dedecms has been a very fire station CMS, mainly due to the support of the two major webmaster nets; but, people fire is not much, CMS too fire, the same will be ulterior motives of people eyeing. My site has been in use dedecms, some time ago once again under attack, attack the purpose is very simple, it is the black chain, that slightly revised code was restored, not very serious; this time the site was inexplicable to upload files, similar to the former one, while the other party has not enough time to modify the website but this template, indicating the site safety precaution is not in place, the other may ever again have administrator privileges, so to special Caution! Prevention measures website.
because I love it, so I go online to find the relevant information, found that this is indeed the dedecms vulnerabilities, hackers can bypass the regular detection using multidimensional variables, vulnerability mainly occurred in /plus/mytag_js.php, is the principle of a MySQL database to attack known website database, by writing a sentence to in the database code, as long as the success of writing, then can use the code to obtain the admin privileges.
binding site was attacked has people of similar experience, the hacker files written mainly exist in the /plus/ folder, currently known several files including ga.php, log.php, b.php, b1.php, file feature is short, very little content, when writing is not very convenient, but the code is no small.
below, this is part of the code in the ga.php file:
< title> login< /title> no<? > php
code than it intercepted to long, but is this code duplication, as log.php code, with the similar, only one sentence, simple and clear, if you have some understanding of network security, then PHP will know is a Trojan horse, using part of the specified tool can execute it section of the code, is expected to break the password function.
already knows what kind of vulnerability the other party is using, and knows what the other party uses