Skip to content

关于wordpress4.7.1 漏洞-文章影响修复工具

Published 2017年9月3日

之前发现。莫名的被文章后面加了一段黑客的信息.仔细看了下,原来是4.7.1的一个漏洞导致

漏洞详情 参考:

http://www.cnblogs.com/adislj777/p/6980472.html

本人主语言不是php,所以使用java写的。

主要方法:

 

@Service
public class ReverMain {
    @Autowired
    private JdbcTemplate jdbcTemplate;

    public List<Post> getList(){
        String sql = "SELECT * from wp_posts where post_modified>'2017-02-22 00:00:47' and post_modified<'2017-02-23 00:00:47' and post_type='post'";
        return (List<Post>) jdbcTemplate.query(sql, new RowMapper<Post>(){
            @Override
            public Post mapRow(ResultSet rs, int rowNum) throws SQLException {
                Post post = new Post();
                post.setId(rs.getInt("ID"));
                return post;
            }
        });
    }

    public Post getLastOne(Integer id){
        String sql = " SELECT\n" +
                "    wp2.post_content\n" +
                "            FROM\n" +
                "    wp_posts wp2\n" +
                "    WHERE\n" +
                "    wp2.post_type = 'revision'\n" +
                "    AND wp2.post_parent = "+id+"\n" +
                "    AND (\n" +
                "            wp2.post_modified < '2017-02-22 00:00:47'\n" +
                "            OR wp2.post_modified > '2017-02-23 00:00:47'\n" +
                "    )\n" +
                "    ORDER BY\n" +
                "    wp2.post_modified DESC\n" +
                "    LIMIT 0,1";
        List<Post> list=jdbcTemplate.query(sql, new RowMapper<Post>(){
            @Override
            public Post mapRow(ResultSet rs, int rowNum) throws SQLException {
                Post post = new Post();
                post.setContent(rs.getString("post_content"));
                return post;
            }
        });
        if(list.size()==0){
            return null;
        }
        return list.get(0);
    }
    @Transactional
    public int update(String content,Integer id){
        String sql = "UPDATE wp_posts as wp\n" +
                "SET wp.post_modified = wp.post_date,\n" +
                " wp.post_modified_gmt = wp.post_date_gmt,\n" +
                "wp.post_content = ?  \n" +
                "WHERE\n" +
                "\twp.id = ?";
        int update=jdbcTemplate.update(sql,content,id);
        return update;
    }
}

主要的核心SQL为:

— 根据时间查询  被修改的文章

SELECT * from wp_posts where post_modified>’2017-02-22 00:00:47′ and post_modified<‘2017-02-23 00:00:47′ and post_type=’post’;

–找到最后一条非漏洞注入时间的记录(最后一条有效记录) id自行替换

SELECTSELECT wp2.post_content FROM wp_posts wp2 WHERE wp2.post_type = ‘revision’ AND wp2.post_parent = 584 AND ( wp2.post_modified < ‘2017-02-22 00:00:47’ OR wp2.post_modified > ‘2017-02-23 00:00:47’ ) ORDER BY wp2.post_modified DESC LIMIT 0,1-

–恢复正常的文章

UPDATE wp_posts as wpUPDATE wp_posts as wpSET wp.post_modified = wp.post_date, wp.post_modified_gmt = wp.post_date_gmt,wp.post_content = ‘TODO 根据上条SQL查询的结果’
WHERE wp.id = 584;

— 删除被黑的修订记录

DELETE  DELETE  FROM wp_posts wp2 WHERE wp2.post_type = ‘revision’ AND wp2.post_modified > ‘2017-02-22 00:00:47’ and wp2.post_modified < ‘2017-02-23 00:00:47’

Published in 似水流年

发表评论

电子邮件地址不会被公开。 必填项已用*标注