In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
At present, Apple CMS officials are constantly upgrading patches, and the latest official bug patches have no effect on the new vulnerabilities that have broken out. Users who update the patch will still be attacked by hanging horses, so many customers come to our SINE Security to seek technical support for website security. We have unique security solutions for this vulnerability and protection against hanging horse attacks, including some undisclosed maccms POC vulnerabilities.
At present, maccms is officially reminded by Baidu URL Security Center that the site may be attacked by hackers, and some pages have been illegally tampered with! Access to Apple's official website has been suspended for special reasons, and access to the content is banned, but the updated URL of the upgrade patch can still be opened.
The screenshot is as follows:
Details of Apple CMS vulnerabilities:
Apple CMS V8 V10 version has code reinstallation vulnerabilities, code backdoor vulnerabilities and arbitrary file deletion vulnerabilities. Through the information security vulnerability notification of CNVD-2019-43865, you can confirm that maccms V10 has vulnerabilities, you can forge malicious code and send it to the back end of the website for execution, you can delete any files under the website directory, delete the configuration files that reinstall Apple CMS system, and cause the maccms system to be reinstalled. And during the installation process, insert sql injection code into the database to execute and obtain webshell and server permissions.
There is a backdoor loophole in the source code of Apple CMS V8 V10. Through the testing of our SINE security technology, we found that the reason for the backdoor is that Baidu searches Apple's official website, maccms official, and the sites that rank on the front page of Baidu search are all fake websites. The real official website address is www.maccms.com, including templates, pictures, and CSS exactly like the real official website. Many customers click on this shanzhai website to download the source code, which hides the Trojan backdoor file, which Ali Yun cannot detect.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
