I don’t really care about the prompt box. How does SABLOG know that my version has vulnerabilities? The program must have a backdoor. Every time I log in to the background, it automatically detects the official version and compares it with the current version. Well, I found it later. In templates/admin/ The last part of main.php. Delete the following code and it will be OK.
In fact, this is not enough to cause being hacked. Nowadays, it is generally common sense. The passwords are relatively complex, a few numbers + a few letters, and MD5 is usually very simple. It’s difficult to escape. Of course, if there is a rainbow table, let’s talk about it...
Copy code The code is as follows:
Copy the code
The code is as follows:
/include/inc_functions.php function GetNewInfo(){ if(!isset($GLOBALS['__funAdmin'])) require_once(dirname(__FILE__)."/inc/inc_fun_funAdmin.php"); return SpGetNewInfo(); }
/include/inc/inc_fun_funAdmin.php
function SpGetNewInfo(){
global $cfg_version;
$nurl = $_SERVER["HTTP_HOST"];
if( eregi("[a-z -]{1,}.[a-z]{2,}",$nurl) ){ $nurl = urlencode($nurl); }
else{ $nurl = "test"; }
$gs = "
";
return $gs;
}
dede/index_body.php (where dede is the backend directory)
< ;form name="uploadspider" action="upload_spider.php" method="post">
|
Release the "back door" of DZ Search "function cpfooter" in .adminglobal.func.php and replace it with the following function:
Copy the code
The code is as follows:
function cpfooter() { global $version, $adminid, $db, $tablepre, $action, $bbname, $charset, $timestamp, $isfounder, $insenz; global $_COOKIE, $_SESSION , $_DCOOKIE, $_DCACHE, $_DSESSION, $_DCACHE, $_DPLUGIN, $sqldebug, $debuginfo; $infmessage = ''; ?>
=$infmessage?>
Statement:The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn