本文共 1302 字,大约阅读时间需要 4 分钟。
原TP项目是5.0.10,近日,在登录后台时,
域名/admin,跳转到网站首页。无法进入后台登录页面。然后发现,public/index.php竟然被改了。先升级到5.0.24。
还是被中枪。后来领导查看了nginx日志。
日志在 /home/wwwlogs/域名.log发现了某个上传图片的目录下,竟然有.php文件。
192.168.100.1 - - [06/Mar/2019:14:16:35 +0800] "POST /uploads/image/chinaword/2017/06/a60a38662b5ddcd5cfdf365ca97af24c.php HTTP/1.1" 200 3355 "http://域名/uploads/image/chinaword/2017/06/a60a38662b5ddcd5cfdf365ca97af24c.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36"192.168.100.1 - - [06/Mar/2019:14:16:36 +0800] "GET /comon.php HTTP/1.1" 200 827 "http://域名/uploads/image/chinaword/2017/06/a60a38662b5ddcd5cfdf365ca97af24c.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36"192.168.100.1 - - [06/Mar/2019:14:16:47 +0800] "GET /static/a_v1/images/music.mp3 HTTP/1.1" 206 1797277 "http://域名/index/special/index?sid=11&nid=1" "Mozilla/5.0 (Linux; Android 5.1; HUAWEI TIT-CL10 Build/HUAWEITIT-CL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044504 Mobile Safari/537.36 MMWEBID/6428 MicroMessenger/7.0.3.1400(0x2700033A) Process/tools NetType/4G Language/zh_CN"
然后删掉就好了。
在TP官网上,有许多相关话题。大家遇到的情况不一样。搜索:漏洞转载于:https://blog.51cto.com/phpervip/2361041