慧聪网某站发现大量后门(已成功爆破) 站点:http://118.194.32.61/Login.aspx
#1.通过扫描器扫描到有FCKeditor,我们先看看这个http://118.194.32.61/FCKeditor/editor/fckeditor.html,点击插入图片,然后浏览服务器:
#2.发现有shell,看来这位小朋友成功的利用了iis6的解析漏洞,是一句话地址:http://118.194.32.61//userfiles/file/temp_jm.asp;(1).jpg
在根目录下还发现这位小朋友的大马[http://118.194.32.61/xpy.asp;1.jpg],密码是:123bowen,不知道厂商会不会查杀这些木马,估计该站还残留大黑阔们的马儿,希望厂商能够注重安全,忽视小的安全隐患可能会带来大问题,
慧聪网某站发现大量后门(已成功爆破)
。
#4.具体的其它漏洞我就没去看了,既然已经猜到了一句话密码,直接连就可以得到shell,
电脑资料
《慧聪网某站发现大量后门(已成功爆破)》(https://www.unjs.com)。顺便提醒下厂商以下文件可能被利用:http://118.194.32.61/FCKeditor/editor/filemanager/connectors/uploadtest.html
http://118.194.32.61/FCKeditor/editor/filemanager/connectors/ 列目录
http://118.194.32.61/fckeditor/editor/fckeditor.original.html
http://www.myhack58.com/FCKeditor/editor/filemanager/connectors/test.html
http://118.194.32.61/fckeditor/editor/filemanager/connectors/test.html
http://118.194.32.61/fckeditor/editor/filemanager/connectors/uploadtest.html
修复方案:
设置不可列目录、删除有害的测试页面,升级到最新版编辑器、自评8rank