建站
咨询
售后
建站咨询
新闻中心
这里有您想知道的互联网营销解决方案
金山网盾远程代码执行漏洞及其它bug
由于金山网盾对恶意地址的处理不严,攻击者通过构造一个普通的挂马页面和一个特殊的URL,可以使操作系统执行任何命令。
站在用户的角度思考问题,与客户深入沟通,找到大厂网站设计与大厂网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:成都做网站、网站制作、企业官网、英文网站、手机端网站、网站推广、国际域名空间、虚拟空间、企业邮箱。业务覆盖大厂地区。
受影响的系统:
截至本文发布起的当前最新版本及其之前版本。
细节:
金山网盾的恶意提示部分UI是用网页代码编写的,在kwstray.exe得到恶意网址的时候,由于其处理方式的错误导致了XSS漏洞,同时利用软件中实现的某些功能,可以执行任何系统命令。具体分析如下:
在接收到恶意网址后,kwstray.exe采用了如下流程对字符进行了过滤处理
恶意网址 ——> HtmlEncode ——> unescape ——> 显示恶意信息
这个时候,假如攻击者估计在网址中包含html标签,那么很可能会导致XSS攻击。不过由于恶意网址首先进行了HtmlEncode处理,直接传入
基本
文件
流程
错误
SQL
调试
- 请求信息 : 2026-02-16 19:14:06 HTTP/1.1 GET : /article/dpgegjs.html
- 运行时间 : 0.0673s ( Load:0.0032s Init:0.0005s Exec:0.0593s Template:0.0042s )
- 吞吐率 : 14.86req/s
- 内存开销 : 2,214.85 kb
- 查询信息 : 12 queries 5 writes
- 文件加载 : 36
- 缓存信息 : 0 gets 2 writes
- 配置加载 : 130
- 会话信息 : SESSION_ID=jepsa834b0hh9ol5a0lmd16ph6
- /home/wwwroot/jxjierui.cn/index.php ( 1.12 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/ThinkPHP.php ( 4.61 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Think.class.php ( 12.26 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Storage.class.php ( 1.37 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Storage/Driver/File.class.php ( 3.52 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Mode/common.php ( 2.82 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Common/functions.php ( 53.56 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Hook.class.php ( 4.01 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/App.class.php ( 13.49 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Dispatcher.class.php ( 14.79 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Route.class.php ( 13.36 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Controller.class.php ( 11.23 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/View.class.php ( 7.59 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/BuildLiteBehavior.class.php ( 3.68 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ParseTemplateBehavior.class.php ( 3.88 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ContentReplaceBehavior.class.php ( 1.91 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Conf/convention.php ( 11.15 KB )
- /home/wwwroot/jxjierui.cn/App/Common/Conf/config.php ( 2.12 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Lang/zh-cn.php ( 2.55 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Conf/debug.php ( 1.48 KB )
- /home/wwwroot/jxjierui.cn/App/Home/Conf/config.php ( 0.32 KB )
- /home/wwwroot/jxjierui.cn/App/Home/Common/function.php ( 3.33 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ReadHtmlCacheBehavior.class.php ( 5.62 KB )
- /home/wwwroot/jxjierui.cn/App/Home/Controller/ArticleController.class.php ( 6.11 KB )
- /home/wwwroot/jxjierui.cn/App/Home/Controller/CommController.class.php ( 1.60 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Model.class.php ( 60.11 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php ( 32.43 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db/Driver/Pdo.class.php ( 16.74 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache.class.php ( 3.83 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php ( 5.87 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template.class.php ( 28.16 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template/TagLib/Cx.class.php ( 22.40 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template/TagLib.class.php ( 9.16 KB )
- /home/wwwroot/jxjierui.cn/App/Runtime/Cache/Home/7540f392f42b28b481b30614275e4e55.php ( 13.96 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/WriteHtmlCacheBehavior.class.php ( 0.97 KB )
- /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ShowPageTraceBehavior.class.php ( 5.24 KB )
- [ app_init ] --START--
- Run Behavior\BuildLiteBehavior [ RunTime:0.000005s ]
- [ app_init ] --END-- [ RunTime:0.000023s ]
- [ app_begin ] --START--
- Run Behavior\ReadHtmlCacheBehavior [ RunTime:0.000141s ]
- [ app_begin ] --END-- [ RunTime:0.000153s ]
- [ view_parse ] --START--
- [ template_filter ] --START--
- Run Behavior\ContentReplaceBehavior [ RunTime:0.000048s ]
- [ template_filter ] --END-- [ RunTime:0.000065s ]
- Run Behavior\ParseTemplateBehavior [ RunTime:0.003362s ]
- [ view_parse ] --END-- [ RunTime:0.003378s ]
- [ view_filter ] --START--
- Run Behavior\WriteHtmlCacheBehavior [ RunTime:0.000064s ]
- [ view_filter ] --END-- [ RunTime:0.000072s ]
- [ app_end ] --START--
- 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIMIT 1' at line 1 [ SQL语句 ] : SELECT `id`,`pid`,`navname` FROM `cx_nav` WHERE ( id= ) LIMIT 1
- 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIMIT 1' at line 1 [ SQL语句 ] : SELECT `id`,`navname` FROM `cx_nav` WHERE ( id= ) LIMIT 1
- 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 [ SQL语句 ] : SELECT `id`,`navname` FROM `cx_nav` WHERE ( pid= )
- [8] Undefined index: pid /home/wwwroot/jxjierui.cn/App/Home/Controller/ArticleController.class.php 第 47 行.
- [2] file_put_contents(./App/Runtime/Temp/fe9b045028fd6aa1ee32a206d80d4915.php): failed to open stream: Permission denied /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php 第 132 行.
- [8] Undefined index: db_host /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 120 行.
- [8] Undefined index: db_port /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 121 行.
- [8] Undefined index: db_name /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 122 行.
- [2] file_put_contents(./App/Runtime/Temp/736c516a2a2e04ece8178473fa6762cb.php): failed to open stream: Permission denied /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php 第 132 行.
0.0673s
