then click "get!" Submit (Figure 2). When the submission is complete, open IE browser, enter the backdoor address, and see if the back page is submitted successfully. If a successful submission is completed, we are now gaining control of the site.

Small knowledge: If you can not do union query, then can only be enough to use the "get the hash" Guess the hash table, and then crack into the Web site management backstage to take control of the site (Figure 3).

Prevention strategy

At present, Dedecms has launched an official patch (download address: http://www.shudoo.com/bzsoft), after the patch to avoid hackers to exploit the vulnerability. In addition, after school starts, the campus network virus spreads and the local area network intrusion will increase, everybody must the practice corresponding preparation. Install and update antivirus software, it is best to use some security aids, turn off the default sharing of the system, turn off some of the infrequently used ports of the system, use the latest hosts black files we provide, and set different permissions on the system for different users if there is a shared computer in the dorm ( The specific steps of these actions are available in the Http://www.shudoo.com/bzsoft download.