某基于DEDECMS5.5网站的安全检测初步报告

原创文章：未经许可，禁止转载 。PDF版地址:http://www.if9.cn/Documentation/新手卡UU8网站安全检测报告.pdf
                                                    某基于DEDECMS5.5网站的安全检测初步报告
问题解决：
1、
/include/arc.memberlistview.class.php
 
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1124</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1124</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1304</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1304</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1334</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1334</b><br />
 
此处代码删除。
 
2、
/include/userlogin.class.php
 
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1124</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1124</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1304</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1304</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :

eval()'d code(3) : eval()'d code</b> on line <b>1334</b><br />
<br />
<b>Warning</b>:    Call-time pass-by-reference has been deprecated in <b>D:/77595.com/data/cache/yhs.php(3) :
eval()'d code(3) : eval()'d code</b> on line <b>1334</b><br />
 
此处代码删除
程序方面初步分析完毕，解决了报错的问题。
 
数据库分析：
经过分析，所给的数据库结构一切正常，并未发现后门残留。故略。
 
问题初步分析：
对方利用的 DEDE 的 0-day 漏洞实现了数据库注入，并且在上述两个文件中加入了伪代码。初步估计对方
并未取得高级权限，可能并未造成大面积破坏，上述代码也仅仅只能实现一个 Warning 警告，并非一句话
木马。 
 
此网站架构分析：
由于拿到的安全样本并非服务器直接即时 Copy，故无检测意义。
建议此网站做一次彻底的安全检测，从程序架构到服务器安全。然后我再提供详细的检测报告。
 
问题解决时间：
13 分钟
 
解决人：
 
林籁泉韵      受教于国内十大安全专家 root，05 年之前混迹黑客界用名：.COM.CN
                  受朋友邀请友情检测。