欢迎您光临小易传媒工作室博客,本站秉承服务宗旨 履行“站长”责任,销售只是起点 服务永无止境!

友价商城【虚拟主机或linux/nginx主机】存在可执行脚本权限漏洞,有被注入并运行木马的风险的解决方法

本文适用于虚拟主机或LINUX主机的用户朋友,因为虚拟主机或LINUX的主机,不方便直接操作目录权限(即使操作了,也不完全能修复),因此我们是通过设置伪静态的方法,来实现漏洞修复,具体步骤如下:

一、伪静态规则是.htaccess的用户参照这里:

打开.htaccess,将以下代码复制在这个文件底部,保存即可。

RewriteRule upload/(.*).(PHP)$ – [L,NC] 

RewriteRule upload/(.*).(asp)$ – [L,NC] 

RewriteRule upload1/(.*).(php)$ – [L,NC] 

RewriteRule upload1/(.*).(asp)$ – [L,NC] 

RewriteRule upload2/(.*).(php)$ – [L,NC] 

RewriteRule upload2/(.*).(asp)$ – [L,NC] 

RewriteRule upload3/(.*).(php)$ – [L,NC] 

RewriteRule upload3/(.*).(asp)$ – [L,NC] 

RewriteRule ad/(.*).(PHP)$ – [L,NC] 

RewriteRule ad/(.*).(asp)$ – [L,NC] 


RewriteRule gg/(.*).(PHP)$ – [L,NC] 

RewriteRule gg/(.*).(asp)$ – [L,NC] 

RewriteRule uploadfile/(.*).(php)$ – [L,NC] 

RewriteRule uploadfile/(.*).(asp)$ – [L,NC] 

RewriteRule userphoto/(.*).(php)$ – [L,NC] 

RewriteRule userphoto/(.*).(asp)$ – [L,NC] 

RewriteRule attached/(.*).(php)$ – [L,NC] 

RewriteRule attached/(.*).(asp)$ – [L,NC]

RewriteRule img/(.*).(php)$ – [L,NC] 

RewriteRule img/(.*).(asp)$ – [L,NC]

RewriteRule homeimg/(.*).(php)$ – [L,NC] 

RewriteRule homeimg/(.*).(asp)$ – [L,NC]


RewriteRule js/(.*).(php)$ – [L,NC] 

RewriteRule js/(.*).(asp)$ – [L,NC]

RewriteRule css/(.*).(php)$ – [L,NC] 

RewriteRule css/(.*).(asp)$ – [L,NC]

二、伪静态规则是httpd.ini的用户参照这里:

打开httpd.ini,将以下代码复制在这个文件底部,保存即可。

RewriteRule /config/ueditor/php/upload/(.*).PHP$ /css/ [I]

RewriteRule /config/ueditor/php/upload/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor/php/upload1/(.*).php$ /css/ [I]

RewriteRule /config/ueditor/php/upload1/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor/php/upload2/(.*).php$ /css/ [I]

RewriteRule /config/ueditor/php/upload2/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor/php/upload3/(.*).php$ /css/ [I]

RewriteRule /config/ueditor/php/upload3/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload/(.*).php$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload1/(.*).php$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload1/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload2/(.*).php$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload2/(.*).asp$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload3/(.*).php$ /css/ [I]

RewriteRule /config/ueditor_mini/php/upload3/(.*).asp$ /css/ [I]

RewriteRule /ad/(.*).php$ /css/ [I]

RewriteRule /ad/(.*).asp$ /css/ [I]


RewriteRule /js/(.*).php$ /css/ [I]

RewriteRule /js/(.*).asp$ /css/ [I]


RewriteRule /homeimg/(.*).php$ /css/ [I]

RewriteRule /homeimg/(.*).asp$ /css/ [I]

RewriteRule /css/(.*).php$ /css/ [I]

RewriteRule /css/(.*).asp$ /css/ [I]

RewriteRule /gg/(.*).php$ /css/ [I]

RewriteRule /gg/(.*).asp$ /css/ [I]

RewriteRule /img/(.*).php$ /css/ [I]

RewriteRule /img/(.*).asp$ /css/ [I]

RewriteRule /userphoto/(.*).php$ /css/ [I]

RewriteRule /userphoto/(.*).asp$ /css/ [I]

RewriteRule /upload/(.*).php$ /css/ [I]

RewriteRule /upload/(.*).asp$ /css/ [I]

RewriteRule /ckeditor/attached/(.*).php$ /css/ [I]

RewriteRule /ckeditor/attached/(.*).asp$ /css/ [I]

RewriteRule /config/loveedit/uploadfile/(.*).PHP$ /css/ [I]

RewriteRule /config/loveedit/uploadfile/(.*).asp$ /css/ [I]

三、nginx伪静态的,参考如下:

将以下规则复制进伪静态文件里即可

location ~* ^/((.*)upload|ad|gg|img|homeimg|js|css|ckeditor\/attached|(.*)upload1|(.*)upload2|(.*)upload3)/.*\.(php|php5|asp)$

{

deny all;

}

四、IIS7,建立一个UTF8格式的文件,命名为web.config,将以下代码复制到这个文件中

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

    <system.webServer>

        <handlers accessPolicy="Read" />

    </system.webServer>

</configuration>

然后将这个文件web.config传到后台提示的漏洞文件夹中

如果以上的这个IIS7方法不适用, 请用以下代码

<rule name="p1">

<match url="^ad/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a1">

<match url="^ad/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p0">

<match url="^gg/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a0">

<match url="^gg/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p2">

<match url="(.*)upload/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a2">

<match url="(.*)upload/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p3">

<match url="(.*)upload1/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a3">

<match url="(.*)upload1/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p4">

<match url="(.*)upload2/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a4">

<match url="(.*)upload2/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p5">

<match url="(.*)upload3/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a5">

<match url="(.*)upload3/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p6">

<match url="^img/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a6">

<match url="^img/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p7">

<match url="^ckeditor/attached/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a7">

<match url="^ckeditor/attached/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>



<rule name="p8">

<match url="^css/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a8">

<match url="^css/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p9">

<match url="^js/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a9">

<match url="^js/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="p10">

<match url="^homeimg/(.*).php" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

<rule name="a10">

<match url="^homeimg/(.*).asp" ignoreCase="false" />

<action type="Rewrite" url="/css/" appendQueryString="false" />

</rule>

小易传媒工作室资源网 » 友价商城【虚拟主机或linux/nginx主机】存在可执行脚本权限漏洞,有被注入并运行木马的风险的解决方法
  • 164会员总数(位)
  • 921资源总数(个)
  • 1本周发布(个)
  • 0 今日发布(个)
  • 571稳定运行(天)

提供最优质的资源集合

立即查看 了解详情
升级VIP尊享更多特权立即升级
本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除 ? 1995-2021 侵权投诉邮箱:1076433326@qq.com
高新区小易传媒工作室蜀ICP备20002808号-2

网站首页 |投稿奖励 |友情链接 | 广告合作 | 网站地图 | 留言反馈 | 联系小易

?版权所有,盗版必究-|小易传媒工作室