Electricity supplier security talks about CMS Discuz and other open source website procedures vuln

in China now is easy to do a webmaster, open source Internet overwhelming station program can meet any of your needs; however, it is so hard to do a webmaster, web site every day to face a variety of known and unknown threats, open source cms or forum program is good, however more people, more research, there is a small hole, hit the official patch is not timely, on a website, that is the crowning calamity.

fortunately, thanks to our vast hacker circles friends, without them, I’m afraid the network was not so safe, our developers after being black numerous times, strengthening program again and again, and now want to find a discuz or phpcms loopholes, loopholes, Biden days of the estimation of the degree of difficulty is not much difference in the black market; of these, a few people to grasp the exploit program is also close to the price of the sale price.

Now the

CMS system is more and more intelligent, most developers learn foreign plug-in mode, the main program is very simple, it is a frame, then put the rest of the function modular form, users can use these features selectively, the benefits of doing so, one can make the system more streamlined secondly, CMS; can enhance the flexibility and expansibility of the system; then the plug-in does harm? The answer is yes, not bad, but also may give the webmaster friends bring

crowning calamity!

played the hacker’s friends all know, want a black website, just need to find a loophole in the program using this web site, upload a webshell can then control the entire site, but a lot of open source cms program, most of them plug-ins are developed by users to upload for everyone to share, of course, share is a good thing, however, some developers have an ulterior motive, such as hackers, made with the back door "special plug-in", and then released to the forum, waiting for users to download, install and insert these once the user use, hackers can control the entire website through the built-in backdoor! This is a bit like that the spread of the virus: Oh ~)


in the green union vulnerabilities open platform, we can see that many CMS plug-ins have a variety of problems, after all, most of the developers are amateur programmers.


look at this discuz plugin, there are actually simple SQL injection vulnerability! It is horrible! Do not use domestic discuz forum 50W users, even 1/3 users to install this plugin, we can’t imagine what will be the result of


as engaged in electricity supplier webmaster friends, how should we prevent plug-in vulnerabilities on the site,


, first of all, don’t download all kinds of plugins blindly