Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
Modifications should be cautious and you will not receive any updated information from the official after the modification!
Today, I went to the red Wolf to look at the question I asked yesterday, no one can answer. Received the message from the administrator, should be mass, sablog again out of the loophole. To the official look, or the code, with DZ similar loopholes.
Login Blog Backstage, sure enough pop-up prompt box. I don't care about the tip box, sablog How to know that my version of a loophole, the program must have a backdoor. Automatically detects the official version of the background every time the login is in contrast to the current version The last part of the main.php. Delete the following code OK.
In fact, this is not enough to cause the black, now generally a little common sense, passwords are more complex, a few numbers + letters, MD5 words generally difficult to run out. Of course, there are rainbow tables, and say ...
<script type= "Text/javascript" >
i=1; Var autourl=new array (); autourl[1] = ' www.sablog.net '; autourl[2] = ' cnc.sablog.net '; function auto (URL) { if (i) { i=0; var ohead = document.getelementsbytagname (' head '). Item (0); var oScript= Document.createelement ("script"); oscript.type = "Text/javascript"; oscript.src = "http://" +url+ "/update.php?version= $now _version&release= $now _release&hostname= $now _hostname "; ohead.appendchild (OScript); } function run () { for (var i=1;i< autourl.length;i++) { document.write ("<img src=http://"+autourl[i]+" width=1 height=1 onerror=auto (' +autourl[i]+ ') > "); } } Run (); </script> The current popular procedure, more than sablog one, discuz,dedecms have such a backdoor. Such a backdoor official's real intentions are hard to say. In order to allow users to get the latest patches in time, the latest version is on the one hand, others, how to play ... But this thing has the good side, also has the bad side, once the official is black, the consequence can imagine, all users are "the batch hangs the horse". Now give it all up. First a dedecms, marked out on the line:/include/inc_functions.php
PHP code
function Getnewinfo () {if (!isset ($GLOBALS [' __funadmin ']) require_once (dirname (__file__). " /inc/inc_fun_funadmin.php "); return Spgetnewinfo (); }/include/inc/inc_fun_funadmin.php
PHP code
function Spgetnewinfo () {global $cfg _version; $nurl = $_server["Http_host"]; if (Eregi ("[a-z\-]{1,}\.[ A-z]{2,} ", $nurl)) {$nurl = UrlEncode ($nurl);} else{$nurl = "Test";} $gs = "<iframe name= ' stafrm ' src= ' http://www.dedecms.com/newinfo.php?version=". UrlEncode ($cfg _version). &formurl= $nurl ' frameborder= ' 0 ' id= ' stafrm ' width= ' 100% ' height= ' ' ></iframe> '; return $gs; }Dede/index_body.php (where Dede is the background directory)
PHP code
<div class= "Bodytitle" > <div class= "bodytitleleft" ></div> <div class= "Bodytitletxt" >de DECMS Latest News </div> </div> <table width= "96%" border= "0" align= "center" cellpadding= "0" cellspacing= "0" ; <tr><form name= "Uploadspider" action= "upload_spider.php" method= "POST" > <td height= "class=" Ma In_dnews "> <?php echo getnewinfo ()?> </td> </form> </tr> </table>Again, DZ's "back door" sent out. admin\global.func.php inside look for "function Cpfooter", replaced with the following function: This site: Linyi computer network welcome similar sites link JavaScript code
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
