DedeCMS顽固木马后门专杀工具V2.0实现方式研究

catalog

. 安装及使用方式
. 检查DEDECMS是否为最新版本
. 检查默认安装(install)目录是否存在
. 检查默认后台目录(dede)是否存在
. 检查DedeCMS会员中心是否关闭
. 检查是否存在高风险的若密码账户
. 后台友情链接xss漏洞
. /plus/search.php SQL注入漏洞
. /plus/feedback.php SQL注入漏洞
. /plus/feedback_ajax.php SQL注入或XSS漏洞漏洞
. /include/dedesql.class.php 变量覆盖漏洞
. /include/uploadsafe.inc.php SQL注入漏洞
./member/buy_action.php SQL注入漏洞
. DedeCMS数据库里的恶意代码检测
. webshell后门检测
. 高级木马查杀

1. 安装及使用方式

0x1: 下载源代码

http://tool.scanv.com/dede_killer_v2.zip?spm=5176.7189909.0.0.gvKCDt&file=dede_killer_v2.zip

code

<?php
define('PASSWORD', ''); // 第一次使用请把123修改为您自己的密码。
define('DATADIR', 'data'); // 如果您的网站自定义了data目录,请在这里修改。 define("UPLOAD", ); // 恶意代码上传接口开关。如果您要关闭请设置为0。
define('VERSION', ); //版本信息。
define('UPDATE_URL_JS', 'http://tool.scanv.com/dedekiller/update_ver.php');
define('UPDATE_URL', 'http://tool.scanv.com/dedekiller/update_utf.php');
define('UPLOAD_URL', 'http://tool.scanv.com/dedekiller/recvfile.php?host='.$_SERVER['SERVER_NAME']); error_reporting();
set_time_limit(); ini_set("memory_limit", "100m");
header("Content-type: text/html;charset=utf-8"); if(!isset($_COOKIE['dedekillerpwd']) || $_COOKIE['dedekillerpwd'] != md5(PASSWORD)) { if($_SERVER['REQUEST_METHOD']=='GET'){
echo <<< ENT
<html lang="zh"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="Content-Type" content="text/html; charset="gb2312" />
<style>
body {
font-family: "Helvetica Neue", Helvetica, Microsoft Yahei, Arial, sans-serif;
background-color: #f8f8f8;
color: #;
}
a {
color: #09c;
text-decoration: none;
}
a:hover {
color: #08a;
text-decoration: underline;
}
input{
border: 1px solid #CCCCCC;
border-radius: 3px 3px 3px 3px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
color: #;
display: inline-block;
line-height: normal;
padding: 4px;
width: 80px;
}
.hero-unit {
margin: auto auto;
font-size: 18px;
font-weight: ;
line-height: 30px;
border-radius: 6px;
padding: 20px 60px 10px;
}
.hero-unit>h2 {
text-shadow: 2px 2px 2px #ccc;
font-weight: normal;
}
.btn {
display: inline-block;
padding: 6px 12px;
margin-bottom: ;
font-size: 14px;
font-weight: ;
line-height: 1.428571429;
text-align: center;
white-space: nowrap;
vertical-align: middle;
cursor: pointer;
border: 1px solid transparent;
border-radius: 4px;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
-o-user-select: none;
user-select: none;
}
.btn:focus {
outline: thin dotted #;
outline: 5px auto -webkit-focus-ring-color;
outline-offset: -2px;
} .btn:hover,
.btn:focus {
color: #ffffff;
text-decoration: none;
} .btn:active,
.btn.active {
outline: ;
-webkit-box-shadow: inset 3px 5px rgba(, , , 0.125);
box-shadow: inset 3px 5px rgba(, , , 0.125);
} .btn-default {
color: #ffffff;
background-color: #;
border-color: #;
} .btn-default:hover,
.btn-default:focus,
.btn-default:active,
.btn-default.active {
background-color: #3a3c3c;
border-color: #2e2f2f;
}
.btn-success {
color: #ffffff;
background-color: #5cb85c;
border-color: #5cb85c;
} .btn-success:hover,
.btn-success:focus,
.btn-success:active,
.btn-success.active {
background-color: #4cae4c;
border-color: #449d44;
}
.btn-primary {
color: #ffffff;
background-color: #428bca;
border-color: #428bca;
} .btn-primary:hover,
.btn-primary:focus,
.btn-primary:active,
.btn-primary.active {
background-color: #357ebd;
border-color: #3071a9;
}
.main {
width: 960px;
margin: auto;
}
.title, .check{
text-align: center;
}
.check button {
width: 200px;
font-size: 20px;
}
.check a.btn {
color: #ffffff;
text-decoration: none;
}
.content {
margin-top: 20px;
padding: 15px 30px 30px;
box-shadow: 1px 1px #aaa;
background: #fff;
}
dt {
font-size: 25px;
}
table {
width: %;
border-collapse:collapse;
border-spacing: ;
}
th, td {
text-align: left;
}
td {
border-bottom: solid 1px #e0e0e0;
height: 40px;
vertical-align: top;
line-height: 40px;
}
.item_t td {
border-bottom: ;
}
.item_y {
word-wrap: break-word;
word-break: break-word;
width: 860px;
color: Red;
text-indent: 1em;
padding-bottom: 10px;
}
.yt, .yv {
line-height: .7em;
}
.yt {
color: #f00;
}
.yv {
color: #00f;
font-size: 12px;
}
.item_n {
width: 860px;
color: #0a0;
text-indent: 1em;
}
.ads>ul {
list-style: none;
padding: ;
}
.ads>ul>li {
float: left;
padding-right: 20px;
}
.foot {
text-align: center;
font-size: 13px;
}
.clearfix:before,
.clearfix:after {
display: table;
content: " ";
}
.clearfix:after {
clear: both;
} </style>
</head>
<body>
<div class="main">
<div class="hero-unit">
<h2 class="title">DedeCMS顽固木马后门专杀工具 V 2.0</h2>
<div class="check">
<form method="post" action="">
管理密码:<input type="text" name="pwd" />
<input type="submit" value="登陆" />
</form>
<table>
<tbody>
<thead>
<tr><td class="item">该工具为<a href='http://zhanzhang.anquan.org'>安全联盟站长平台</a>针对DedeCMS爆发的90sec.php等顽固木马后门而定制的专杀工具。</td></tr>
<tr><td class="item">主要有如下特点:一切为加强DedeCMS安全而生!</td></tr>
<tr><td class="item">-->.扫瞄并修补漏洞,从安全设置上加强DedeCMS自身的安全防御(根本上解决90sec.php等顽固木马的“病因”)</td></tr>
<tr><td class="item">-->.清扫数据库(根本上解决90sec.php等顽固木马“复发”问题) </td></tr>
<tr><td class="item">-->.查杀多种网站木马后门及恶意DDos脚本(解决90sec.php等顽固木马基本“症状”) </td></tr>
<tr><center><a class="jl" target="_blank" href="http://bbs.anquan.org/forum.php?mod=forumdisplay&fid=162">使用教程</a> 安全联盟站长交流群:</center></tr>
</thead>
</tbody>
</table>
</div>
</div>
</body>
</html>
ENT;
die();
} else {
if (isset($_POST['pwd']) && $_POST['pwd'] == PASSWORD){
if ($_POST['pwd'] == '') {
echo "<script>alert(\"修改默认密码,才能正常登陆!方法:记事本打开本文件把代码:define('PASSWORD', '123'); 里的123修改为您的密码,建议密码设置复杂点!\");</script>";
die();
} $mypwd = md5(PASSWORD);
setcookie('dedekillerpwd', $mypwd);
echo "<script>document.cookie='dedekillerpwd=".$mypwd."';window.location.href='';</script>";
die(); } else {
echo "<script>alert('密码不正确');</script>";
die();
}
}
} //检测是否存放至根目录
if(!file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.DATADIR.DIRECTORY_SEPARATOR.'common.inc.php'))
{
echo <<< ENT
<html>
<head>
<title>DedeCMS顽固木马后门专杀工具提示</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<base target='_self'/>
<style>div{line-height:%;}</style></head>
<body leftmargin='' topmargin='' bgcolor='#FFFFFF'>
<center>
<script>
document.write("<br /><div style='width:450px;padding:0px;border:1px solid #DADADA;'><div style='padding:6px;font-size:12px;border-bottom:1px solid #DADADA;background:#DBEEBD ';'><b>DedeCMS顽固木马后门专杀工具提示!</b></div>");
document.write("<div style='height:130px;font-size:10pt;background:#ffffff'><br />");
document.write("请将该文件放到您站点的根目录,和index.php同一级目录");
</script>
</center>
</body>
</html> ENT; exit();
} define('DEDEROOT', str_replace("\\", '/', dirname(__FILE__) ) );
define('DEDEINC', str_replace("\\", '/', dirname(__FILE__) )."/include" );
define('DEDEDATA', DEDEROOT.DIRECTORY_SEPARATOR.DATADIR); //数据库配置文件
require_once(DEDEINC.'/common.func.php');
require_once(DEDEDATA.'/common.inc.php'); if(file_exists(DEDEDATA.'/helper.inc.php'))
{
require_once(DEDEDATA.'/helper.inc.php');
// 若没有载入配置,则初始化一个默认小助手配置
if (!isset($cfg_helper_autoload))
{
$cfg_helper_autoload = array('util', 'charset', 'string', 'time', 'cookie');
}
// 初始化小助手
helper($cfg_helper_autoload);
} //检测是否存在变量覆盖
$arrs1 = array(0x6E,0x73,0x6C,0x6D,0x73,0x74,0x7A); //nslmstz
$arrs2 = array(0x6A,0x75,0x73,0x74,0x34,0x66,0x75,0x6E); //just4fun require_once(dirname(__FILE__).'/include/dedesql.class.php'); //启用session,防止后期恶意用户操作
session_save_path(DEDEDATA.DIRECTORY_SEPARATOR.'sessions');
session_start(); class Checker{ // 存在安装目录与否
public $bExistInstall = false; // 存在变量覆盖漏洞与否
public $bExistVul = false; // myTag表中是否存在恶意数据
public $bMytagEvil = false; // myad表中是否存在恶意数据
public $bMyadEvil = false; public $bFlinkEvil = false; public $bSearchEvil = false; public $bFeedBackEvil = false; public $bUploadSafeEvil = false; public $bMemberBuyActionEvil = false; public $bFeedBackajaxEvil = false; public $bWrongSetting = false; // myTag中的恶意数据
public $aEvilMytagData = array(); // myAd中的恶意数据
public $aEvilMyadData = array(); // userlist
public $aUserList = array(); // dede version
public $aVersion = array(); public $arFlinkData = array(); // 本文件所在目录,也就是跟目录
private $_currentDir = ''; public $strDefaultAdminDir = '';
public $strWeakPasswd = ''; // 该文件的名字
private $_curFileName = ''; // 排除扫描的文件,使用正则表示
private $_excludeFile = ''; function __construct(){
//设置排除文件
$url = $_SERVER['PHP_SELF'];
$filename = end(explode("/", $url));
$this->_curFileName = $filename;
$sessionFile = "sess_\\w{26}";
$this->_excludeFile = "#".$filename.'|'.$sessionFile.'#';
$this->_currentDir = dirname(__FILE__);
} public function start(){
$this->isExistInstall();
$this->isExistVul();
$this->isMytagEvil();
$this->isMyadEvil();
$this->listAllUser();
$this->getVersion();
$this->checkFlinkVul();
$this->checkSearchSqlInjectVul();
$this->checkFeedBackSqlInjectVul();
$this->checkFeedBackajaxVul();
$this->checkUploadSafeSqlInjectVul();
#$this->checkDefaultAdminDir();
$this->checkMemberBuyActionSqlInject();
$this->checkFlinkData();
$this->checkWeakPasswd();
$this->checkSetting(); $this->storeToSession();
} public function getVersion(){
$removeVerArray = @file("http://updatenew.dedecms.com/base-v57/verinfo.txt");
$localVer = @file_get_contents(DEDEDATA."/admin/ver.txt"); if(empty($localVer)){
$localVer = "unknown";
} $removeVer = $removeVerArray[count($removeVerArray)-];
$removeVer = substr($removeVer, , ); if($localVer != $removeVer){
$this->aVersion = array(, $localVer, $removeVer);
}else{
$this->aVersion = array(, $localVer, $removeVer);
} } /**
* 判断是否存在安装目录,并设置$this->bExistInstall
*
* @param none
*
* @return bool 结果
*/
public function isExistInstall(){
if(is_dir(dirname(__FILE__).'/install/')){
$this->bExistInstall = true;
return true;
}else{
$this->bExistInstall = false;
return false;
}
} /**
* 判断是否存在变量覆盖漏洞,并设置$this->bExistVul
*
* @param string $paramName 自定义变量覆盖名字
* @param string $paramValue 自定义变量的值
*
* @return bool结果
*/
public function isExistVul($paramName='nslmstz', $paramValue='just4fun'){
//var_dump($GLOBALS);
if(isset($GLOBALS[$paramName]) and $GLOBALS[$paramName] == $paramValue){
$this->bExistVul = true;
return true;
}else{
$this->bExistVul = false;
return false;
}
} /**
* 检测myTag表中是否存在恶意数据
*
* @return bool 结果
*/
public function isMytagEvil(){
$this->aEvilMytagData = $this->checkData('mytag'); if($this->aEvilMytagData){
$this->bMytagEvil = true;
return true;
}else{
$this->bMytagEvil = false;
return false;
}
} /**
* 检测myAd表中是否存在恶意数据
*
* @return bool 结果
*/
public function isMyadEvil(){
$this->aEvilMyadData = $this->checkData('myad'); if($this->aEvilMyadData){
$this->bMyadEvil = true;
return true;
}else{
$this->bMyadEvil = false;
return false;
}
} /**
* list all the users
*
* @return none
*/
public function listAllUser(){
global $dsql;
$arWeakPasswd = array('', 'admin', 'admin123', 'dede', 'test', 'password', ''); $dsql->SetQuery("SELECT id, pwd, userid FROM #@__admin");
$dsql->Execute(); while($row = $dsql->GetArray()){
$this->aUserList[$row['id']] = array($row['userid']);
$strPwd = $row['pwd'];
foreach($arWeakPasswd as $key => $strWeakPasswd) {
if(strpos(md5($strWeakPasswd), $strPwd) !== false){
$this->aUserList[$row['id']][] = $strWeakPasswd;
break;
}
}
}
return $this->aUserList;
} public function checkFlinkVul(){
$arVulFileContent = @file('plus/flink.php'); if($arVulFileContent) {
$strVulFileContent = @file_get_contents('plus/flink.php');
if(substr_count($strVulFileContent, '$logo') != ) {
$this->bFlinkEvil = false;
return false;
} if(strpos(trim($arVulFileContent[]), '$logo = htmlspecialchars($logo);') === false) {
$this->bFlinkEvil = false;
return false;
} if(strpos(trim($arVulFileContent[]), 'VALUES(\'50\',\'$url\',\'$webname\',\'$logo\',\'$msg\',\'$email\',\'$typeid\',\'$dtime\',\'0\')') === false) {
$this->bFlinkEvil = false;
return false;
} $this->bFlinkEvil = true;
return true;
}
$this->bFlinkEvil = false;
return false;
} public function checkSearchSqlInjectVul() {
$strFileContent = @file_get_contents('plus/search.php'); if($strFileContent) {
if(strpos($strFileContent, '$typeid = intval($typeid);') !== false) {
$this->bSearchEvil = false;
return false;
} else {
$this->bSearchEvil = true;
return true;
}
} $this->bSearchEvil = false;
return false;
} public function checkFeedBackSqlInjectVul() {
$strFileContent = @file_get_contents('plus/feedback.php'); if($strFileContent) {
if(strpos($strFileContent, '$arctitle = addslashes($row[\'arctitle\']);') !== false) {
$this->bFeedBackEvil = false;
return false;
} else {
$this->bFeedBackEvil = true;
return true;
}
} $this->bFeedBackEvil = false;
return false;
} public function checkFeedBackajaxVul() {
$strFileContent = @file_get_contents('plus/feedback_ajax.php'); if($strFileContent) {
if(strpos($strFileContent, '$arctitle = addslashes(RemoveXSS($title));') !== false) {
$this->bFeedBackajaxEvil = false;
return false;
} else {
$this->bFeedBackajaxEvil = true;
return true;
}
} $this->bFeedBackajaxEvil = false;
return false;
} public function checkUploadSafeSqlInjectVul() {
// 检测是否存在注入
$superhei = 'superhei.avi';
$GLOBALS['_FILES']['superhei']['tmp_name'] = "justforfun\\\\'";
$GLOBALS['_FILES']['superhei']['name'] = 'superhei.avi';
$GLOBALS['_FILES']['superhei']['size'] = ;
$GLOBALS['_FILES']['superhei']['type'] = 'super/hei'; if (!is_file(DEDEINC.DIRECTORY_SEPARATOR.'uploadsafe.inc.php')) {
$this->bUploadSafeEvil = false;
return false;
} @include(DEDEINC.DIRECTORY_SEPARATOR.'uploadsafe.inc.php'); if ($superhei == "justforfun\\\\'") {
$this->bUploadSafeEvil = false;
return false;
} else {
$this->bUploadSafeEvil = true;
return true;
}
} public function checkMemberBuyActionSqlInject() {
$strFileContent = @file_get_contents(DEDEROOT.DIRECTORY_SEPARATOR.'member/buy_action.php'); if($strFileContent) {
if(strpos($strFileContent, 'mchStrCode($string, $operation = \'ENCODE\')') !== false) {
$this->bMemberBuyActionEvil = false;
return false;
} else {
$this->bMemberBuyActionEvil = true;
return true;
}
} $this->bMemberBuyActionEvil = false;
return false;
} /**
*check default admin dir
*/
public function checkDefaultAdminDir() {
$arDefaultDir = array('/dede/login.php', '/admin/login.php', '/manager/login.php');
foreach($arDefaultDir as $key => $strDefaultDir) {
$strFileName = realpath($this->_currentDir.DIRECTORY_SEPARATOR.$strDefaultDir);
if ($strFileName) {
$this->strDefaultAdminDir = dirname($strFileName);
break;
}
} } /*
* check weak password
*/ public function checkWeakPasswd() {
global $dsql; $dsql->SetQuery("SELECT pwd FROM #@__admin");
$dsql->Execute(); while($row = $dsql->GetArray()){ }
} public function checkFlinkData() {
global $dsql; $dsql->SetQuery("SELECT id, logo, url FROM #@__flink");
$dsql->Execute(); while($row = $dsql->GetArray()){
$strLogo = $row['logo'];
$strUrl = $row['url'];
if(strpos($strLogo, array('\'', '<')) !== false || strpos($strUrl, array('<', '\'')) !== false) {
$this->arFlinkData[$row['id']] = array($row['logo'], $row['url']);
}
}
} public function checkSetting() {
global $dsql; $dsql->SetQuery("SELECT value FROM #@__sysconfig where varname='cfg_mb_open'");
$dsql->Execute(); $row = $dsql->GetArray(); if($row['value'] == "Y") {
$this->bWrongSetting = true;
return true;
}
return false;
} /**
* 检测表中是否存在恶意数据
*
* @param string $tableName 需要检查的表
*
* @return array 返回可能是恶意数据的数组
*/
private function checkData($tableName){
global $dsql;
$evilData = array(); $dsql->SetQuery("SELECT aid, normbody, expbody FROM #@__".$tableName);
$dsql->Execute(); while($row = $dsql->GetArray()){
$checkContent = $row['normbody'].$row['expbody'];
if(strpos($checkContent, '<?') !== false){
$evilData[$row['aid']] = array($row['normbody'], $row['expbody']);
}
}
return $evilData; } /**
* 将所有检测结果存放入session中
*
* @return none
*/
private function storeToSession(){
session_unset();
$_SESSION['bExistInstall'] = $this->bExistInstall;
$_SESSION['bExistVul'] = $this->bExistVul;
$_SESSION['bMyadEvil'] = $this->bMyadEvil;
$_SESSION['bMytagEvil'] = $this->bMytagEvil;
$_SESSION['bFlinkEvil'] = $this->bFlinkEvil;
$_SESSION['bWrongSetting'] = $this->bWrongSetting;
$_SESSION['bFeedBackEvil'] = $this->bFeedBackEvil;
$_SESSION['bFeedBackajaxEvil'] = $this->bFeedBackajaxEvil;
$_SESSION['bSearchEvil'] = $this->bSearchEvil;
$_SESSION['bUploadSafeEvil'] = $this->bUploadSafeEvil;
# $_SESSION['strDefaultAdminDir'] = $this->strDefaultAdminDir;
$_SESSION['bMemberBuyActionEvil'] = $this->bMemberBuyActionEvil;
$_SESSION['strWeakPasswd'] = $this->strWeakPasswd;
$_SESSION['aEvilMyadData'] = $this->aEvilMyadData;
$_SESSION['aEvilMytagData'] = $this->aEvilMytagData;
$_SESSION['aEvilFlinkData'] = $this->arFlinkData;
$_SESSION['aUserList'] = $this->aUserList;
$_SESSION['aVersion'] = $this->aVersion;
} }; class Cleaner{ // 存在安装目录与否
public $bExistInstall = false; // 存在变量覆盖漏洞与否
public $bExistVul = false; // myTag表中是否存在恶意数据
public $bMytagEvil = false; // myad表中是否存在恶意数据
public $bMyadEvil = false; // 存在后门与否
public $bExistBackdoor = false; // myTag中的恶意数据
public $aEvilMytagData = array(); // myAd中的恶意数据
public $aEvilMyadData = array(); public $aEvilFlinkData = array(); // 后门文件
public $aBackdoorFiles = array(); // userlist
public $aUserList = array(); // 本文件所在目录,也就是跟目录
private $_currentDir = ''; function __construct(){
$this->bExistInstall = isset($_SESSION['bExistInstall']) ? $_SESSION['bExistInstall']: false;
$this->bExistVul = isset($_SESSION['bExistVul']) ? $_SESSION['bExistVul']: false;
$this->bMyadEvil = isset($_SESSION['bMyadEvil']) ? $_SESSION['bMyadEvil']: false;
$this->bMytagEvil = isset($_SESSION['bMytagEvil']) ? $_SESSION['bMytagEvil']: false;
$this->bExistBackdoor = isset($_SESSION['bExistBackdoor']) ? $_SESSION['bExistBackdoor']: false;
$this->aEvilFlinkData = isset($_SESSION['aEvilFlinkData']) ? $_SESSION['aEvilFlinkData']: false;
$this->aEvilMyadData = isset($_SESSION['aEvilMyadData']) ? $_SESSION['aEvilMyadData']: array();
$this->aEvilMytagData = isset($_SESSION['aEvilMytagData']) ? $_SESSION['aEvilMytagData']: array();
$this->aBackdoorFiles = isset($_SESSION['aBackdoorFiles']) ? $_SESSION['aBackdoorFiles']: array();
$this->aUserList = isset($_SESSION['aUserList']) ? $_SESSION['aUserList']: array(); $this->_currentDir = dirname(__FILE__); } /**
* 检测表中是否存在恶意数据
*
* @return bool
*/
public function delInstallDir(){
if(!$this->bExistInstall)
return; if($this->delTree($this->_currentDir.'/install/')){
$this->bExistInstall = false;
unset($_SESSION['bExistInstall']);
return ture;
}else{
return false;
} } /**
* 删除myAd表中的恶意数据
*
* @param string $myadId
*
* @return bool
*/
public function delMyadData($myadId){
global $dsql; $rowId = intval($myadId);
if(!array_key_exists($rowId, $this->aEvilMyadData))
return false; return $dsql->ExecuteNoneQuery2("DELETE FROM #@__myad WHERE aid=".$rowId); } /**
* 删除myTag表中的恶意数据
*
* @param string $mytagId
*
* @return bool
*/
public function delMytagData($mytagId){
global $dsql; $rowId = intval($mytagId);
if(!array_key_exists($rowId, $this->aEvilMytagData))
return false; return $dsql->ExecuteNoneQuery2("DELETE FROM #@__mytag WHERE aid=".$rowId);
} public function delFlinkData($flinkId){
global $dsql; $rowId = intval($flinkId);
if(!array_key_exists($rowId, $this->aEvilFlinkData))
return false; return $dsql->ExecuteNoneQuery2("DELETE FROM #@__flink WHERE id=".$rowId);
} public function delBackdoor($fileId, $bUpload=true){
$fileId = intval($fileId);
$bUpload = UPLOAD; if(!array_key_exists($fileId, $this->aBackdoorFiles)){
return false;
} if ($bUpload) {
$fileName = $this->aBackdoorFiles[$fileId][];
//$fileContent = file_get_contents($fileName); sendFileRequest(UPLOAD_URL, $fileName);
} return @unlink($this->aBackdoorFiles[$fileId][]); } /**
* 删除myTag表中的恶意数据
*
* @param string $userId
*
* @return bool
*/
public function delUser($userId){
global $dsql; $rowId = intval($userId);
if(!array_key_exists($rowId, $this->aUserList))
return false; return $dsql->ExecuteNoneQuery2("DELETE FROM #@__admin WHERE id=".$rowId);
} public function chgDefaultAdminDir($dir){
$strDefaultAdminDir = realpath('dede');
$dir = $this->_currentDir.DIRECTORY_SEPARATOR.$dir; if(is_dir($dir)) {
return false;
} return @rename("dede/", $dir);
} /**
* 删除一个目录
*
* @param string $dir 需要检查的表
*
* @return bool 成功与否
*/
private function delTree($dir) {
$files = array_diff(scandir($dir), array('.','..'));
foreach ($files as $file) {
(is_dir("$dir/$file")) ? $this->delTree("$dir/$file") : unlink("$dir/$file");
}
return rmdir($dir);
} } class BackdoorChcker { private $_strCurDir = ''; public $bExistBackdoor = false; // 后门文件
public $aBackdoorFiles = array(); // 后门指纹
private $_strBackdoorPrint = "#(exec|base64_decode|edoced_46esab|eval|system|proc_open|popen|curl_exec|curl_multi_exec|parse_ini_file|show_source)\\s*?\\(\\s*?\\\$(_POST|_GET|_REQUEST|GLOBALS)#is"; // 检测关键字
private $_arBadWord = array('90sec','Copyright spider Clean Backdoor','Eval PHP Code','Udp1-fsockopen','xxddos'); function __construct() {
$this->_strCurDir = realpath(dirname(__FILE__));
} /**
* get all the dirs , store to a array 广度优先
* @param string strDirectory 指定扫描目录 ./data/
* @param bool bRecursive 是否递归扫描
* @param int nDirLimit 扫描目录个数
* @param func callback 回调函数
*
* @return array 返回所有目录,array 表示
*/
private function getDirsArray($strDirectory, $bRecursive=true, $nDirLimit=, $callback=null) {
$nNext = ;
$strCurDir = $strDirectory;
$arAllDirs = array($strCurDir); while(true) {
$arCurDirs = glob($strCurDir.'/*', GLOB_ONLYDIR); if (count($arCurDirs) > ) {
foreach ($arCurDirs as $key => $strEachDir) {
$strEachDir = realpath($strEachDir);
if ($nDirLimit && count($arAllDirs) == $nDirLimit) {
break;
} if ($callback) {
if (function_exists($callback)) {
call_user_func_array($callback, array($strEachDir));
}
} $arAllDirs[] = realpath($strEachDir);
}
} if (! $bRecursive ) {
break;
} if ($nNext == count($arAllDirs)) {
break;
} $strCurDir = $arAllDirs[$nNext];
$nNext = $nNext + ;
} return $arAllDirs;
} /**
* 遍历所有文件
* @param array $arDirectorys 列取哪些目录
* @param array $arFileTypes 指定文件后缀
* @param array $arExcludeFileTypes 排除文件类型
* @param array $arExcludeFiles 排除文件
* @param int $nMinFileSize 文件最小字节
* @param int $nMaxFileSize 文件最大字节
* @param int $nLimit 限定扫描文件个数
* @param bool $bStore 是否将结果存储
* @param null $callback 回调函数
*
* @return array
*/ private function getFilesArray($arDirectorys, $arFileTypes=array(), $arExcludeFileTypes=array(),
$arExcludeFiles=array(), $nMinFileSize=, $nMaxFileSize=,
$nLimit=, $bStore=true, $callback=null) {
$nFilesCount = ;
$arAllFiles = array();
$arFileType = array();
$arAllDirs = $arDirectorys; if($arFileTypes) {
foreach($arFileTypes as $key => $strType) {
$arFileType[] = "*.".$strType;
}
} else {
$arFileType[] = "*";
} foreach($arAllDirs as $key => $strEachDir) {
foreach($arFileType as $key => $strType) {
$arCurFiles = glob($strEachDir.'/'.$strType); foreach($arCurFiles as $key => $strEachFile) {
$strEachFile = realpath($strEachFile);
if (is_file($strEachFile)) {
if ($nLimit) {
if($nFilesCount == $nLimit) {
break ;
}
} // 判断最小文件
if ($nMinFileSize) {
if (filesize($strEachFile) < $nMinFileSize) {
continue;
}
} // 判断最大文件
if ($nMaxFileSize) {
if (filesize($strEachFile) > $nMaxFileSize) {
continue;
}
} $strEachFileName = basename($strEachFile); // 排除指定后缀的文件
if ($arExcludeFileTypes) {
foreach($arExcludeFileTypes as $key => $strEachExcludeType) {
if (strripos($strEachFileName, $strEachExcludeType) ===
strlen($strEachFileName) - strlen($strEachExcludeType)) {
continue ;
}
}
} // 排除指定文件
if ($arExcludeFiles) {
foreach($arExcludeFiles as $key => $strEachExcludeFile) {
$strEachFile = str_replace("\\", "/", $strEachFile);
if (preg_match("#".$strEachExcludeFile."#i", $strEachFile)) {
continue ;
}
}
} if ($callback) {
call_user_func_array($callback, array($strEachFile));
} if ($bStore) {
$arAllFiles[] = realpath($strEachFile);
}
$nFilesCount ++;
}
}
}
}
return $arAllFiles;
} private function CheckBackdoor($strFilePath) {
$mod = $_POST['mod']; $arFileContent = file($strFilePath);
foreach($arFileContent as $nLineNum => $strLineContent) {
if(preg_match($this->_strBackdoorPrint, $strLineContent)) {
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue;
} else if($this->_arBadWord) {
foreach($this->_arBadWord as $key => $value) {
if($mod==''){
if(stripos($strLineContent, $value) !== false) {
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue ;
}
}
if($mod==''){
if(preg_match("#(".$value.")[ \r\n\t]{0,}([\[\(])#i", $strLineContent)){
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue ;
}
}
}
}
}
unset($arFileContent); if ($this->aBackdoorFiles) {
$this->bExistBackdoor = true;
return true;
} else {
$this->bExistBackdoor = false;
return false;
} } private function storeToSession(){
session_unset();
$_SESSION['bExistBackdoor'] = $this->bExistBackdoor;
$_SESSION['aBackdoorFiles'] = $this->aBackdoorFiles;
} public function start($strDirectory="./", $arBadWord=array(), $arFileTypes=array(), $arExcludeFileTypes=array(),
$arExcludeFiles=array(), $nMinFileSize=, $nMaxFileSize=,
$nLimit=, $bStore=false) { $this->_strBackdoorPrint = @$_POST['BackdoorReg']; $strDirectory = realpath($strDirectory); if ( !stristr( $strDirectory, $this->_strCurDir)) {
$strDirectory = $this->_strCurDir;
} if ($nMinFileSize > $nMaxFileSize && $nMaxFileSize != ) {
$nMaxFileSize = ;
$nMinFileSize = ;
} if ($nLimit < ) {
$nLimit = ;
} if ($arBadWord) {
//$this->_arBadWord = array_merge($this->_arBadWord, $arBadWord);
$this->_arBadWord = $arBadWord;
} $arDirs = $this->getDirsArray($strDirectory); $this->getFilesArray($arDirs, $arFileTypes, $arExcludeFileTypes, $arExcludeFiles, $nMinFileSize, $nMaxFileSize, $nLimit, $bStore, array($this, "CheckBackdoor")); $this->storeToSession();
}
} class Misc {
public function update() {
$updateFile = sendGetRequest(UPDATE_URL);
if ($updateFile) {
return @file_put_contents(__FILE__, $updateFile);
}
}
} function sendGetRequest($url) {
if (function_exists('curl_init')) {
$ch = curl_init($url) ;
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true) ;
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true) ;
return curl_exec($ch) ;
} else {
return @file_get_contents($url);
}
} function sendFileRequest($url, $fileName) {
$filePath = urlencode(str_replace(dirname(__FILE__), "", $fileName));
$url = $url. "&p=".$filePath;
if (function_exists('curl_init')) {
$post = array('backdoor'=>'@'.$fileName);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST,);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$result=curl_exec ($ch);
curl_close ($ch);
//echo $result;
} else {
$fileName = basename($fileName);
$fileContent = file_get_contents($fileName);
$data = "";
$boundary = "---------------------".substr(md5(rand(,)), , );
$data .= "--$boundary\n";
$data .= "Content-Disposition: form-data; name=\"backdoor\"; filename=\"$fileName\"\n";
$data .= "Content-Type: application/octet-stream\n";
$data .= "Content-Transfer-Encoding: binary\n\n";
$data .= $fileContent."\n";
$data .= "--$boundary--\n"; $params = array('http' => array(
'method' => 'POST',
'header' => 'Content-Type: multipart/form-data; boundary='.$boundary,
'content' => $data
)); $ctx = stream_context_create($params);
@file_get_contents($url, false, $ctx);
}
} if($_SERVER['REQUEST_METHOD']=='GET' && isset($_GET['check']) && $_GET['check'] == ''){ $mychecker = new Checker();
$mychecker->start();
} if($_SERVER['REQUEST_METHOD']=='POST' && isset($_GET['check_backdoor']) && $_GET['check_backdoor'] == '' && !isset($_POST['clean'])) { $backdoor_checker = new BackdoorChcker(); $strDirectory = '.';
if (isset($_POST['chk_dir']) && $_POST['chk_dir']) {
$strDirectory = $_POST['chk_dir'];
} $arBadWord = array();
if (isset($_POST['bad_word']) && $_POST['bad_word']) {
$arBadWord = explode(',', $_POST['bad_word']);
} $arFileTypes = array();
if (isset($_POST['file_types']) && $_POST['file_types']) {
$arFileTypes = explode(',', $_POST['file_types']);
} $arExcludeFileTypes=array();
if (isset($_POST['exclude_file_types']) && $_POST['exclude_file_types']) {
$arExcludeFileTypes = explode(',', $_POST['exclude_file_types']);
} $arExcludeFiles = array();
if (isset($_POST['exclude_files']) && $_POST['exclude_files']) {
$arExcludeFiles = explode(',', $_POST['exclude_files']);
}
$arExcludeFiles[] = basename(__FILE__); $nMinFileSize = ;
if (isset($_POST['min_file_size']) && $_POST['min_file_size']) {
$nMinFileSize = $_POST['min_file_size'];
} $nMaxFileSize = ;
if (isset($_POST['max_file_size']) && $_POST['max_file_size']) {
$nMaxFileSize = $_POST['max_file_size'];
} $nLimit = ;
if (isset($_POST['limit']) && $_POST['limit']) {
$nLimit = $_POST['limit'];
} $backdoor_checker->start($strDirectory, $arBadWord, $arFileTypes, $arExcludeFileTypes,
$arExcludeFiles, $nMinFileSize, $nMaxFileSize, $nLimit); } if($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['clean']) && $_POST['clean'] == ''){
$mycleaner = new Cleaner();
if($_POST['delInstallDir']){
if($mycleaner->delInstallDir()){
echo $_POST['delInstallDir'];
}else{
echo -;
}
} if($_POST['myadId']){
$myadId = intval(str_ireplace('myadId', '', $_POST['myadId']));
if($mycleaner->delMyadData($myadId)){
echo $_POST['myadId'];
}else{
echo -;
} } if($_POST['mytagId']){
$mytagId = intval(str_ireplace('mytagId', '', $_POST['mytagId']));
if($mycleaner->delMytagData($mytagId)){
echo $_POST['mytagId'];
}else{
echo -;
} } if($_POST['fileId']){
$bUpload = isset($_POST['upload'])? $_POST['upload']: true;
$fileId = intval(str_ireplace('fileId', '', $_POST['fileId']));
if($mycleaner->delBackdoor($fileId, $bUpload)){
echo $_POST['fileId'];
}else{
echo -;
}
} if($_POST['flinkId']){
$flinkId = intval(str_ireplace('flinkId', '', $_POST['flinkId'])); if($mycleaner->delFlinkData($flinkId)) {
echo $_POST['flinkId'];
} else {
echo -;
} } if($_POST['userId']){
$userId = intval(str_ireplace('userId', '', $_POST['userId']));
if($mycleaner->delUser($userId)){
echo $_POST['userId'];
}else{
echo -;
}
} if($_POST['new_admin_dir']) {
if ($mycleaner->chgDefaultAdminDir($_POST['new_admin_dir'])) {
echo $_POST['new_admin_dir'];
}else{
echo -;
}
} die('');
} if($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['update']) && $_POST['update'] == '') {
$miscer = new Misc();
return $miscer->update();
}
?> <!DOCTYPE html>
<html lang="zh"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="Content-Type" content="text/html; charset="gb2312" />
<style>
body {
font-family: "Helvetica Neue", Helvetica, Microsoft Yahei, Arial, sans-serif;
background-color: #f8f8f8;
color: #;
}
a {
color: #09c;
text-decoration: none;
}
a:hover {
color: #08a;
text-decoration: underline;
}
input{
border: 1px solid #CCCCCC;
border-radius: 3px 3px 3px 3px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
color: #;
display: inline-block;
line-height: normal;
padding: 4px;
width: 350px;
}
.hero-unit {
margin: auto auto;
font-size: 18px;
font-weight: ;
line-height: 30px;
border-radius: 6px;
padding: 20px 60px 10px;
}
.hero-unit>h2 {
text-shadow: 2px 2px 2px #ccc;
font-weight: normal;
}
.btn {
display: inline-block;
padding: 6px 12px;
margin-bottom: ;
font-size: 14px;
font-weight: ;
line-height: 1.428571429;
text-align: center;
white-space: nowrap;
vertical-align: middle;
cursor: pointer;
border: 1px solid transparent;
border-radius: 4px;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
-o-user-select: none;
user-select: none;
}
.btn:focus {
outline: thin dotted #;
outline: 5px auto -webkit-focus-ring-color;
outline-offset: -2px;
} .btn:hover,
.btn:focus {
color: #ffffff;
text-decoration: none;
} .btn:active,
.btn.active {
outline: ;
-webkit-box-shadow: inset 3px 5px rgba(, , , 0.125);
box-shadow: inset 3px 5px rgba(, , , 0.125);
} .btn-default {
color: #ffffff;
background-color: #;
border-color: #;
} .btn-default:hover,
.btn-default:focus,
.btn-default:active,
.btn-default.active {
background-color: #3a3c3c;
border-color: #2e2f2f;
}
.btn-success {
color: #ffffff;
background-color: #5cb85c;
border-color: #5cb85c;
} .btn-success:hover,
.btn-success:focus,
.btn-success:active,
.btn-success.active {
background-color: #4cae4c;
border-color: #449d44;
}
.btn-primary {
color: #ffffff;
background-color: #428bca;
border-color: #428bca;
} .btn-primary:hover,
.btn-primary:focus,
.btn-primary:active,
.btn-primary.active {
background-color: #357ebd;
border-color: #3071a9;
}
.main {
width: 960px;
margin: auto;
}
.title, .check {
text-align: center;
}
.check button {
width: 200px;
font-size: 20px;
}
.check a.btn {
color: #ffffff;
text-decoration: none;
}
.content {
margin-top: 20px;
padding: 15px 30px 30px;
box-shadow: 1px 1px #aaa;
background: #fff;
}
dt {
font-size: 25px;
}
table {
width: %;
border-collapse:collapse;
border-spacing: ;
}
th, td {
text-align: left;
}
td {
border-bottom: solid 1px #e0e0e0;
height: 40px;
vertical-align: top;
line-height: 40px;
}
.item_t td {
border-bottom: ;
}
.item_y {
word-wrap: break-word;
word-break: break-word;
width: 860px;
color: Red;
text-indent: 1em;
padding-bottom: 10px;
}
.yt, .yv {
line-height: .7em;
}
.yt {
color: #f00;
}
.yv {
color: #00f;
}
.item_n {
width: 860px;
color: #0a0;
text-indent: 1em;
}
.ads>ul {
list-style: none;
padding: ;
}
.ads>ul>li {
float: left;
padding-right: 20px;
}
.foot {
text-align: center;
font-size: 13px;
}
.clearfix:before,
.clearfix:after {
display: table;
content: " ";
}
.clearfix:after {
clear: both;
} </style>
<script src="http://www.knownsec.com/static/js/jquery-1.6.4.min.js"></script>
</head>
<body>
<div class="main">
<div class="hero-unit">
<h2 class="title">DedeCMS顽固木马后门专杀工具 V 2.0</h2>
<div class="check">
<a id='check' class="btn btn-success" href="?check=1" onclick="this.innerText='正在扫瞄...'">Dede安全扫描</a>
<a id='scanmod2' class="btn btn-success" onclick="this.innerText='正在扫瞄...';scan.submit();">快速木马查杀</a>
<a id='check_webshell' class="btn btn-success" onclick="topmodscan()">高级木马查杀</a>
<a id='logout' class="btn btn-success" onclick="logout()">注 销</a>
</div>
</div>
<div class="content">
<table>
<thead>
<tr>
<div id='scanmod' style='display:none;'>
<form name="scan" method="post" action="?check_backdoor=1">
检测目录:
<input type="text" id="chk_dir" name="chk_dir" /> 不填写为根目录。如:data
<br />
关键字:
<input type="text" id="bad_word" name="bad_word" value="eval,cmd,system,exec,_GET,_POST"/> 每个关键词用,分割。 如:eval,system
<br />
正则匹配模式:
<input type="text" id="BackdoorReg" name="BackdoorReg" />
<br />
扫瞄的文件后缀:
<input type="text" id="file_types" name="file_types" value="php,inc,htm"/> 不填写为所有文件类型,每个关键词用,分割。如:php,inc
<br />
不扫瞄的文件后缀:
<input type="text" id="exclude_file_types" name="exclude_file_types" /> 每个关键词用,分割。如:gif,jpg
<br />
不扫瞄的文件名:
<input type="text" id="exclude_files" name="exclude_files" value="data/common.inc.php,index.php,config.php,index_body.php,member_do.php,sys_info_pay.php,mychannel_main.php,group/postform.php,group/reply.php,include/common.inc.php,include/mail.class.php,include/Lurd.class.php,include/payment/alipay.php,include/payment/bank.php,include/payment/cod.php,include/payment/yeepay.php,include/helpers/debug.helper.php,include/request.class.php,include/dedecollection.class.php,include/dedetag.class.php,include/dialog/config.php,include/taglib/php.lib.php,include/FCKeditor/fckeditor.php,include/smtp.class.php,include/zip.class.php,install/common.inc.php,include/json.class.php,include/sphinxclient.class.php,plus/bshare.php,install/index.php,plus_bshare.php,index_body.htm,index_body_move.htm,mychannel_main.htm,ajaxfeedback.htm,feedback_templet.htm,api/uc.php,uc_client/client.php,uc_client/control/pm.php,uc_client/model/base.php,uc_client/model/misc.php,ask/libraries/FCK/fckeditor.php" /> 如:data/common.inc.php,install/index.php
<br />
<!--最小文件大小:-->
<input type="hidden" id="min_file_size" name="min_file_size" />
<!--最大文件大小:-->
<input type="hidden" id="max_file_size" name="max_file_size" />
<!--最多文件个数:-->
<input id="limit" type="hidden" name="limit" />
<input type="hidden" id="mod" name="mod" value="" />
<br />
<input class="btn btn-success" style="width:100px;" type="submit" value="开始扫瞄" onclick="this.value='正在扫瞄...'" />
</form><button class="btn btn-success" style="width:100px;" onclick="clera();">重设</button>
</div> <?php
if(isset($_GET['check']) or (isset($_GET["check_backdoor"]) and $_SERVER['REQUEST_METHOD']=='POST')){
echo <<< END
<th colspan=""><center>检测结束了,你有必要及时处理相关项目!</center></th>
END;
}
?>
</tr>
</thead>
<tbody>
<?php
if(!isset($_GET['check']) and !isset($_GET['check_backdoor'])){ echo <<< END
<center><a class="jl" target="_blank" href="http://bbs.anquan.org/forum.php?mod=forumdisplay&fid=162">使用教程</a> 安全联盟站长交流群:</center>
END;
} ?>
<?php
if(isset($_GET['check']))
{ echo <<< END
<tr class="item_t"><td class="item"><center><font size="" face="verdana">DedeCMS安全设置相关检测</font></center></td><td></td></tr>
END;
if(isset($_SESSION['aVersion'])){
$version = $_SESSION['aVersion'];
if($version[]){
echo <<< END
<tr><td class="item_y">、您的网站使用的DedeCMS不是最新版本,请下载安装最新版本。<br/><font size="" color="blue"> 友情提示:您使用的DedeCMS版本为$version[],官方最新版本为$version[]</font></td><td><a class="btn btn-success" href="http://www.dedecms.com/products/dedecms/downloads/" target="_blank">更新版本</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的网站DedeCMS版本为最新版本。</td><td ></td></tr>
END;
}
} if($_SESSION['bExistInstall'] == true){
echo <<< END
<tr><td class="item_y">、您的站点存在安装文件目录,请您务必删除!</td><td id="delInstallDir" name="delInstallDir"><button class="btn btn-success delete">删除文件</button></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在安装目录。</td><td></td></tr>
END;
} if(file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'dede'.DIRECTORY_SEPARATOR.'config.php')){
echo <<< END
<tr><td class="item_y">、您的站点后台目录为默认目录(dede),建议您修改目录名!<br/><font size="" color="blue"> 友情提示:用本工具修改后台目录名后,请清空下浏览器缓存文件。</font></td><td id="RenAdminDir" name="RenAdminDir"><button class="btn btn-success RenAdminDir">修改目录</button></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点后台目录已修改。</td><td></td></tr>
END;
} if($_SESSION['bWrongSetting']){
if (!get_magic_quotes_gpc()) {
echo <<< END
<tr><td class="item_y">、您网站的DedeCMS会员中心开启,并且php魔术引号关闭!<br/><font size="" color="blue"> 友情提示:会员中心存在多个安全漏洞,如果没有必要请关闭用户中心!并在php.ini里设置 magic_quotes_gpc=on 打开魔术引号可加强安全防御。<br/>关闭用户中心的操作步骤为:登陆后台-->系统-->系统基本参数-->会员设置-->是否开启会员功能(选择“否”)-->确认 </font></td><td></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_y">、您网站的DedeCMS会员中心开启!<br/><font size="" color="blue"> 友情提示:会员中心存在多个安全漏洞,如果没有必要请关闭用户中!<br/>关闭用户中心的操作步骤为:心登陆后台-->系统-->系统基本参数-->会员设置-->是否开启会员功能(选择“否”)-->确认</font></td><td></td></tr>
END;
} }else{
echo <<< END
<tr><td class="item_n">、您网站的DedeCMS会员中心关闭。</td><td></td></tr>
END;
} foreach($_SESSION['aUserList'] as $key => $value){
$key = htmlentities($key);
$value[] = htmlentities($value[]);
$value[] = htmlentities($value[]);
if($value[]) {
echo <<< END
<tr><td class="item_y"><div class="y">、发现管理员帐号:$value[] 存在弱口令:$value[] <br/><font size="" color="blue"> 友情提示:请先确认该帐号的是否合法,如果为黑客建立请直接点击删除用户!如果是合法管理员,请到后台修改密码!</font></div></td><td id="userId${key}" name="userId"><button class="btn btn-success delete">删除用户</button></td></tr>
END;
} else {
echo <<< END
<tr><td class="item_y"><div class="yv">、发现管理员帐号:$value[] 请确认该帐号的是否合法!</div></td><td id="userId${key}" name="userId"><button class="btn btn-success delete">删除用户</button></td></tr>
END;
} }
echo <<< END
<tr class="item_t"><td class="item"><center><font size="" face="verdana">DedeCMS“高危”漏洞检测</font></center></td><td></td></tr>
END;
if($_SESSION['bFlinkEvil']){
echo <<< END
<tr><td class="item_y">、您的站点存在"后台友情链接xss漏洞"!<br/><font size="" color="blue">友情提示:该漏洞属于高危安全漏洞,攻击者可以通过flink.php申请友情链接时,注入恶意代码。可直接攻击管理后台。目前官方还没有推出该漏洞补丁,安全联盟考虑到这个漏洞已有黑客使用攻击网站,我们开发了该漏洞补丁文件,请点击下载安装。<font></td><td><a class="btn btn-success" href="http://tool.scanv.com/dedekiller/flink-fixed.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存"后台友情链接xss漏洞"。</td><td></td></tr>
END;
} if($_SESSION['bSearchEvil']){
echo <<< END
<tr><td class="item_y">、您的站点存在“/plus/search.php SQL注入漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为高危安全漏洞,攻击者可通过该漏洞最终控制网站权限,目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20130121.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/plus/search.php SQL注入漏洞”。</td><td></td></tr>
END;
} if($_SESSION['bFeedBackEvil']){
echo <<< END
<tr><td class="item_y">、您的站点存在“/plus/feedback.php SQL注入漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为高危安全漏洞,攻击者可通过该漏洞最终控制网站权限,目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20130402.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/plus/feedback.php SQL注入漏洞”。</td><td></td></tr>
END;
} if($_SESSION['bFeedBackajaxEvil']){
echo <<< END
<tr><td class="item_y">、您的站点存在“/plus/feedback_ajax.php SQL注入或XSS漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为高危安全漏洞,攻击者可通过该漏洞最终控制网站权限,目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20130606.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/plus/feedback_ajax.php SQL注入或XSS漏洞漏洞”。</td><td></td></tr>
END;
} if($_SESSION['bExistVul'] == true){
echo <<< END
<tr><td class="item_y">、您的站点存在“/include/dedesql.class.php 变量覆盖漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为90sec.php等顽固木马后门的终极元凶,目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20130607.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/include/dedesql.class.php 变量覆盖漏洞”。</td><td></td></tr>
END;
} if($_SESSION['bUploadSafeEvil'] == true){
echo <<< END
<tr><td class="item_y">、您的站点存在“/include/uploadsafe.inc.php SQL注入漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为高危安全漏洞,攻击者可以通过该漏洞获取网站数据。目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20140225.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/include/uploadsafe.inc.php SQL注入漏洞”。</td><td></td></tr>
END;
} if($_SESSION['bMemberBuyActionEvil'] == true){
echo <<< END
<tr><td class="item_y">、您的站点存在“/member/buy_action.php SQL注入漏洞”!<br/><font size="" color="blue">友情提示:该漏洞为高危安全漏洞,攻击者可以通过该漏洞获取网站数据。目前该漏洞官方已经推出了相关补丁,请点击下载安装补丁。升级到最新版本DedeCMS也可以防御。</font></td><td><a class="btn btn-success" href="http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20140225.zip" target="_blank">下载补丁</a></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点不存在“/member/buy_action.php SQL注入漏洞”。</td><td></td></tr>
END;
} echo <<< END
<tr class="item_t"><td class="item"><center><font size="" face="verdana">DedeCMS数据库里的恶意代码检测</font></center></td><td></td></tr>
END;
foreach($_SESSION['aEvilMyadData'] as $key => $value){
$key = htmlentities($key);
$value[] = htmlentities($value[]);
$value[] = htmlentities($value[]);
echo <<< END
<tr><td class="item_y"><div class="yt">、数据库dede_myad表中发现可疑数据:</div><div><font size="" color="blue">$value[]-$value[]</font></div></td><td id="myadId${key}" name="myadId"><button class="btn btn-success delete">删除数据</button></td></tr>
END;
}
if(!$_SESSION['aEvilMyadData']){
echo <<< END
<tr><td class="item_n">、您的网站数据库dede_myad表中没有检测到可疑数据。</td><td></td></tr>
END;
} foreach($_SESSION['aEvilMytagData'] as $key => $value){
$key = htmlentities($key);
$value[] = htmlentities($value[]);
$value[] = htmlentities($value[]);
echo <<< END
<tr><td class="item_y"><div class="yt">、数据库dede_mytag表中发现可疑数据:</div><div><font size="" color="blue">$value[]-$value[]</font></div></td><td id="mytagId${key}" name="mytagId"><button class="btn btn-success delete">删除数据</button></td></tr>
END;
}
if(!$_SESSION['aEvilMytagData']){
echo <<< END
<tr><td class="item_n">、您的网站数据库dede_mytag表中没有检测到可疑数据。</td><td></td></tr>
END;
} foreach($_SESSION['aEvilFlinkData'] as $key => $value){
$key = htmlentities($key);
$value[] = htmlentities($value[]);
$value[] = htmlentities($value[]);
echo <<< END
<tr><td class="item_y"><div class="yt">、数据库dede_flink表中发现可疑数据:</div><div><font size="" color="blue">$value[]-$value[]</font></div></td><td id="flinkId${key}" name="flinkId"><button class="btn btn-success delete">删除数据</button></td></tr>
END;
}
if(!$_SESSION['aEvilFlinkData']){
echo <<< END
<tr><td class="item_n">、您的网站数据库dede_flink表中没有检测到可疑数据。</td><td></td></tr>
END;
} }
?>
<?php
if(isset($_GET['check_backdoor']) && $_SERVER['REQUEST_METHOD']=='POST')
{
$aBackdoorFilesName = array(); foreach($_SESSION['aBackdoorFiles'] as $key => $value){
array_push($aBackdoorFilesName,$value[]);
} $aBackdoorFilesName = array_unique($aBackdoorFilesName); foreach ($aBackdoorFilesName as $k => $v) { $keyy=""; foreach ($_SESSION['aBackdoorFiles'] as $key => $value) {
if ($value[]==$v) {
$keyy = htmlentities($key);
}
}
$BackdorCode = @file_get_contents($v);
$BackdorCode = htmlspecialchars($BackdorCode);
//var_dump(dirname(__FILE__));
$v = str_replace(str_replace("\\","/",dirname(__FILE__)), "", $v);
echo <<< END
<tr><td class="item_y"><div class="yt" onmouseover='document.getElementById("code${keyy}").style.display=""'>发现可疑文件:$v</div></td><td id="fileId${keyy}" name="fileId"><button class="btn btn-success delete">删除文件</button></td></tr>
<tr id='code${keyy}' style='display:none;'><td class="item_y"><textarea onmouseout='document.getElementById("code${keyy}").style.display="none"' name='str' style='width:99%;height:450px;background:#ffffff;'>$BackdorCode</textarea></td></tr>
END; }
if(!$_SESSION['aBackdoorFiles']){
echo <<< END
<tr><td class="item_n">您的网站数据没有检测到可疑后门文件。</td><td></td></tr>
END;
}
}
?> </tbody>
</table>
</div>
<br><br>
<div>
<?php
if($_GET['check'] or $_GET['']){
echo <<< END
<table>
<tbody>
<thead>
<tr>
<th colspan="3s"></th>
</tr>
</thead>
</tbody>
</table>
END;
}
?> <div class="foot">
<ul class="clearfix">
<a target="_blank" href="http://www.knownsec.com/">知道创宇</a>
<a target="_blank" href="http://www.anquan.org/">安全联盟</a>
<a target="_blank" href="http://zhanzhang.anquan.org/">安全联盟站长平台</a>
<a target="_blank" href="http://www.jiasule.com/">百度加速乐免费网站加速防火墙</a>
</ul>
Copyright&nbsp;&copy;&nbsp;<a href="http://www.knownsec.com/">knownsec.com</a>. All rights reserved.
</div> </div>
</div>
<?php
print "<script>var ver=".VERSION.";</script><script src='".UPDATE_URL_JS."'></script>";
?>
<script> function logout(){
document.cookie='dedekillerpwd=0';
document.cookie='flag=0';
location.reload();
} function topmodscan(){
document.getElementById("scanmod").style.display="";
document.getElementById("exclude_files").value="";
document.getElementById("bad_word").value="";
document.getElementById("file_types").value="";
document.getElementById("mod").value="";
document.getElementById("BackdoorReg").value="#(exec|base64_decode|edoced_46esab|eval|system|proc_open|popen|curl_exec|curl_multi_exec|parse_ini_file|show_source)\\s*?\\(\\s*?\\$(_POST|_GET|_REQUEST|GLOBALS)#is";
} function clera(){
document.getElementById("exclude_files").value="";
document.getElementById("exclude_files").value="";
document.getElementById("bad_word").value="";
document.getElementById("file_types").value="";
document.getElementById("chk_dir").value="";
document.getElementById("BackdoorReg").value="";
} $(function() {
var $btns = $('.delete');
$btns.click(function() {
if ( !p_del(del_msg) ){
return false;
}
var key = $(this).parent()[].getAttribute('name');
var value = $(this).parent()[].id;
data = {};
data['clean'] = ;
data[key] = value;
data['upload'] = ;
$.ajax({
type: 'POST',
url: location.href,
data: data,
success: function(data) {
if ( data ) {
$('#' + data).prev().removeClass('item_y').addClass('item_n').html(del_suc).end().children().remove();
}
}
});
}); $('#RenAdminDir').click(function(e) {
newAdminDir=prompt("请输入后台目录名", "");
if (newAdminDir == "" ){
alert('您输入的目录名为空,请输入目录名!');
return false;
}
if ( !p_del(ren_msg) ) {
return false;
}else {
var key = $(this).parent()[].getAttribute('name');
data = {};
data['clean'] = ;
data['new_admin_dir'] = newAdminDir;
$.ajax({
type: 'POST',
url: location.href,
data: data,
success: function(data) {
if ( data ) {
$('#RenAdminDir').prev().removeClass('item_y').addClass('item_n').html(ren_suc).end().children().remove();
}
}
});
}
});
}); var del_suc = "删除成功了!";
var ren_msg = "您确定要修改后台管理目录名吗?";
var ren_suc = "修改成功!";
var del_msg = "删除前建议先进行备份要删除的文件或数据,确认要删除?";
function p_del( msg ) {
if ( confirm( msg ) ){
return true;
}
else {
return false;
}
}
</script>
</body>
</html>

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAA8MAAADfCAIAAABd65YcAAAgAElEQVR4nO3d3X8TZf4/fv+LPdzD3+H34DowPZA+vp/dlV2XXaUfhV+XrlWEgli1y+6iZdEKUpHdrnw+iGK5q1CxuFTQiLaLxbZowl2wTdrmdpLJ3eS2aZqbJlOWx2O+B9dkMkkm6XRKqZTX85EDaJPJlavTzmuueV/XPMIDAAAAAMDiPbLSDQAAAAAAeCAhSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAAAAFogSQMAAAAAaIEkDQAAAACgBZI0AAAAAIAWSNIAAAvgLuwghOy4wOXz+ZVuizqpeDzOThiNIxdOHzq4a8vG9fXrj1vy+Yr2pyaO79pzmV2ZRgIAPPiQpAEAFkCT9PbP2JmZmVQqNTc3t6LNScVF7ITRaDQajZf6Dh06dOjgri0bN27c+Ks6omzTx2PJZDKdThfzNHeprY4QUtf00Y/T6fTyfa6J478lhNTtuhzTciqSMh16dsfxEUdc1bM54/Eduy7g5AAA7g8kaQBYbqaDVbIdIe+a8vl88PMdVZ8gt+PzIB1VrbFB9d41KYzRKqNJuuWsPRQKxWKxdDqt9jWL9ls6dLzkTa558plnnn5pz4EDH53RD34zapqamnKwbDAYnJ6ezmaz0jZz7v7tOkKI7ukDl32JRDabVd+59OexcFfEL++qI4SsP2qaTSQSyWRS3oCFsRe2FD5U01u9N3yZqm/KGY9vqadP3f6FN51OZ7NZ2ZM1/kgUPnNJAzTvjYvYAwHgJwtJGh4yNY569es3btn13uem4LIe28QGSKFwaeKOkb632zauF+ND3a/oR/DMKmyZu7DjVxs3tr196L2+r4z2WK3NpljTyIXTh95u27jxVzs+V+iQFGu6cGjXluL4Z/36jW37+obtMaUPZXq3aqfvG43FZpi+7aqSR8sntmgikUinr1ffoHr7RmOxmZmZkjHaKmgE23LawjBMIBCYnZ1d4OfCa45t0mdM53K56pvU/eJp6qU9Bw688847J/oGvvnmm5Fb1snJSbvH43a73W43wzAul8vlcjmdTqfTyTCM3+8vT9K53Iy1b4uOEEKePWYMTU/fOLCItk5PT8/OztYezJ44vp4QovvzJVc4HAgEotGoqlMRmVzUfKFz2y904md/Zufxq87pkv5JscUQrdvw+qc3nKFQOBxOJBKytt2LJN3yiT0WSyaTmUymsNkau3dtKvZAOphPSN27poX/XDj6NhJCCmdjtZ4p/t0o/PrWr9+y63SVX96aGzm9a4v4t6fuV4U/AIvYAsCqgCQNDxk140drnj95O146mnXPG7C9z5WggUnru7CX9mysdh2f6J7pvOwp+wglOWJbn2d2NpPJVMY1nufjl3fJn+lKJGZnZ6XowI0crP7GZM3zJ8YS5ZvN5XIzMzOhUEhKeBT9bygUmp6ejsfjwWDQ7XYzphObCSG/7hpiyrnd7mAwmEj8cIAQQvZ/x3Hyrak2sIcQQvYMuN0cx83MzCh2gpyYpD820zCqKknz/NzcXCKRED/Uwr6UWhUIBKanpyvjqTg0/onN6/W6qivrXpZlfT5fIBCgA+plwTefz6dSqYj5k5dfPmN0ufx+fyKRmJmZiUQiXq+3Wsvpj2jzCZPX65WS8T24UqAw4lvcf4Ke218efrlBJ+1p+78cC+dyAePpXeIOWferbR8OT4VCLMu6XC6fzxePx+WnDfl8fnZ2NhwOezyeyo9GdwuyZ6DGD8ntdns8nnA4PDs7W2gnTdKL2hvV74ETx2iU1r15hYvXHs4vpO6m01OJGmc4qYnjzyr//q55+XNrtb8J5dgLOxQ3otvWa4kt1x9PgJ8kJGl4yIhH+5aPzf6yg5vVbL42cHSneKD+/dujwVQqpeqgorUBwWCwdMxMtZTpEM0OdRv/fOLft2x+v9/v8XgYq/wjrHnpXxb50bSQpFu2bCGEvHDaEojH45lM5bVyGqRf3LaNEELICz1jXm8kEqHRIWU6uJ4QQshT7b3fmmzuQIBlWYZhbJbiO+uePnqz9CRhUUna3PcyIWTtwQGLxTIxMWGz2eTPp0n6HUII2TfAMFNTUzabTR4f5TmvZo7Z/eXUFMMw0Wh0wR/B/UjStNHrj1yenHS5XJFIpDIzSc2w2WxTU1N0mJlmO6/X6/P5/H5/MBgMhUKRSCQSiUSj0VgsNj09Tcu7M5nM3Nyc9EMRp1F+Hpybm5Pypc/ni0ajiURCTZJ+7iODzWaTOuQeJGmFEV+e5/l8Pp9Op2OxmN/vZxjT18f3/PGxsgD3y20fXr7FRHw+H8MwDofDXQipZacNCyfp9i/MZvPk5KTdbq/84IpJ+kDNvXGJeyDz6R/pJ3z9kiMUCiWTySoh1XSQRtvW8za/3+/3x2Kxsm7keanShuiaur422Ri/3+PxWE1DJ3f+jv7d2zvsSyaTC/1GsH3P0r8Cu89eszN+v8djNw0d3UZ/KI3HLNHosvzxBPhJQpKGh4x4tN/afc1msVisVmvZYc/lMh57XkcIIb9+49/ekIqDisYGHLtudzqd4XB4cTWjPF8cDnrqrW/sMb/f73a75YORxY9ANp+ZLIaJQpJ+68iRDYSQ57uv0QHI8gMeDdJNvSf3EkIIee7oD5OTLMtOT0/ncm56BH2ic8QbCpW9L8MwLuOHz4sH01u0npge9WkSmpmZicVi0VKxwgXuVCqVSCSi0cDXewghv/nnFbfVanU4HD6fj4ZCilZ3SNnFbrezLCsFR8r2yVZCyJaPzSzL+v1+miyl70YiI/sIIeTNr+x2mmP8/S8uLQCKyuqG8/l8Ou3t20YIIfsuRyRRJZGRAzpCyAu912w2hmEikUi1MektH5sdDofL5QoGg1JWpgPJ9NIBTcy5XC4vU7kbyadRJpPJRCIRjUZpRUQqlUomk/F4XLGpUg9vPnHL4XDITy3S6XRpBDce3UgIIS09tycmJsxm88TEhGJCrZ5Ti52ZyWRmZmbC4TBj+vbEno06edevaXzlyNfXbG6n0+l2u/1+Pz33q/zlymQyyWSycj+MRqN0tyB/uzQxMUE/l+IPK1ZR3aG6HKbMG9IeWOOPzFxE30qf/pdPrQyjeIrF83zK+DZNyO1fu6xWK/3bUllFwxZ+gS/7wm632+Fw0H2p+Edj44e3g8GyM5By4uj3K5/ZIh6Pp7iRkQ83EkLI2n9ecUcikSVccAN4kCBJw0NGDLJbuq/Zpqam6ICodLyMRCLhcNjPfPGaeEwxhkKhVCp1L48HhQYcu253OBzhcFhh3KimwqDS9k8sUXoYoxeypZFI+UfQ7broCQaTyWQulysk6Y4vv33/KUJI8we3XK7KBtAg/czHY5ffJIQQ0vzB9xaL2+2Ox+O5QP8OQgjZcPJmmGEYu91OB4nD4TB961AodLlDRwgh64/8wLKV19arUVPC+u6tHE2HxVFAt9vtdtNsId8ancG49RNbMBiUjugyJS+/h0laqW6Yho4NZ8ZnEokE/ZZyFxjfJYSQvd8xDOPxeGKxWLU6aWlonP5Ya8flGuTTKKPRaCqVSqfT8ll6NX5egf4XidIgfVmStva/piOErP37JYuFDvQ6HI4aQ7U1kjTP83yKNX3+3l//WCiH/q/Nu08ODH99Yvdz/1VI1Y9tbP2fL6/ZE4mE0sWWBfbDW7Te+c1/22w2lmXpSWbVPbZoeZN0Ph+79Gf6/L+cM9uCwWAqlap4VmrkbUIIIb95f4hhpqamPB7P9PR0xS7EXdpBn2VkGIZe7QkEAvSPRvDKWzpCCHn+45vO2n/3TIfqCCHkzQEHy9psNqfT6ff7w+FwOOw6/yohhKz9+yA9917pVW4A7gckaXjIlAbZUCgkj1m5XC6bzc7Ozo6f/AM9IAwxTDQalWfNimk2735uqraCQXzi0sHCtJ769W3HjcF8XpyepJCk1W25MKj0wQ2WZenwHr2KTQscc7kcvVhvOPwb8tjvtv611+hy0TQpJWm9dejwekLI1o/HnDQGyd6FHpI3nrwZHniDEELIc0d/mJiQkvSLhBDyTPcPrM1mozE0nU7TdJjL5TKZTHiQBvCXPrltp5PzVCU8FUl632iUDpfmcrekKHz75OZFhZcdnwcrk/Tc3BwtHvD5fJUX/Ye6fld4te7Pn5hqxEG32+3z+UoW90jRgc4/X3CFOY4rm+1X2QHNZ35kGIamkMp+uxcz5sQFI3ilaZTqs3i1chf661MYzDad+gMhhGw/Y7FarVartezEVVHFiC+f4hzGC4d2PVuc3dr05xOXbro8Ho/VaqUlQJM3Lp890Px/Hy38nJ7ZeWpoMrrI6gLxV/PNyzabzev1JhIJdR1SrO6YnJxcVHXHF5OTCyZpnucT3++lpwo7Tt+QIn7JM+KX2gghhPzmf6/abDabTQzcle3P5/Ozs7OBQMButzudYmKmVzDS3n9tJYSQzd3XbFWCOCWupbL1zJTT6XQ4HMFgkF67m5ubs53bTAghTccMTmcoFFrsMAHAgwhJGh4yKoaE8/l8evKTpwkhpOHId3Y6+JfP52vM1Xnqdb2zbDle5ec+uX//67QB3ddssgao3rI4Pf+J/70adDgcTqeT47jKksR8Pp9Op8PhsMvlstvtNOsU1prr0Futg39fSwjZ9vFYoWyj8HKa/J44ejUYFJP0892GqSkxSUf//VdCCCG/3vPlbbs9EAhUHq3n5uamp6dZlrXZ6PH4+wVXNnjXlM8HP3+RELKtzxII0NHuyclJWn7jdDoL87MYv98fj8ez2Ruak3TLJ7bp6e/3E0LIXlVJeqjrd0S3bt1aQsijjz5KfrtfPz4u1SgvnKS5Cy8SQnTvDrjdDMPUuARBx/le7bczDFMtxt2TJC2dkFQbV1ajPEkbO5feMMmL/YHCZ2cvFee11f2y6c/HB8aYSCRQqM6nY9g+n8/n87Es63KND5//x2ZphPrJI9fiKXlpeG0/2SSdy5k/eIIQQsjWE+MuV2VJWGHH2NR9g50q1F4rnrPl6QTTSISOItPLGuK3LMefIIT+aaKV+lVaRa+ekI7LPrvdXpa5527SAfo3LtjtPp+velU3wOqBJA0PGXXFFbmcYT8hhJC/njO73e5YLDY3N+cQZ9msbz9jGPeFfT6f23b76uf7/n8dIYT8fu934eI15dSIWLW44e2BSU8wyLIO09DR7cVpUps/MlqlBqjfcmFVjbf1brf8GrTSR8glk8lwOEwPmalUSkrSX9lsjn//49eEkG2nzQwTiUSkTqAj0k98cNPr9YpJevMJo9UqJulc8vu9YrLRrX/pw0+vOuIK417pdDoajfr9fo7jZmYMC1773jcaTbj6thFCtp655XJVxhGaO9q/mHQ4HBzHZTI35IPKtLxEHoLF+XBHf6isKHC73T7f5b2EEPKWPEnTgfzp6enSEVLj+08S8oeTF069QAh59tChPz1Kmj+4Qotow+Fw5ZBqeXUH3d+2fnK7kKSrjUkbDxJCSMe3fqZQuVH5HPmMwwUrJWqga+H5zv9Ek3RJkczE8T/+8a9/7zOM+8J+v59lWTpL1ePx+MZ7thJCWs4yMzMzMzPT09N0b2cYZvzb03s2b3zjKztdP1tlwe7SkrQGqqo7eJ7P5/MTvRto35wy2SrOYAvz/176bMzptFqtPp9vZmamWuNppTitNZLvjeJWdG9dcjhqTeGgJ4dEt2/ATc/S5XE5b3pPRwj9A1tzYBtg9UCShoeM2jLlie7fEkLI88du0INKxnd+ByGE/Hb/d75AIMAwjNPppGnPNfK/Gwkh5HeHRv3T09OZTIZ3nF5PCCG/fXso6PV6HQ4HvZbqMp4ojKA+9+H3FrEBi9myeGH1uV6D00ljZY2leemldumQKVV3fGWzuVzfvKkjhLzSZ5Zf2adB+rfvGyMej2dQTNInZUk6Nzdz891nSuZ66X654dW9Pf3DZmkR67m5OTp9kJarzs3NzczMTJ2hc9RMxahbWFzD7Xb7zR9vJYRsOX3L5XI4HL7LHYQQsm+Ell/TCok9XzudTmcwGFyOJE1bXloKO2t6dz29n8jkma2EkOYPv7/6QTPRPXfympvW/CxUQVtYT3DvZfru1TMT9/kOQsi2nnEfwzA0Kik86SebpGdns9ns9PQ0DbIMwzB0BRbScOSKzWKxmM3mqakplQ0uG9rPZDLRaJQuyuF2u71eLy3tTbj6thNCtn/GzMzQezfSWa2RSCQQCHg8HpfL5fF4IpGIyqkOP9kkzfP8HPPpHwghhGw9ebM8oYrXqXS7v2FsNptUtFZja5U7Kp8yHvwtIYT8/n+v2u12l9LIt0hM0ltPmBi73R4MBkvei7uwvfAHlqkycRZglUGShoeM2iTNnX+REEI2n7hFjxaTn2wghJCXL9gDAXqfC6/XGwqFwuFwOOz7op0QQtb+4zJdDcNM14DddPqWz2e32+kCFOFwOBwOf0sn5JHnPhgdpw2YOrtR/ZbFSVFbTl+326utlVZGOmSWJmnX0Fs6QsjLfeZigQcN0rp3rgSDDMPQNEteOCVP0rlcbmaG+frIKxvKliEjhBCy5qlXuq9MRWXztPjCEng0jD73kcFisUwZPnqeEPLcR99bLHQxBylJ33a7PR5PbPRtQgjpNNJb4l1/hyYcL8MwlWPS4XCYDklWrixBx7Zp8JINGytUd1T2G40W6/95IxiLjfe8QAh57iPj1NQ3B9cRsvnEjxwnvzJeDQ05T5+4QVMd7UPF/fK9OkLImxed0mdU2C3pedTuLxg6zbTsc6l376s7KpK0GKTXHxk0my0WS7V6GJVJOhaLBYNB+nmnp6dTqVQ2m5UqgqZCIWmVxnw+L9VqcxxHlze5L2PSy1jdwfN8Ph/7/GX6l+Ojm06n/DqSuJDGE0euuN1Wq1XTSHBhccsn9n/t8tGZiPRCnMJzpSR9y6VwMi8m6a3HbjhU/oECeNAhScNDRnWS7heTtMlms/n95ovbCSHk6ZM3GYahF/fpgCudpMjQpc6eP3bL5QqHrf/aTgghvzlscDqd9AJoIpHIZrPZbDYq5tPnP7hqdjgc4bD1yxfVbzlMMyXZ8vG1wtFO/SFTnqQZhvH++29ilC7U74pBev8PXq+XYZgrbykkab6QbDweu3Ho86P//MvW9f9VMkZNiG7TB7dl9am0aJuWb4jp9taJFwghm09es9nsdrvP54s7PqXVHSaGYVk2fvVtQgh5+yqdoEZrB6ol6Wg0OufvV7n0Ry6XU5xxWN5ZdKXB9Qd+CCf8fv+Pp16gO4PT6Zz8eu/vCPl9x7e+cHjBiLbEJZbLltUzFSpA6EJvlWt3qMdXnzWofl+SvzaXyxXWMYxGo+7PXiKEkIajo3SJZZZl6QIvKrP+9PT0rOeze7KiyvbPWJWl0j/lJM3z/PRVurbGxiNXbbKJwmKQ/sPJMXrtq9pcwxoKy2qu3zvsk2ZWVC1xLiTp4zeddPy75E9o4bvHboglIph0CKsekjQ8ZNQmaTpGSDafvG2z2fz+b/9RlhaVvfGV3e73f0trrOlVeJrVpIGZnO3TZwgh5IWjP0w4HI5weLhrEVv2i8H6v49dsdnk6VaNsiQd9l16gxBCXvl03BUIBGZnY8P7CCF1ey77aR2quLzuCz1lSTqfz2cymXg8Tpeyttlsk5M/fnfp7NH24mpkui2fOqen5SuReT7fQgjZctbMMIzf/HELIWTrGToCHY/H5+hCdFt7S5L0W98xDOPz+X7YTxNOrSS9YOpSXPpDOUmzl/esJ4Ss/4chynGcx+Mxf7yFEPJCzxjDMCzr+Lbj94TotnxsUr75RWWXa7Xn6wAdgqUtlCfpQGDonUVtq+L2gfc2SdOvizk99tWrhBCy4ZjRT2+SEovFylYqXDjr35P5lYRsVXdLc/6nXd3B83wuaXhTRwghG94flX4fC8tIb+sZ91X+tVGDG3l7PSGE1G37dFJaDihaumBR6QuKSVohK9f+LsBqhCQNDxmVSVpcvIy8oXfTJK1uRtWeL6emPJ5BurTrCydvKxySC3WEhbU7htXlIbplT/wK3Xb7OfNSk3Qk4qfj46+dn2JZdjo0sJcQontrwBOU59fKJM3zPL2GTu9wwXEcrVF2Op0227VP/7KOEELI2ve+Y+U3ZzHJZ9SZP95GZLlZWl9PKUl7vV61SXpbnyUQoNXSDodjamrKYrFMTRmOPU9IlaU/FJK0eKG7bvtnDnozPK/Xa/ukhciCYyRiPPx7QshjL5410asN1fo8n88nEgmv1zs1NbVgZbPNZpuYmLBYLDbbNVpQv2eAoXUOdC+liyZ0XPa53e5g8MriknTF7QOXI0mLNA3Flw3A8wveJLJwo8XvK+6FKaewoEoVP/Eknc/nbx99ghBCNhwxiDdemRaXkX7pX2aGofebXNRyGXHjQTFG9035/X5aNUSXA6q6ETEr/+Yfl5WysrjWNJI0PESQpOEhozJJi5dMW07edttstkBgiCbpzSdvV7vBhBTdGGZgX+HJ0rGtuGVZHaHT6ZSStLotMzHPF38mhJBf/31woeqO1Mjb9evb3u4bYVOFdy5L0pHQN38hhJDX+q0M47u0hxBC3hx0er0MwwSDwWu0ZcUkffVdWeKhcrlcOp2m98MLh8PBYNDrvEiXF3nuIyONI2XjqQzDBCynaydpbuANQojunUUm6a290tIfFYGLtH8xYbfblV8u5ZhCsnjqnWu+wj2lQ6GQ57PtRBYcE4lEYqpvi45IYbpaEsoXFh3zeDw1MnSVkEjav5igawOn0+nCrMTne27SfvjuHUII2f8dxy1wN/LC/M7bpTc9+akl6cr72jxQSXrZqzt4ns+6zv6BEDqP0+/3JwMXXiWEEN3uAQ+d07yo5Mpe2kNj9KYPb7oLkzQCgcACNzgsnDnQGcDl1R3ij37vRQeqO+BhgSQNDxl1SVqqPTS6XHa7PRic+Gw7IYTo9gwseKs2jps830IIIb/uGqJJuiRnGMW7hRfGbKyL2TI3M+O/+AohhKz9x79rza8v3qthwxlzko5EylfBo8fvbHhgJyGEtJ+fmvpyNyGE7LnkcxduHEjzpixJO/S0hOLNf4cLt+uT3i6fz9NVmRMJ15mthBDy3EcGWQ8XUuAtH8MwwYkFkvT1I08QQrb0TTCLqu7Y2mtiGGl+pzT/sHcrIYT87Ss7vYtE8WbjZUlaLOoguu3/Gg+HafalwcJfOjmPrhQRHH33v3WEEF3j/wz5qo9M17g9dXXGw78pa3O6UHG07ZMxr9vt5rjvOgsBjtYiVw1wNHE+320ovfXdMiZpns9kMqFQyG63S4uCKzbNOnp022OEEKLb2DVkZbxeL50gKO1U6XS6UHsdtXzx2q5Tt/zSXdfFiaVStb31wq6t71+2Vd6V/b5Ud9yPJJ3PB2l519q/D7rdbs/5VkIIeeKD74rLt6uca8iNHNxYRwghddvOjLsDAZfLRW9VWPsaC8/zPM+ef4GQwr3iy2YciqfrzWd+cGDGITwskKThIaMmSRcWg97RZ7cXlsj48aMnCCHk1//8emKCHnIUp0/FYrGZmRkLXfy14eiViuutYkaXzcgRr9iq23I6nS7c8GzzsR8c5UtQFU0cX08IIWTbp5McFwqFEolEoZa4mKTn5iIXXyGE6PacP/+6jhDSdt7mZwp3BhHXCZFVdzCf/pE2/mOzn943sfKN87PDuwkhhOz614TNZiss6EYLE/Zf8nrdbjc3eUZK0jc+e/9LR1mS/u7IE4SQDcevBWiSNtyLOuk3Btx0ET3FJB03ibfG0W3oGvaF3W43vQc7DRb0JKRsgl06nfaP7KP3P3zsxWNj4YR0n+3yPlk0Gs5aTt52Fxb+y/DcpRcJIbqDgx4PwzChEB2T3jfAMHa7nWXZsvgokRLndbtdvn7IsibpbDZLK+lrxElT/54GHSFEt373ue8tlvHxcXrRoGy/opXXpuN/rCOEkI2nJsVbmucC/dtJsdre8eVOutT5mld6b3OpbDYrn46p5kMtKknfoypu0YvnfSobGfpCPJO+7LxJT1n/cMrsEk/4Vc41ZC+00Tuprn9dP+X3+xcTo3me58fp2kSv9VvKV8ETb1qu67xC662xCh48DJCk4SGzcJIuTGR/6u+XnV460hOPx7Ous5sIIYSs2623ezzT09N0QYB8Pp/Pez7fUUcIqdtnSOZy+Xw+5/50EyGE6J7vvlpySC5sW36Pw5SjV/2W8/l8Lhf4fJuOEELW7brwo+KdWQqDq+SpQ6PFKV9KSXqOLiqse+wxaR0PurxaKpUyVSTpuZnv6Jwn3Ya/D04oDoAVltPS7fnSKhZuplIpcTW45z+9wbIMw4StvdsJIVs/Ot21UUfIvtFo2vsvmopMDOO48LqOEEJaPxnz0saoWbtjwSRdfUzaPf7pqzRZ6JqOGnxht9vtcDjoYDndPSqDI61smZ2d9X73TgOdZ/nYs8eusul0ujD2r0Whcob2vZikabgUQ8qfvrCIN3kZfkf2Kejgn3IsD34uJU7xCsDyJ+nkrXebmv5yfGDM5i8fIY5Go9Goe/T9P9D7Dv35k5s2m42ulEcXZCwPcylHH01+dS+eHhMXAEkmk+W19XF27PzfxLXOdX84eMWpcvE7yQom6a29VpUD57mk4Q0dIeS/j3x27AVCCHnprM0vTfHRQuUAACAASURBVBNUkYOlv0FPvTHg8Pl8tKhDfYzmeT5nPvYEIYS8cOz70lU+WNopuo5v/Xa7fbETOQAeUEjS8JCpnqRTcc4xcnoXveap2947HqZr2NEbl+RySUPnU/Qo3bDzhNHmz2Qy+fxsnDUe30Jj2B/PjM/Qw2EmkzD8gz553c4TQ0wkks1m4xMXxHxLiGztjnA6Pa1+yzQtpeLX3vo9fcV/bf3fPpO9UC2dkn0EotvaO+5yuaxWKw0oAaUknQv0b5MO5ydv0en/tGhEIUnPzcWMnfSdyWMb/3ZicIItHClTcdZ04aDY4PV7v/M6ZfeOobdP+837RrF0xPbJ9sKb6jYfNTL+WCwWj8eDwaDbpn/z19L3Gv50fNgTDNLl1ei9OWpXd9x0OmvXSVcm6cDo+/THsublM9c9QTq8RzcrrT1SLTjOzc0lk0n2xglaokAee/miLcJ+Jn24RRNrhWldNmk5bWJcLlcoFMpkEjRIb+21Mgzjdruj0VF5kq5VIUCniMlraZY7SacmTj8rfaY1TX8+eWXKJ50K5mftYjLWbf94LCSNiXq9Xjq3Up5fU47Cb81Tbw04xOViaMlNRZKOZzKZuOPKoWfpD0P39K5eS2zhbCpZbHWHdId5pjBblJZrq6juYFwul/wl9NqLmmLufD5vOvoEIWTt2rWEEN3remth9Uw1cw25wu3XW85O0JU6aG20+hjN83w+7znTRHf4lvcHr3PxeC6XZE2nxZHuTR9f93hsNlvtWy0CrBpI0vCQUTMXas0rp275GYax2+0ej4cu4MXzfDrtvbT3aeU163Qb3v3W7ff7/X4/PRxmMq6Lu54sf1rdxn90thNCZOtJhzOZzKK2zPP83NzctPf7I88q3Ryl8Kq9l6x0iTo6K0g2VlqSpPN5Ty89KJLnP7hqnpyclG7UUpmkc7lcJpNxj3b/sfo7E92GfV/b6FsXlj8bO/5bQsgTh38IMeKEwtfF524+MWq10hwQiUSiAdPJrTpCCNl6avTbD5oeI4SQx5498oMvkUgkwuFwKBSqtvhGNpsNh8MuhRmHjBR0qs049F05sK3z8kQw6HQ6abNp7YoUAmoERxqmOcd3XX/c1n1VfC29TYz8tosqidPjJs5uJoSQvQMMI1bDizfCfOVTe8DpdLIsm0j8sPCq2IXW3+8kzfP5/Kzz+r/2tfyyuFev2fSXU0NW63fvbqwjhOg2vEOTMf3gNMyVxuj4hJi4yZpXem/5IyzLulwueqY3OzurmKRnZmaCQfvQiZ3rxDfdcfqmryydV/3boDVJF3/KVuPAiT2bf7fthLH8J2s8sfm/Nr6878SXoyZr1Z+7iiTN83x2rPs3hV+2v/SP0ewuv1dLdYXisprki6gUht7FiyXShhI3upX/YK15+dPbAYfDIV1LWfDjADzokKThIVM9Sa958pnn/nSg9/JNm1+M0QzDhGV336D36rONnu14qWmdGCV1v3j6ubaPLl2zB6SX0BBGn2z+5oOXNtJFlh/7/Y7Dl61h/7f0zizFexzSm7Co3zJfmIkVjUYtVz8/squloUFax3nNk8/96UDvsInx0/jocDjEAbxcrmztDil7iTdZfP7YyNjY1NSUVL2gmKTz+fzs7Gwo5Bw5/+Hul5oaflfI1LpfPP3cnw70DlsCYoPpYGoqlZod3ldHCNl0xuT3u1wuv9/2VbuOELJmR9/3drvZbKZFIPHJ8+0bdIQQ8uRr/bcDLpdr6uaX722i89EaD1y2xmKxGgtC03UeOI7z+/0cx8nLCSKRCF2qLxAIKAbxTCaTSCTo4CjLstGKu+LVDo40TIdCIZqKgsEgnV+oOUmLM8l0B75xuRiGCYd9Nw78lhCie/OKg2XpIOLsrPGnnaTz6XQ6HA57Jr4//z+tG0tPvX75ct+tiJiMGXEqbfl6EdylNjolbtOHBmcoxDCM0+mkJyq0Tl3xc9HFGcPhsOd6759o2Y3uzcv+SCqVWrDMYLFJem5ubnZ2dnp6Ohqwmb79ZN/WXxSz5Ytnx32+4k0obV/8aU3x4+t+0dh2tM9o9svrXlRWd/A8n897TtOCsLUHvzKbaVWMUpVXBXUlKfJFVAqv2P6pczqRSEi/F3Nzc3H2eu/bL0t/sNY8+VzbR5eMNj89HaUn5CiShocBkjQ8dDKZDMdxtDTTarWWXYqlF5qdTqfH4ykes2WvpbdEpoUfdPlVeoyna26EQiHpJWVPlpYvkC7s0hmHdMB7UVvmZWHa6xXrKOTbdzgc9FVlGWV2dtbv90t3cKBfz+Vy8Xjc7XZLTaKDW/nCWshlywJIwZHWE5e9Ne09unhcMpmcm7lJl2f+0xduGitDoVB6+vo/2j+7HQjYbLapqSmP/frQkefEpPHUW5esYYYRb4jtdlsGujbSQPT0vq/dyeTc3NwSVvCVK0nSs7OzkUiEjnlX1tcuGBzpHf7oFqLR6MzMTDKZlN/AXD3vjY9fWUMIIbq/DU44HAzDRIy0/qTp5HjYJWbrcGFkXbV7WCddWCvw1fO2Gkmanp9wHMeyrMs19cOlY3ueL94O87GNL//Pv4Yt0gCzQgpM3fznX/8+zASDQbpfSSc59Mls3w5CFM4Q6GTQeDzu95vP79n81lcWt9sdHt57D3YZkThAm+Icpkt9+9rW1xe/tWbTzoNnvhtj/P5AICC1Np/P53JJt3mkd+9Lv5edVOh+uekvp74YZ2boc9T2v2xpFHoiWn3mcTn6y+7xeMxm8/j4uOJiQWUD5HNzc6lUanq6JElLZ0r0tJn+faN/u2hxVNlVHYBVDEkaHjo1VhWgVbxerzcYDMbj8cpxLCkfhEIhOuJI06HH4/H7/dFoVD6qVBYmpENUMBgMBAJ0iFRainhRW5a2T9cIk15C34JhGJZl6YG87FU0fNNRWzpQzcvWPPZ6vfKv8zxPv+73++XrEPOF4BiLxYLBoNfrdRdUvnXKdGg9IaSp91ogQM9PaL11KpWiWZz98bM/ifFK98zrn//IcTSg04v48Xg8Eon8eOH13xFCiG5H30QikVh0iFT2pvy+GHQJv0wmo7j+hprQSX+C6XRainrVl+YosFS/2K7b1nPTS895HOdb6gh56u8/OL1eh8NBh0sLA/OqLWHtjvjlXUotfPOi0+tyuWq8trAwYiIcDtPfOMePw+cOvbRBSpP//c9rwfLaaPnLp6en6b7t9/vjcccXFSXojSd+dLlcZQvA5fP5bDY7MzND9zGGYYJX3lpUb9XU8oktmgj/8M4Txb745aadH31muO0O0N90ee6XmjQ7O0vv9TM+8uWJPdukyznkySO3kkmVJShSz0grbcv/jCwol8vRF9Lz3hoXRmonab7wR4D+PaErr7vdbvr3KhaLqbkIALA6IEnDQ4ceAKRFasvE43F6wKALaFTbAk290iLB09PTySrHQnocok+W6hNmZ2cTiUTZkWmxW5a/ZGZmJh6P05fEYjH59ETFxtAF9aTv0uvUiURCfg88nuez2Sy9fl32db6wgLT00aS3ph9Q/taM/tj5ybjH43G5XMFgkCZyOgZPS4qnr3c1bT/6zW0PXUlAitH0Ltn0zuSM8djOvd9MuVyBQCCR+EFaAE71Cr5yi17NdymFELUoR9Q1T750+Otxn91uL0zbilz/6KPLvrBbXLWDXjRQvYxx4Q4mdD1pLWPSdOmVkhbu/cLkV1kOS3fRZDIZjUaDwSDLsg7Hj9/2vffShq0njK5AIDA9Pa04fjk3NzczMxMOhyORCJ0SR5fULsTXX2x9S3/N7bbb7YrFGHRwOhaLhUIhuojkggvz2e32yclJurI7LamqljWDweDkx88/9UrHx+ev3/YEpQBNr894vV669KT0W1N2qswwjNM5+cOlY3s2/+71z2307pvqwzTdGv1EZb/LC75QvkR3NfJSk2pJWmoGvTGTyr9XAKsPkjQ8pGqPFWrYgvony7+y9C1X+zgLPnnpX1f51nNzczTBFG7WneULo4Z0DJguJ0frjOkqznQ8TBrZzWaziUQiEAjQ0TJagBGNRpkFb0pSBS2wmZqaUpmkeZ6fnZ0NBAIMw9C1XBZ8vkrS4KK8ebTSVD73MZPJRCIR6TqGVGajshOkz1s2dqv+Q2WzWVp9JG2QBn2WZaUpubXli/fuSYTDYekO8x6PRz4bofJ96TC/dOkmlUqFw2GaXB0OB51TK52hVb4p3c3oRuQfYSlokp6enqbD3vRHRofGA4FAOByWzsbL2kPD/czMTDQapbX70hUYWr61qAC6qD8Rii+sQfElaja42MYAPOiQpAFgeeVyOTpqVW3okcYjOmApjeTlK0bTk8kknaE1MzNDB+RCoZDf7w8Gg4p3JKkhEokEg0G/3x8KheTVLDXIRzfv4YoEikma8vl8kYg4VY6OztILJtIwJ52oqqYTwuFwIBCorNJR/6HKkrTUwmg0qu5uIEVlQ9R0gqbKUVV5kpbKmYLBoJpF3GpfjFos6eISLX+ikwunp6fLLshU+xTySE3LvaIV81wB4IGAJA0Ay46uUlcjYdBgkUql6Eom1Z6TyWSkUuZ0Op1MJmmqlt/NTg2pJIbe91tNfKHXuGdmZmjNyZK6QyZfuOhfFtSkW1pKvVHZh+o7gQ4G088rr9JR/6HoD0jeTlrJU+PnteAHp+9e+4deiVYcSeUE8Xg8mUwuGF7l73uv8IUOTCaTagJ0tU5Ip9Ozs7OKY9gA8NOHJA0ADyop0Ny3ly/l7RZsiWJWU/lalc9c1NfVtFPlC++5n0IbAAB4JGkAAAAAAG2QpAEAAAAAtECSBgAAAADQAkkaAAAAAEALJGkAAAAAAC2QpAEAAAAAtECSBgAAAADQAkkaAAAAAEALJGkAAAAAAC2QpAEAAAAAtECSBgAAAADQAkkaAAAAAEALJGkAAAAAAC2QpAEAAAAAtECSBgAAAADQAkkaAAAAAEALJGkAAAAAAC2QpAEAAAAAtECSBgAAAADQAkkaAAAAAEALJGkAAAAAAC2QpAEAAAAAtECSBlgSY8D49vW3t367tWmwCY+lP96+/vZ4eBxdfT87Fn27fH370+/Y2jsGACwISRpAO2PAuGlg06bBTZsGNq34EXF1PGhnVh7a0dXL1LHo2+Xr2weiY2vsGACgBpI0gHb7ru37KR8jH9DHpoFN+67tQ1ffn45F3y5f3z4oHVttxwAANZCkAbRb8UPgqnxsGti09dut6Or707Ho2+Xr2xVv1VIaDwAqIUkDaLfih8BV/EBX35+ORd8uX9+ueHuW0ngAUAlJGkC7FT/4reIHuvr+dCz6dvn6dsXbs5TGA4BKSNIA2q34wW8VP9DV96dj0bfL17cr3p6lNB4AVEKSBtBuxQ9+q/iBrr4/HYu+Xb6+XfH2LKXxAKASkjSAdit+8FvFD3T1/elY9O3y9e2Kt2cpjQcAlZCkAbRb8YPfKn6gq+9Px6Jvl69vV7w9S2k8AKiEJA2g3Yof/FbxA119fzoWfbt8fbvi7VlK4wFAJSRpAO1W/OBX+/FekMtmjEdGFn7mQdaVFQQhZzyo+IQgJ9yx9qp4x95ENpvoLfy313pH4IJNTYNNTTZrVt0Wqh3XF/fZg5yQGa3esEL/RGLJRG9b2WtVNXWUE7jRqt+qKhk/ommbTU2D3eZcNpky6cfbZF9sO8JaY3eT5kntHat5N+5gXdm73OitKk8Y0bvuZK2OxW72Ae7Yyr5V+areRDKZOLe75It6152k1dZW+4X7Q7H5zGhHyRdlv3SLfCzXX0mA1Q5JGkA71UepXuud0iP/naQ3dKo8wy1wuM2qjLPFx0iv9Y5QmSBLH22nIrF5YZ4LDVnvCNnUkELyLiZp5TQjvUUhsNYKPSoP81q7utBgFUm6aUTvujvPBQ82BWu0V7HBtcOZ4uOImRe8bPVdosqbF9/F0D0U57KCMJ9zjU7u3j1p9PLzwt2YlT2yqB1J425cs4squ6s7npzPjB6k++0i9oEHuGM177Rtk6bYXWG+9KT3YJCbv2Ou+fvebeYFLri/abCpyWZN3uGMk7uLSXrkyEAymU0Ndahrg+KOAQBqIEkDaKf6EFs6UDSyv9vvygrzXPCg+oO0miStmFrKySJm2/iANTcv3I2ZJnc3DTY1jZwy5eaFO5xxsnQwrOaY9GhGyCZ6m2zW4nuLT16RMekjZl7gMpxwJ5vMGI+ElPKfrCVtNmssZzol38JSx6SbKrIdfQx4haR5XOn5hu6huNeb8CaFpDfh9caHug3V39pwypSbp58jmxpQvoawmI5dTN/Sn2nWaluoQ26ZYne9A1IulHfpyJBXSJotq7BjK/t2Ea+9Ncrd4UZZa9Vf4Ip9so31zst+qdsmjdydpNki/tLpk8lYYkDN9agaOwYAqIEkDaDdYvJH+TjcwVBMELxD9FB3a8AqHcUzpnOF433bpJGjA2x3OVdGlqSrPF955FX26E1kaZJuu9FrTCXnhfmKwy29ri1kMya9ZXdJPi5N4dJDTNLqGrD8oUTvupu1JjghM3rQ700WxuSKjaxyVjCaUQ4wXLBJ7TBnsXNGOSFmulH6FuPmpOAdKHnT3QcdQ6aE1RzUdxuaiiFyZH+v32gKjeptB3eXPtmcjGUFYZ73mtynzgWt3B1BELJcRF8rIKoITIv5udToikICHum18kmrra3p1oDrznwy0i3v84OR2HxmdP/CW3vwOlbjTntjlOO9Q+MVhRwLlFT1Wu/Me9nK8g9UdwDcb0jSANotKn+UH95GjDFh3uUu1GAkB46MFAbGcqaDg01NIwPeu0I2od8/0rbfbc0KhXGpas8vC7K3jNzdpKl08E9M0j+OcnezXMKbrBpe5rkkl72btDo65Af13YbdlZ+uMknvvrG/6ui4Uha/Z6FksKnphikmxIyh8uqO0Uyh/6WAUjhJoI0vforiAGq1UNJtzs0LgjCfGlK++q84qh3kBN58RPqvxcjdiVkj3hoXEebvZOfvxkyWpqbB/aOZ+fk7nDVEs12xYbstelMqOX/HO3RNe2DSkLpqPcbNSUGYvzsvCPPJ+Lnd9LOL49DnXHfnXVWLpx/sjtW60x4cSmWFu0mzbREXgpomzbG7xSFpLlilnkr1r5vijgEAaiBJA2in+iilmMkKX2S9wl2XXvr6DVOMXq0OcoJssE2fnBePrNWeL994oUJadaFnzavqQU64w1kz2fnMkOLYbTbR2zS4++Ck3pSZFwRB4M2jxUxf3LI0Ir5soaSpye3K3rH2VtRJKyTpQpOkJK2oMkl3x5PJuJkTYq5k0uVWmBO2PxKrnuJK803VSpLaI4vaxx0VA5PKF6qpHZLOqQ6yJqNj9+5bR9670UZrrOeT5+QF9KuvY7XvtIMHh1LJ8lovNdN8i/v5KCdUVN1U/BYsdscAADWQpAG0U32UqpWklQLKvMtdXhi9PxKj/632/MXOCSt9VEvSu0+JF7tjZrfyBCxxNNftyt5JxgoTHHtXKknLM4StetVpIXbIk3Q20dt0a5S7Kwh3rOcMbYo/tTabNclbe+mHujHK3am+eEWVR0kn1Gph8a1Vlb+rLkPXvBsv+OOTOvNgkJPGS7nQ/t5EVribzQoxE+2rW6aYEDOWFmmsgo5d6k472FRjqq5yvi9J0kqQpAGWH5I0gHaqj1K1qjuqTSUs+3pbSJakax7ddzus5cuTjdAG7C/ffg30GOy2xjImfSHEK76dYp30ilV3lCeMpqbBpqYbxpggCPI5cLJOkBrfNmmK3Z2PJbns3XmlCvKmNps5eZfGQfH0YH+Qm79j7V3MvC59cl5IDYj/feDGpDOjyj/cwp6ZTfQ2DR4x5+aTGavR3b3/xu7dg22jGUFIDZxLzgs540Gl9WRWR8dW9q3qF7aNZrJc8L2SL9Yeky6fwMBhTBpgpSBJA2in+iilNOMwEhPuegcGm9qCnFAxRCceCKUpibLqjqrPp49rehc/L9xNcgmjfvLg7sGmJsM5Mz9PlySr3sIFqzsWnaRXfky6EFP0yfn51NBQar6y3KXQzt3n4rF5Iev1H2mjIcxwypjJzosrizU1iWkv62IPln6ott5EVuCtdNLnQmOc3Ghpd6kcOhUbMD7g4ukKx4XdadKcvG+r4JUm6ZIoXNg9Sr4+ckQf4bJ3uaEbxpggeP1ttO5//m75rrhqOlb7Tjsy5BUqyscXXd2hBEkaYPkhSQNop/ooVXMVvBG9664wnzOdMjQ1jezvjcTm73KjN8Sv05mFux3yGYdVni9/R8PBc36zl58XhPl5QcgmhxZa1Wu1Jum2IyFuno7Q3xrl7s5zIVk8GjlizAnZRO97QS6bsw7Q9ROKw5ltR1hr7I536FrbEb+3dNVCeXe19SaSxZUEF3i00XcU/6ty6HTkyEAiNi9kOXENctnEOLq6iyzxawhMKl+odkx6ZH9viMsKQjZjPGVoK15CGTkympkXBEF2F5JV1bGad9o2v1fh90ttkjaeCnFc3IoxaYCVgiQNoJ3qo1T5al/zd0pGvNrGh1z8fOFbxeWc28aHvEqr4FV7vviqG++d85usmeS8IMzzXmuCy94VhOICBYqPWkm6pLBEiZRg9Mn5n1B1x8iRgWRSvipCm82cvEsTXlPTSK9Z7MMsFzp3sMZ6Z+NG7k6yMGiq2F1tpyKxLG89t9A6D23jxpggcMEF7l1X9jgVT87nzNJah4VaHekJu0+FuOxdTuUqE5p346pj0oVOGEjNZxO9TRZzjPfSAHowyM0LWattN11aUeBdo0Fr8q4wz1uHLLtXWcdW9q26V7UNpZRun6QiSXfHk4IgzOfM5wwKMw4PRpJI0gD3AZI0gHaLOmzfh0d3JDZ/d37+TpJLWU1+eTps228bMstW9aq2VEUpbnTESJdLmE8OVLvSXXpnlnkX29ZUJWzd3zFp47lEcj5nHSibuGY4Z87Nz2dG37tlivGugVttR1gzd2d+vmonKK7atqhb8eldd2Wby5l7RxYoP5ApjUeThVdVXoVQ/dC8G1f98Y2bC8spJs0lYe6UmU9aHbvfC3Lzd2Ou4ClxKNpwajQZm7/jGlBIqA9wx2rdaemNwZtq3xlUUF7tJBaL0NF0WZKeLPZALNK9lB0DANRAkgbQTvMRF4/FHtdXvD2r5oHd+L717Yq3ZymNBwCVkKQBtFvxg98qfqCr70/Hom+Xr29XvD1LaTwAqIQkDaDdih/8VvEDXX1/OhZ9u3x9u+LtWUrjAUAlJGkA7Vb84LeKH+jq+9Ox6Nvl69sVb89SGg8AKiFJA2i34ge/VfxAV9+fjkXfLl/frnh7ltJ4AFAJSRpAuxU/+K3iB7r6/nQs+nb5+nbF27OUxgOASkjSANqt+MFvFT/Q1fenY9G3y9e3K96epTQeAFRCkgbQbsUPfqvysWlg05Zvt6Cr70/Hom+Xr29XvFVLaTwAqIQkDaDdvmv7Ng1sWvED4Sp7bBrYtO/aPnT1/elY9O3y9e2D0rHVdgwAUANJGkA7Y8C4aWATfaz44XB1PGhnjofH0dX3p2PRt8vXtw9Ex9bYMQBADSRpgCUxBoz7ru3b8u2WFT8iro7Hvmv7qh3U0dXL1LHo2+Xr259+x9beMQBgQUjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaPMLzfD6fz+VycwVZAAAAAACoYm5uLpfL5fP5R/L5fDqdFgAAAAAAQLV0Ov1ILpeLRCIr3RIAAAAAgAdJJBJ5ZG5uLhAIrHRLAAAAAAAeJIFAAEkaAAAAAGDRkKQBAAAAALQIBAKPZLNZv9+/0i0BAAAAAHiQ+P1+JGkAAAAAgEVDkgYAAAAA0AJJGgAAAABACyRpAAAAAAAtkKQBAAAAALRAkgYAAAAA0AJJGgAAAABACyRpAAAAAAAtkKQBAAAAALRAkgYAAAAA0AJJGgAAAABACyRpAAAAAAAtkKQBAAAAALRAkgZY3dID/bdfHZuVf+ma3vTk1cS9egOFrfHsayfG+yJlT/xPfi4d9vsHrtpe6x/7/865kkt6W54927Kzn+XVv8DS1UBI+3Ba9Ss4fXuXIV78b39Ly1mL+pdXNIDt39l82FLR4ri+lbTq40ovWQpuUPHdCm862N5a+WHSpsPN7YOc+jfhLT0d+uLzOX1HT9W3BABYjZCkAVY1nn21e/xiaWitmqTjzie7TY8s+ND7q26NtW27GhfsUz87YRsr3TY7fPvnJ27XnzA90jNxkY0n+f8I9inF7atN+dxwR0N9p0FdtOX0rXV1rR0dDXWt+sqkaOkiFVr1cd7S1dDQRaMhb+laV9dpkGJiXN9a8vQui/J2uiyyPuhvJs395W9fI0nH9a0lG5B9x3S4tX24Zvzm9K31DWftVb4bN3Q11tXvLOsM3nK4oV5hu0odRBvG6VsbxS7i9K0t/WytJqnC9jeXfmieHeza2VBPCCH1DTt7TCWtS1v625vp95o79fIzq7ipR3xV3ePN7f2y04a46Wx78+N19DulL+JZfSf9Fqlv2Nll4NS8qNiIkm8pdRpZjpMmAFhJSNIAq1ny+vgj51wX9erCcdz5ZPdYn+xAH746VpmbZU8u2ciBqXjf2bG+yJ2xwdv/ZzCs2J7w1bFHzjrF79mniv+WbV8xSSunEiUKyZMb3Flf19rP8jRRN3SZKuO3pauQcUria2GUNa5vrSsZz5Y/S/p3cSMVzxEEQRB4Q1dzx3BZlF50ko4buhrrGztkwG4jsAAADKBJREFUY8flsb4m6b14e097x7BpgdcWmyZrjbxhvOlw53BcSBs62xVOUhYpbuhsKP0hxgdb6xo6Bmk8TZu6GkiDNNTOW7oamnsscV4QBJ7Vt9bVtQ7Gi41t6DRw0rfIzsE0fc3hhrrmHhqsy17EW7rW1bX229PSe63rsS/0IoHtbyat4gkSbz/bLPuWHG/paiCFEzMAWDWQpAFWsVjPmduHXP8p+2rNMWnVSbp8a/9hr46tHY4IQuDQiarDzEtK0sqjsws8K23paS4de+UGd9Y3dBriFS9VStIUb+isL4tHixqTVkq60ltUfFMxu4pfMPW01Ne3lI3L3hvccEdjg2I9SNWg3tqq8A3Ng65x0+HmOlJXVyf/IbL9jaRFntAtXXWFGh2uv7mQj6XnNtJR8bi+lch/Ymx/I+k08ILAGzoJ6TKVfjgxLwuWrrq6w8X+5g2ddHs1X2TvWSf/zJy+RbEL7D3ycwAAWDWQpAFWrbzF8jMxGfsPqKnWWEqSZm2P9tjGBEGwT/1MqoEuZuVE39nSNz3rDC+muqM8I9t7mlv77eWxpOxZaXv/zvp6heLmuKGrsb75sDyPlobgLkvVUXCFUdnCv3lDZ0l8q16cUdIYNWPSPGfp72x+vLGj37JQTuX07e3y1B8f7OgqO2/g9DtbSj69wA13NDTIhss5/c6KgmnZiHv5JysbjFf8LIMlA7kVLF2krrFDz7L61ponTWx/o/hexX9VoNFXvhFTF5GHZMWnVmyQ07cQxSbLt68qScf1rUReHAQAqwaSNMBqFT7UY3pElqQPFEpm5eO+JVl5EXXSFclY/BY7fLEYtfMWyyPn3LIi7fTAOZO2MelScX0raa5Zkpu26zsa6xs79PZqddRxU0/L48UnVB+TLh/eLH61LGDzps66asGb7W9p6BE3mh7uaOgq1ncvnKTjw+0NrV36BTO0QEsS6neWZuC4obOhrCI6buhqrKsTzyXipsPN9YXSBUHg0+l0Os0ZOhvKShGWN0mn4xxf2HSNJM0bOknJ6HKhHLqkRLmyTy1dVUbLZQPZFZc0qrZF9iJBYPtb6qTqDra/tfJT8paudQvssADwoEKSBliV/sMOjz06aHtt0Ul6sWPS/0lOTW08MzGc/I8gCAJnX9tt+tkZJysIgiCUF0zz7Kvdpsr0vFi8obNuXa16U57Ttzd36O32BUqAu4btg10tzV0WfqEkrVCsXP7VtKmroezqPXu2UXqOqUuKXpbDdeXV1IuecagobuhsqG9saS5Nzbypq7m1vblBrBSXcPr2dj1Hy3yp+oZGSUt71+GunYUwXWXGoWLZxyIaXO0zV98Gp28t1EjE9a2ENDS2F04B0vazrYX5pKqTNG/qWiclX7VJuuRFgiAIcVNXY+HjN3ZVlN6kh9tJSRkKAKwiSNIAq1L+2pB9TPAfWHR1R8lCHzWS9DWFWYxTR4fHD9i9B7otA2lBEGI9Z0wH7MUq7bzF8ki36ZGe8eZ+J1ttVLtbGkeXUT/fsEaUqz1uWpak9TVCuOL244PtxXKI+CB9dV2jtChcfLBVLO9l+xsLJbZC4f3KGraoGYRi+Qfbv7O+oWOYE7j+Zvn204M7yboeu8BbuhrqmnsqKmJq4S097WfFV5SUrmgYk1arVpLm9K3FOXtxfSspXQqFN3SSOqkwXUWSppFYOu9Ql6TLXiRw+lZpMqLAK4zlpwd3isPoALAKIUkDrGJSki4hHyquGJOeuiZ7Zq0x6XS455ypvt/NCoIw5z/QY9p4lb7Tf67pTc3XZwXOvrZ7YriYH2YvnjOtPXP7kTMTB86aHtX78wu1UwkdjzaVphLe1FlX12laIKosmKSrhGVLFxHz2ZKw/Y11hy20yqHLUj0tVxsO5y1d66qPxMcH25sPi0uS8IbOYtKz9zRIw6Fp0+HW4rolvKGrRQyAUoSUr0JSFiHtPeuqd9/9SNJxQ2fJGobxwYonSnFZTZLm2f7WupLQqyJJK7zocF3pKuWcvqVY+SGII9KLWcccAB4oSNIAq5gsoUZczefstjmBlji/askrPN019TO1ddKZa1+Pv3o9JgiCwIePnjFtHI4Ut8jaHj1jO3rRtHZYdncWzr72hO0iXbtjLnDo3NRYMY2oTdKcvrXu8YrITJdpZiuevfBItixaVa3uYPsbW9vbGxSC+qK2LwimLtKi53hDJx2fVCrqKI9ypU3hDZ116lZRSw+317fqOXEQVz4AXvJmdcU1K8SmVE/S9p51FR9Or9wBS8vUykk6buisGFG3HK6rlqQVZxyWTUZtrWsoW5FQecZh8QuKL1owfpu6iPK0RQBYFZCkAVYxeULNXPv69s96LH1j9ifF6otyYcN4WRHzAnXSc+lkPHLt+kR999i2i+P1Pbd/Ln4rPdBveuTE1LVi7skMXzRtuz4rXwUvfHVMzZ1f5NKs4Wx78+OPt3bpLXR+Gl31V9VkrkVVdxRXYTvb2NzPcf3Nla8tvqSYpmT5uPz9OH1rw1mLpUtcl3rxSVoQeHtPc72qCg3e0tXQ0NHRWn3hNXvPusJIe7HypDJJW3qaO4Y5wd7TvG6drHFlH25Zx6Tp9MjWihta8qbOupI6mfRwe2FtuvLeZfsbpXFhnu3fWU8qF0Kkq+DJ3po3dEpr3VV9kb1nXWlzOX2LvOikZHIiAKw+SNIAq1jZWO8d9ur4I92mR87YbXz5ItO0+qLsjio1knTyuuXnJ27Xn5s4pB//P93jPf5kck4clc7bpx7tNv2s+/YBe0ba+MCQiy1bT7pqOxfCcxZ9V+vjjze3d+5sIIo3WlFQO+2ZOklj16DJoD/b2bqO1Dc01Lfq40J6uL2+fThNV5Quv0K/yCQtvqZwg5dFJek0a9J3tbYPxmmiq9/ZX3VNEkEQxFW06+rr63ZWGwy196wr1O5y+tZCAYhCku4irXp2cGdzf3/XkpL0Qmt3yD+zfCDe0tVAqt3QhNO3FhN22tTVULx7DtffTAo3dEnb+1vrCt/i9K11RPFOl2KZUKHmOW7obCgM6Nd6UXywtb61R35mVy+/gGHqQpE0wKqGJA2wikkJ9U4+4u/Tj/28+/arw86j/WM/7zat7Z/qG/Pb4ukkTdWs7dHusZ7SqFCRpO8MXzTVy2s2hLLq6v8kLRP13aaNV+NJ+9Sj3bdfGytZ0u7eJGmB50xn2xvr6hpbdzbX1zd3LrzIslAz7Vm66h+ny1Uc7h8c7GoknYY0vSFivZSe4oOy/5RtcOEkzafTcdZi0neue7yhubGxob6zv3/hJM3pW0h9Q0N9nXwUvnBL68dbewxsvCKixS39HY114t1b4oau5malpQDtPevoGG1p9bGUpNn+RtJlEr9wzdJz2MBbViJJp4fbaxeTS/cEr3u8teSGNTw73CW/W7g4kF9ZpVJSkJK2FO4JLr9b+AIvkt2YvOJ25gss6gcADzwkaYBVzH+ge6yPS/SdMz16bqJnLJKURqL5pG3KeVRvebLn9s+7bx+wZ8JjllevlsecQpLOD18USy9+dmL8YqR0PNtvr6dJOh3u67/9s+7b266L28m7bGu7TfXnbMPxO8UNnnWGa5R21Crw4NOcffBse/PjdfXN7WcNrDiPjjX0tD5e39h+1iRlzcWs9lEec8Q0yQ12lC3CwFu6xHWZF7W2Bumy2HsaHm9s3Nl5+HD/oMnCxtNpXs2Mw7SpSg6m37UPdu1saGgfpJ+a5+yDZ9sb6ypOLHjO1NPa2Nx+WJbF44bO5lY9Fzd0NpfcMFFK0rylp5mmUGn5kfIuXabqDgCABwqSNABoNPa1GHzXDvrzgiBEnM1np6TQLEoHjp4d6+HE8F1lTHphcUNHw+ONLe1d/YN2TvFSedzS39nccnZRq7wpv5W+lXQNGjpaFApp44bOlo7hexIZ1VR3qMXbzzY3NLefrdY3giAIadbQ37mzobFjuPpzalrimDQAwKqEJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABaIEkDAAAAAGiBJA0AAAAAoAWSNAAAAACAFkjSAAAAAABa+P3+R+bm5gKBwEq3BAAAAADgQRIIBP4fh04i5UZamy4AAAAASUVORK5CYII=" alt="" />

Relevant Link:

http://bbs.aliyun.com/read/146486.html?displayMode=1&page=e#a
http://lailinlin.com/post/339.html

2. 检查DEDECMS是否为最新版本

public function getVersion()
{
//动态获取DEDECMS官方发行版本的changelog
$removeVerArray = @file("http://updatenew.dedecms.com/base-v57/verinfo.txt");
//获取本地版本文件
$localVer = @file_get_contents(DEDEDATA."/admin/ver.txt"); if(empty($localVer))
{
$localVer = "unknown";
} //changlog格式: 20140814, utf-8, 1 , V5.7.49 UTF-8正式版20140814常规更新补丁,http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20140814.zip
$removeVer = $removeVerArray[count($removeVerArray)-];
//获取以时间标识的最新版本号
$removeVer = substr($removeVer, , ); if($localVer != $removeVer)
{
$this->aVersion = array(, $localVer, $removeVer);
}
else
{
$this->aVersion = array(, $localVer, $removeVer);
}
}

3. 检查默认安装(install)目录是否存在

public function isExistInstall()
{
if(is_dir(dirname(__FILE__).'/install/'))
{
$this->bExistInstall = true;
return true;
}
else
{
$this->bExistInstall = false;
return false;
}
}

4. 检查默认后台目录(dede)是否存在

if(file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'dede'.DIRECTORY_SEPARATOR.'config.php'))
{
echo <<< END
<tr><td class="item_y">、您的站点后台目录为默认目录(dede),建议您修改目录名!<br/><font size="" color="blue"> 友情提示:用本工具修改后台目录名后,请清空下浏览器缓存文件。</font></td><td id="RenAdminDir" name="RenAdminDir"><button class="btn btn-success RenAdminDir">修改目录</button></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_n">、您的站点后台目录已修改。</td><td></td></tr>
END;
}

5. 检查DedeCMS会员中心是否关闭

DEDECMS的会员中心是黑客常用的GETSHELL入侵手段

public function checkSetting()
{
global $dsql; //检查数据库中会员中心开关配置
$dsql->SetQuery("SELECT value FROM #@__sysconfig where varname='cfg_mb_open'");
$dsql->Execute(); $row = $dsql->GetArray(); if($row['value'] == "Y")
{
$this->bWrongSetting = true;
return true;
}
return false;
} if($_SESSION['bWrongSetting'])
{
//检查GPC开关是否开启
if (!get_magic_quotes_gpc())
{
echo <<< END
<tr><td class="item_y">、您网站的DedeCMS会员中心开启,并且php魔术引号关闭!<br/><font size="" color="blue"> 友情提示:会员中心存在多个安全漏洞,如果没有必要请关闭用户中心!并在php.ini里设置 magic_quotes_gpc=on 打开魔术引号可加强安全防御。<br/>关闭用户中心的操作步骤为:登陆后台-->系统-->系统基本参数-->会员设置-->是否开启会员功能(选择“否”)-->确认 </font></td><td></td></tr>
END;
}else{
echo <<< END
<tr><td class="item_y">、您网站的DedeCMS会员中心开启!<br/><font size="" color="blue"> 友情提示:会员中心存在多个安全漏洞,如果没有必要请关闭用户中!<br/>关闭用户中心的操作步骤为:心登陆后台-->系统-->系统基本参数-->会员设置-->是否开启会员功能(选择“否”)-->确认</font></td><td></td></tr>
END;
} }else{
echo <<< END
<tr><td class="item_n">、您网站的DedeCMS会员中心关闭。</td><td></td></tr>
END;
}

Relevant Link:

http://www.cnseay.com/131/

6. 检查是否存在高风险的若密码账户

public function listAllUser()
{
global $dsql;
//弱密码库
$arWeakPasswd = array('', 'admin', 'admin123', 'dede', 'test', 'password', ''); //使用DEDE自身的数据库操作API,查询保存帐号密码的数据库
$dsql->SetQuery("SELECT id, pwd, userid FROM #@__admin");
$dsql->Execute(); while($row = $dsql->GetArray())
{
$this->aUserList[$row['id']] = array($row['userid']);
$strPwd = $row['pwd'];
foreach($arWeakPasswd as $key => $strWeakPasswd)
{
if(strpos(md5($strWeakPasswd), $strPwd) !== false){
$this->aUserList[$row['id']][] = $strWeakPasswd;
break;
}
}
}
return $this->aUserList;
}

7. 后台友情链接xss漏洞

public function checkFlinkVul()
{
$arVulFileContent = @file('plus/flink.php'); if($arVulFileContent)
{
$strVulFileContent = @file_get_contents('plus/flink.php');
if(substr_count($strVulFileContent, '$logo') != )
{
$this->bFlinkEvil = false;
return false;
} if(strpos(trim($arVulFileContent[]), '$logo = htmlspecialchars($logo);') === false)
{
$this->bFlinkEvil = false;
return false;
} if(strpos(trim($arVulFileContent[]), 'VALUES(\'50\',\'$url\',\'$webname\',\'$logo\',\'$msg\',\'$email\',\'$typeid\',\'$dtime\',\'0\')') === false) {
$this->bFlinkEvil = false;
return false;
} $this->bFlinkEvil = true;
return true;
}
$this->bFlinkEvil = false;
return false;
}

8. /plus/search.php SQL注入漏洞

public function checkSearchSqlInjectVul()
{
$strFileContent = @file_get_contents('plus/search.php'); if($strFileContent)
{
//通过intval输入规约化,防止出现非数字的字符注入
if(strpos($strFileContent, '$typeid = intval($typeid);') !== false)
{
$this->bSearchEvil = false;
return false;
}
else
{
$this->bSearchEvil = true;
return true;
}
} $this->bSearchEvil = false;
return false;
}

9. /plus/feedback.php SQL注入漏洞

public function checkFeedBackSqlInjectVul()
{
$strFileContent = @file_get_contents('plus/feedback.php'); if($strFileContent)
{
//通过addslashes对输入进行转义
if(strpos($strFileContent, '$arctitle = addslashes($row[\'arctitle\']);') !== false)
{
$this->bFeedBackEvil = false;
return false;
}
else
{
$this->bFeedBackEvil = true;
return true;
}
} $this->bFeedBackEvil = false;
return false;
}

10. /plus/feedback_ajax.php SQL注入或XSS漏洞漏洞

public function checkFeedBackajaxVul()
{
$strFileContent = @file_get_contents('plus/feedback_ajax.php'); if($strFileContent)
{
if(strpos($strFileContent, '$arctitle = addslashes(RemoveXSS($title));') !== false)
{
$this->bFeedBackajaxEvil = false;
return false;
}
else
{
$this->bFeedBackajaxEvil = true;
return true;
}
} $this->bFeedBackajaxEvil = false;
return false;
}

11. /include/dedesql.class.php 变量覆盖漏洞

...
//检测是否存在变量覆盖
$arrs1 = array(0x6E,0x73,0x6C,0x6D,0x73,0x74,0x7A); //nslmstz
$arrs2 = array(0x6A,0x75,0x73,0x74,0x34,0x66,0x75,0x6E); //just4fun require_once(dirname(__FILE__).'/include/dedesql.class.php');
..
/*
通过在健康体检脚本中进行一次变量声明,如果网站存在变量为初始化漏洞,则健康体检脚本中的变量声明就可以成功(模拟了变量未初始化覆盖漏洞)
*/
public function isExistVul($paramName='nslmstz', $paramValue='just4fun')
{
//var_dump($GLOBALS);
if(isset($GLOBALS[$paramName]) and $GLOBALS[$paramName] == $paramValue)
{
$this->bExistVul = true;
return true;
}
else
{
$this->bExistVul = false;
return false;
}
}

12. /include/uploadsafe.inc.php SQL注入漏洞

public function checkUploadSafeSqlInjectVul()
{
// 检测是否存在注入
$superhei = 'superhei.avi';
$GLOBALS['_FILES']['superhei']['tmp_name'] = "justforfun\\\\'";
$GLOBALS['_FILES']['superhei']['name'] = 'superhei.avi';
$GLOBALS['_FILES']['superhei']['size'] = ;
$GLOBALS['_FILES']['superhei']['type'] = 'super/hei'; if (!is_file(DEDEINC.DIRECTORY_SEPARATOR.'uploadsafe.inc.php'))
{
$this->bUploadSafeEvil = false;
return false;
} @include(DEDEINC.DIRECTORY_SEPARATOR.'uploadsafe.inc.php'); //模拟变量覆盖注入是否可以成功
if ($superhei == "justforfun\\\\'")
{
$this->bUploadSafeEvil = false;
return false;
}
else
{
$this->bUploadSafeEvil = true;
return true;
}
}

13./member/buy_action.php SQL注入漏洞

public function checkMemberBuyActionSqlInject()
{
$strFileContent = @file_get_contents(DEDEROOT.DIRECTORY_SEPARATOR.'member/buy_action.php'); if($strFileContent)
{
if(strpos($strFileContent, 'mchStrCode($string, $operation = \'ENCODE\')') !== false)
{
$this->bMemberBuyActionEvil = false;
return false;
}
else
{
$this->bMemberBuyActionEvil = true;
return true;
}
} $this->bMemberBuyActionEvil = false;
return false;
}

14. DedeCMS数据库里的恶意代码检测

public function isMyadEvil()
{
$this->aEvilMyadData = $this->checkData('myad'); if($this->aEvilMyadData)
{
$this->bMyadEvil = true;
return true;
}
else
{
$this->bMyadEvil = false;
return false;
}
} private function checkData($tableName)
{
global $dsql;
$evilData = array(); $dsql->SetQuery("SELECT aid, normbody, expbody FROM #@__".$tableName);
$dsql->Execute(); while($row = $dsql->GetArray())
{
//检测数据表中字段是否包含PHP代码
$checkContent = $row['normbody'].$row['expbody'];
if(strpos($checkContent, '<?') !== false)
{
$evilData[$row['aid']] = array($row['normbody'], $row['expbody']);
}
}
return $evilData;
}

检测flink数据表中字段是否包含xss字符

public function checkFlinkData()
{
global $dsql; $dsql->SetQuery("SELECT id, logo, url FROM #@__flink");
$dsql->Execute(); while($row = $dsql->GetArray())
{
$strLogo = $row['logo'];
$strUrl = $row['url'];
if(strpos($strLogo, array('\'', '<')) !== false || strpos($strUrl, array('<', '\'')) !== false)
{
$this->arFlinkData[$row['id']] = array($row['logo'], $row['url']);
}
}
}

15. webshell后门检测

private function CheckBackdoor($strFilePath)
{
$mod = $_POST['mod']; $arFileContent = file($strFilePath);
foreach($arFileContent as $nLineNum => $strLineContent)
{
if(preg_match($this->_strBackdoorPrint, $strLineContent))
{
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue;
}
else if($this->_arBadWord)
{
foreach($this->_arBadWord as $key => $value)
{
if($mod=='')
{
if(stripos($strLineContent, $value) !== false)
{
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue ;
}
}
if($mod=='')
{
if(preg_match("#(".$value.")[ \r\n\t]{0,}([\[\(])#i", $strLineContent))
{
$this->aBackdoorFiles[] = array($strFilePath, $strLineContent, $nLineNum);
continue ;
}
}
}
}
}
unset($arFileContent); if ($this->aBackdoorFiles)
{
$this->bExistBackdoor = true;
return true;
}
else
{
$this->bExistBackdoor = false;
return false;
}
}

16. 高级木马查杀

. 检测目录:不填写为根目录。如:data
. 关键字:每个关键词用,分割。 如:eval,system
. 正则匹配模式:
. 扫瞄的文件后缀: 不填写为所有文件类型,每个关键词用,分割。如:php,inc
. 不扫瞄的文件后缀: 每个关键词用,分割。如:gif,jpg
. 不扫瞄的文件名: 如:data/common.inc.php,install/index.php

Copyright (c) 2015 LittleHann All rights reserved

上一篇:【数据结构】【平衡树】无旋转treap


下一篇:SpringCloud的Hystrix(二) 某消费者应用(如:ui、网关)访问的多个微服务的断路监控