{"id":67965,"date":"2021-05-04T09:00:00","date_gmt":"2021-05-04T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=67965"},"modified":"2022-04-13T14:50:37","modified_gmt":"2022-04-13T06:50:37","slug":"%e7%b6%b2%e8%b7%af%e5%95%86%e5%ba%97%e7%ae%a1%e7%90%86%e8%80%85%e4%b8%80%e6%89%93%e9%96%8b%e7%b6%b2%e8%b7%af%e8%a8%82%e5%96%ae%e5%b0%b1%e8%a7%b8%e7%99%bc%e6%83%a1%e6%84%8f%e6%94%bb%e6%93%8a%e8%85%b3","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=67965","title":{"rendered":"\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u8005\u4e00\u6253\u958b\u7db2\u8def\u8a02\u55ae,\u5c31\u89f8\u767c\u60e1\u610f\u653b\u64ca\u8173\u672c-Water Pamola\u610f\u5716\u7aca\u53d6\u4fe1\u7528\u5361"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Water Pamola\u5c0d\u8a31\u591a\u76ee\u6a19\u7db2\u8def\u5546\u5e97\u90fd\u4e0b\u4e86\u5e36\u6709\u5167\u5d4cXSS\u8173\u672c\u7684\u8a02\u55ae\u3002\u4e00\u65e6\u7db2\u8def\u5546\u5e97\u5e36\u6709\u9019\u7a2eXSS\u6f0f\u6d1e\uff0c\u7576\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u8005\u5728\u7ba1\u7406\u5f8c\u53f0\u6253\u958b\u8a02\u55ae\u6642\u5c31\u6703\u8f09\u5165\u60e1\u610f\u8173\u672c\u3002<br>\u8a72\u8173\u672c\u57f7\u884c\u7684\u60e1\u610f\u884c\u70ba\u5305\u62ec\u9801\u9762\u64f7\u53d6\u3001\u5e33\u5bc6\u7db2\u8def\u91e3\u9b5a\u3001Web Shell\u611f\u67d3\u548c\u60e1\u610f\u8edf\u9ad4\u6d3e\u9001\u3002\u9019\u6ce2\u6d3b\u52d5\u7684\u76ee\u6a19\u53ef\u80fd\u662f\u7aca\u53d6\u4fe1\u7528\u5361\u8cc7\u6599, \u985e\u4f3c<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=63308\">\u5165\u4fb5\u6578\u5343\u5bb6\u7db2\u8def\u5546\u5e97\u7684<u>Magecart<\/u>\u76dc\u5361\u7d44\u7e54<\/a>\u60e1\u610f\u6d3b\u52d5\u3002<\/p><\/blockquote>\n\n\n\n<p>\u5f9e2019\u5e74\u958b\u59cb\uff0c<a href=\"https:\/\/t.rend.tw\/?i=OTQzMw\">\u8da8\u52e2\u79d1\u6280<\/a>\u5c31\u4e00\u76f4\u5728\u8ffd\u8e2a\u88ab\u7a31\u70baWater Pamola\u7684\u5a01\u8105\u6d3b\u52d5\u3002\u9019\u6d3b\u52d5\u6700\u521d\u662f\u5229\u7528\u593e\u5e36<a href=\"https:\/\/twitter.com\/_re_fox\/status\/1238188943587377155\">\u60e1\u610f\u9644\u4ef6<\/a>\u7684\u5783\u573e\u90f5\u4ef6\u4f86\u5165\u4fb5\u65e5\u672c\u3001\u6fb3\u6d32\u548c\u6b50\u6d32\u570b\u5bb6\u7684\u7db2\u8def\u5546\u5e97\u3002<\/p>\n\n\n\n<p>\u4f46\u662f\u5f9e2020\u5e74\u521d\u8d77\uff0c\u6211\u5011\u6ce8\u610f\u5230Water Pamola\u6d3b\u52d5\u767c\u751f\u4e86\u4e00\u4e9b\u8b8a\u5316\u3002\u73fe\u5728\u7684\u53d7\u5bb3\u8005\u4e3b\u8981\u51fa\u73fe\u5728\u65e5\u672c\u3002\u6839\u64da\u6700\u65b0\u7684\u76e3\u6e2c\u8cc7\u6599\uff0c\u653b\u64ca\u4e0d\u518d\u900f\u904e\u5783\u573e\u90f5\u4ef6\u767c\u52d5\u3002\u800c\u662f\u7576\u7ba1\u7406\u8005\u5728\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u5f8c\u53f0\u67e5\u770b\u5ba2\u6236\u8a02\u55ae\u6642\uff0c\u5c31\u6703\u89f8\u767c\u60e1\u610f\u8173\u672c\u57f7\u884c\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig1-waterpamola.jpg\" alt=\"\u57161. Water Pamola\u653b\u64ca\u93c8\" width=\"840\" height=\"441\"\/><figcaption>\u57161. Water Pamola\u653b\u64ca\u93c8<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"http:\/\/https\/\/t.rend.tw\/?i=MTA0NjM\"><img loading=\"lazy\" decoding=\"async\" width=\"540\" height=\"90\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/4-FB540x90-2.gif\" alt=\"\" class=\"wp-image-67991\"\/><\/a><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<!--more-->\n\n\n\n<p>\u7d93\u904e\u9032\u4e00\u6b65\u7684\u641c\u5c0b\uff0c\u6211\u5011\u6ce8\u610f\u5230\u4e00\u5bb6\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u8005\u8a62\u554f\u95dc\u65bc\u4e00\u500b\u5947\u602a<a href=\"https:\/\/xoops.ec-cube.net\/modules\/newbb\/viewtopic.php?topic_id=25580&amp;forum=11\">\u8a02\u55ae<\/a>\u7684\u554f\u984c\uff0c\u88e1\u9762\u4e00\u822c\u662f\u5ba2\u6236\u5730\u5740\u6216\u516c\u53f8\u540d\u7a31\u6b04\u4f4d\u7684\u5730\u65b9\u88ab\u63d2\u5165\u4e86JavaScript\u7a0b\u5f0f\u78bc\u3002\u6b64\u8173\u672c\u5f88\u53ef\u80fd\u662f\u5229\u7528\u5546\u5e97\u7ba1\u7406\u5f8c\u53f0\u7684<a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\">\u8de8\u7ad9\u8173\u672c\uff08XSS\uff09<\/a>\u6f0f\u6d1e\u555f\u52d5\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig2-waterpamola.jpg.png\" alt=\"\u57162. \u5728\u67d0\u8ad6\u58c7\u4e0a\u63d0\u51fa\u7684\u554f\u984c\uff0c\u88e1\u9762\u51fa\u73fe\u8207Pamola Water\u6709\u95dc\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\"\/><figcaption>\u57162. \u5728\u67d0\u8ad6\u58c7\u4e0a\u63d0\u51fa\u7684\u554f\u984c\uff0c\u88e1\u9762\u51fa\u73fe\u8207Pamola Water\u6709\u95dc\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u4e0a\u9762\u662f\u67d0<a href=\"https:\/\/xoops.ec-cube.net\/modules\/newbb\/viewtopic.php?topic_id=25580&amp;forum=11\">\u8ad6\u58c7<\/a>\u7684\u6587\u5b57\u622a\u5716\uff0cGoogle\u7ffb\u8b6f\u70ba\uff1a<em>\u554f\u984c\uff0c\u6709\u4e00\u500b\u8a02\u55ae\u4f3c\u4e4e\u662f\u500b\u60e1\u4f5c\u5287\u8a02\u55ae\u3002\u5728\u5730\u5740\u548c\u516c\u53f8\u540d\u7a31\u88e1\u5305\u542b\u4e0b\u5217\u5b57\u5143<\/em>\u3002<\/p>\n\n\n\n<p>\u8a72\u8173\u672c\u6703\u9023\u5230Water Pamola\u4f3a\u670d\u5668\u4e26\u4e0b\u8f09\u5176\u4ed6\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\u7d9c\u5408\u4f86\u770b\uff0c\u9019\u8b93\u6211\u5011\u76f8\u4fe1Water Pamola\u5c0d\u8a31\u591a\u76ee\u6a19\u7db2\u8def\u5546\u5e97\u90fd\u4e0b\u4e86\u5e36\u6709\u5167\u5d4cXSS\u8173\u672c\u7684\u8a02\u55ae\u3002\u4e00\u65e6\u7db2\u8def\u5546\u5e97\u5e36\u6709\u9019\u7a2eXSS\u6f0f\u6d1e\uff0c\u7576\u53d7\u5bb3\u8005\uff08\u5373\u76ee\u6a19\u5546\u5e97\u7ba1\u7406\u8005\uff09\u5728\u7ba1\u7406\u5f8c\u53f0\u6253\u958b\u8a02\u55ae\u6642\u5c31\u6703\u8f09\u5165\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u6536\u96c6\u4e86\u8a31\u591a\u50b3\u9001\u7d66\u4e0d\u540c\u76ee\u6a19\u7684\u653b\u64ca\u8173\u672c\u3002\u8173\u672c\u57f7\u884c\u7684\u60e1\u610f\u884c\u70ba\u5305\u62ec\u9801\u9762\u64f7\u53d6\u3001\u5e33\u5bc6\u7db2\u8def\u91e3\u9b5a\u3001Web Shell\u611f\u67d3\u548c\u60e1\u610f\u8edf\u9ad4\u6d3e\u9001\u3002<\/p>\n\n\n\n<p>\u6b64\u6d3b\u52d5\u4f3c\u4e4e\u662f\u70ba\u4e86\u6709\u5229\u53ef\u5716\u3002\u5728\u4e00\u500b\u6848\u4f8b\u4e2d\uff0c\u88abWater Pamola\u653b\u64ca\u7684\u7db2\u7ad9\u900f\u9732\u81ea\u5df1\u906d\u53d7\u4e86\u8cc7\u6599\u5916\u6d29\u3002\u4ed6\u5011\u7684\u4f3a\u670d\u5668\u88ab\u975e\u6cd5\u5b58\u53d6\uff0c\u5305\u62ec\u59d3\u540d\u3001\u4fe1\u7528\u5361\u865f\u3001\u5361\u7247\u5230\u671f\u65e5\u548c\u4fe1\u7528\u5361\u5b89\u5168\u78bc\u5728\u5167\u7684\u500b\u4eba\u8cc7\u6599\u53ef\u80fd\u88ab\u5916\u6d29\u3002\u9019\u6b21\u8cc7\u6599\u5916\u6d29\u4e8b\u4ef6\u53ef\u80fd\u8207Water Pamola\u6709\u95dc\uff0c\u6697\u793a\u4e86\u9019\u6ce2\u6d3b\u52d5\u7684\u76ee\u6a19\u662f\u7aca\u53d6\u4fe1\u7528\u5361\u8cc7\u6599\uff08\u985e\u4f3c<a href=\"https:\/\/blog.trendmicro.com.tw\/?s=%E7%B6%B2%E8%B7%AF%E5%95%86%E5%BA%97&amp;submit=Search\">Magecart<\/a>\u60e1\u610f\u6d3b\u52d5\uff09\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>XSS<\/strong><strong>\u653b\u64ca\u5206\u6790<\/strong><\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u5982\u524d\u6240\u8ff0\uff0cWater Pamola\u50b3\u9001\u5e36\u6709\u60e1\u610fXSS\u8173\u672c\u7684\u7dda\u4e0a\u8cfc\u7269\u8a02\u55ae\u4f86\u653b\u64ca\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u8005\u3002<\/p>\n\n\n\n<p>\u503c\u5f97\u4e00\u63d0\u7684\u662f\uff0c\u5b83\u5011\u7684\u76ee\u6a19\u4e26\u975e\u662f\u7279\u5b9a\u7684\u96fb\u5b50\u5546\u52d9\u6846\u67b6\uff0c\u800c\u662f\u6240\u6709\u7684\u96fb\u5b50\u5546\u52d9\u7cfb\u7d71\u3002\u53ea\u8981\u5546\u5e97\u7684\u96fb\u5b50\u5546\u52d9\u7cfb\u7d71\u5177\u6709XSS\u6f0f\u6d1e\uff0c\u90a3\u9ebc\u4e00\u65e6\u6709\u4eba\uff08\u5982\u7cfb\u7d71\u7ba1\u7406\u8005\u6216\u5546\u5e97\u54e1\u5de5\uff09\u958b\u555f\u4e86\u8a72\u8a02\u55ae\uff0c\u60e1\u610f\u8173\u672c\u5c31\u6703\u5728\u7ba1\u7406\u5f8c\u53f0\u88ab\u8f09\u5165\u4e26\u57f7\u884c\u3002<\/p>\n\n\n\n<p>\u9019\u4e9b\u8173\u672c\u662f\u7528\u4e00\u500b\u7a31\u70ba\u300c<a href=\"https:\/\/cloud.tencent.com\/developer\/article\/1677625\">XSS.ME<\/a>\u300d\u7684XSS\u653b\u64ca\u6846\u67b6\u4f86\u7ba1\u7406\uff0c\u6b64\u6846\u67b6\u53ef\u4ee5\u5e6b\u653b\u64ca\u8005\u8655\u7406\u5176\u653b\u64ca\u8173\u672c\u548c\u7aca\u53d6\u8cc7\u8a0a\u3002\u8a72\u6846\u67b6\u7684\u539f\u59cb\u78bc\u5206\u4eab\u5728\u8a31\u591a\u4e2d\u570b\u8ad6\u58c7\u4e0a\u3002\u8a72\u6846\u67b6\u63d0\u4f9b\u7684\u57fa\u672c\u653b\u64ca\u8173\u672c\u53ef\u4ee5\u56de\u5831\u53d7\u5bb3\u8005\u7684\u4f4d\u7f6e\u548c\u700f\u89bd\u5668Cookie\u3002<a href=\"https:\/\/t.rend.tw\/?i=OTQzMw\">\u8da8\u52e2\u79d1\u6280<\/a>\u89c0\u5bdf\u5230\u653b\u64ca\u6642\u6240\u7528\u7684\u8173\u672c\u7d93\u904e\u4e86\u5ba2\u88fd\u5316\u3002\u653b\u64ca\u8005\u50b3\u9001\u4e86\u591a\u7a2e\u4e0d\u540c\u7684XSS\u8173\u672c\uff0c\u88e1\u9762\u5305\u62ec\u4ee5\u4e0b\u4e00\u7a2e\u6216\u591a\u7a2e\u884c\u70ba\uff1a<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u7db2\u9801\u64f7\u53d6<\/strong><\/h4>\n\n\n\n<p><br>\u8a72\u8173\u672c\u5411\u6307\u5b9a\u7db2\u5740\u767c\u9001HTTP GET\u8acb\u6c42\uff0c\u4e26\u5c07\u6536\u5230\u7684\u56de\u61c9\u8f49\u9001\u5230Water Pamola\u7684\u4f3a\u670d\u5668\u3002\u9019\u901a\u5e38\u7528\u5728\u653b\u64ca\u65e9\u671f\u968e\u6bb5\uff0c\u4f86\u5f9e\u53d7\u5bb3\u8005\u7684\u7ba1\u7406\u9801\u9762\u64f7\u53d6\u5167\u5bb9\u3002\u9019\u6a23\u53ef\u4ee5\u8b93\u99ed\u5ba2\u4e86\u89e3\u74b0\u5883\u4e26\u8a2d\u8a08\u9069\u5408\u53d7\u5bb3\u8005\u74b0\u5883\u7684\u653b\u64ca\u8173\u672c\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig3-waterpamola.jpg.png\" alt=\"\u57163. \u7528\u4f86\u53d6\u5f97\u7db2\u9801\u5167\u5bb9\u4e26\u56de\u50b3\u7d66\u653b\u64ca\u8005\u7684\u8173\u672c\"\/><figcaption>\u57163. \u7528\u4f86\u53d6\u5f97\u7db2\u9801\u5167\u5bb9\u4e26\u56de\u50b3\u7d66\u653b\u64ca\u8005\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5e33\u5bc6\u7db2\u8def\u91e3\u9b5a<\/strong><\/h4>\n\n\n\n<p><br>\u67d0\u4e9b\u8173\u672c\u986f\u793a\u51fa\u8a72\u6d3b\u52d5\u8a66\u5716\u7528\u5169\u7a2e\u4e0d\u540c\u65b9\u6cd5\u4f86\u7372\u53d6\u96fb\u5b50\u5546\u52d9\u7db2\u7ad9\u7684\u7ba1\u7406\u8005\u5e33\u5bc6\u3002\u7b2c\u4e00\u7a2e\u662f\u5728\u7db2\u9801\u4e0a\u52a0\u5165\u5047\u767b\u5165\u8868\u55ae\u3002\u6b64\u8173\u672c\u6703hook\u6ed1\u9f20\u9ede\u64ca\u4e8b\u4ef6\u3002\u53ea\u8981\u53d7\u5bb3\u8005\u5728\u5047\u8868\u55ae\u8f38\u5165\u5e33\u5bc6\u4e26\u9ede\u64ca\u7db2\u9801\u4e0a\u7684\u4efb\u4f55\u4f4d\u7f6e\uff0c\u5247\u8173\u672c\u5c31\u6703\u53d6\u5f97\u5e33\u5bc6\uff0c\u5229\u7528base64\u9032\u884c\u7de8\u78bc\uff0c\u7528\u5ba2\u88fd\u5316\u5b57\u4e32\u66ff\u63db\u67d0\u4e9b\u5b57\u5143\uff0c\u7136\u5f8c\u4e0a\u50b3\u5230Water Pamola\u7684\u4f3a\u670d\u5668\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig4-waterpamola.jpg.png\" alt=\"\u57164. \u5efa\u7acb\u548c\u522a\u9664\u5047\u767b\u5165\u8868\u55ae\u4ee5\u9032\u884c\u5e33\u5bc6\u7db2\u8def\u91e3\u9b5a\u7684\u8173\u672c\"\/><figcaption>\u57164. \u5efa\u7acb\u548c\u522a\u9664\u5047\u767b\u5165\u8868\u55ae\u4ee5\u9032\u884c\u5e33\u5bc6\u7db2\u8def\u91e3\u9b5a\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u53e6\u4e00\u7a2e\u65b9\u6cd5\u662f\u986f\u793a\u6388\u6b0a\u932f\u8aa4\u8a0a\u606f\uff0c\u7136\u5f8c\u5c07\u4f7f\u7528\u8005\u5c0e\u5411\u6703\u8981\u6c42\u4f7f\u7528\u8005\u8f38\u5165\u5176\u5e33\u865f\u5bc6\u78bc\u7684\u91e3\u9b5a\u7db2\u7ad9\u3002\u91e3\u9b5a\u7db2\u7ad9\u7684\u5b50\u7db2\u57df\u6703\u8a2d\u5b9a\u6210\u7b26\u5408\u76ee\u6a19\u7684\u7db2\u57df\u540d\u7a31\uff0c\u5982\u300c\u201c{victim\u2019s domain}[.]basic-authentication[.]live\u201d\u300d\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig5-waterpamola.jpg.png\" alt=\" \u5c07\u7db2\u9801\u5167\u5bb9\u66ff\u63db\u6210\u6388\u6b0a\u932f\u8aa4\u8a0a\u606f\u4e26\u5c07\u4f7f\u7528\u8005\u5c0e\u5411\u91e3\u9b5a\u7db2\u7ad9\u7684\u8173\u672c\"\/><\/figure>\n\n\n\n<p>\u57165. \u5c07\u7db2\u9801\u5167\u5bb9\u66ff\u63db\u6210\u6388\u6b0a\u932f\u8aa4\u8a0a\u606f\u4e26\u5c07\u4f7f\u7528\u8005\u5c0e\u5411\u91e3\u9b5a\u7db2\u7ad9\u7684\u8173\u672c<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Webshell\/PHP<\/strong><strong>\u5f8c\u9580\u6ce8\u5165<\/strong><\/h4>\n\n\n\n<p><br>\u6709\u4e9b\u60e1\u610f\u8173\u672c\u6703\u8a66\u5716\u5b89\u88dd\u5f8c\u9580\u7a0b\u5f0f\u5230\u7528<a href=\"https:\/\/www.ec-cube.net\/\">EC-CUBE<\/a>\u6846\u67b6\u5efa\u7acb\u7684\u7db2\u7ad9\u4e0a\uff0c\u6b64\u6846\u67b6\u5728\u65e5\u672c\u5f88\u6d41\u884c\u3002\u6211\u5011\u767c\u73fe\u7684\u653b\u64ca\u65b9\u5f0f\u53ea\u9069\u7528\u65bcEC-CUBE\u7684Series 2\u3002\u7576\u524d\u7684\u7248\u672c\u662fSeries 4\uff0cSeries 2\u76ee\u524d\u8655\u5728\u5ef6\u4f38\u652f\u63f4\u968e\u6bb5\u3002<\/p>\n\n\n\n<p>\u6709\u4e09\u7a2e\u4e0d\u540c\u65b9\u6cd5\u88ab\u7528\u4f86\u4e0a\u50b3\u5f8c\u9580\u7a0b\u5f0f\u3002\u7b2c\u4e00\u7a2e\u662f\u547c\u53eb\u6846\u67b6\u63d0\u4f9b\u7684\u672c\u6a5fAPI\u4f86\u4e0a\u50b3PHP Web Shell\u6a94\u6848\u3002Web Shell\u6a94\u6848\u540d\u7a31\u70ba\u300cec_ver.php\u300d\u3001\u300clog3.php\u300d\u6216\u300ctemp.php\u300d\u3002Web Shell\u53ef\u4ee5\u57f7\u884c\u4efb\u4f55\u900f\u904eHTTP POST\u8acb\u6c42\u767c\u9001\u7d66Web Shell\u7684PHP\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n<p>\u8acb\u6ce8\u610f\u57166\u7684\u87a2\u5e55\u622a\u5716\uff1a\u5728\u6b64<a href=\"http:\/\/achineseboy.com\/archives\/49\">\u4e2d\u6587\u90e8\u843d\u683c<\/a>\u4e2d\u63d0\u5230\u5177\u6709\u76f8\u540c\u300conly_pcd\u300d\u95dc\u9375\u5b57\u7684\u76f8\u540cWeb Shell\u3002\u8a72\u6587\u7ae0\u63cf\u8ff0\u4e86\u4e00\u500b\u6709\u5169\u500b\u7d44\u4ef6\u7684Web Shell \u2013 \u4e00\u500bPHP\u8173\u672c\u548c\u4e00\u500bHTML\u4e0a\u50b3\u7528\u6a94\u6848\uff0c\u4e0d\u904e\u7b2c\u4e8c\u500b\u7d44\u4ef6\u4e26\u4e0d\u9700\u8981\uff0c\u56e0\u70ba\u53ef\u4ee5\u7528\u4efb\u4f55\u5ba2\u88fd\u5316\u6216\u7b2c\u4e09\u65b9\u5de5\u5177\uff08\u5982Fiddler\uff09\u4f86\u5efa\u7acb\u6b63\u78ba\u7684POST\u8acb\u6c42\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig6-waterpamola.jpg.png\" alt=\"\u57166. \u7528\u4f86\u5c07PHP Web Shell\u4e0a\u50b3\u5230\u96fb\u5b50\u5546\u52d9\u7db2\u7ad9\u7684\u8173\u672c\"\/><figcaption>\u57166. \u7528\u4f86\u5c07PHP Web Shell\u4e0a\u50b3\u5230\u96fb\u5b50\u5546\u52d9\u7db2\u7ad9\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u7b2c\u4e8c\u7a2e\u65b9\u6cd5\u662f\u4fee\u6539\u7db2\u9801\u6a19\u982d\u4f86\u6ce8\u5165PHP\u7a0b\u5f0f\u78bc\uff0c\u6b64\u7a0b\u5f0f\u78bc\u6703\u57f7\u884cHTTP\u8acb\u6c42\u4e2d\u53c3\u6578\u300cec_ver2update\u300d\u767c\u9001\u7684\u4efb\u4f55PHP\u7a0b\u5f0f\u78bc\u3002\u8acb\u6ce8\u610f\uff0c\u4e0b\u9762\u7684PHP\u7a0b\u5f0f\u78bc\u7d93\u904e\u6df7\u6dc6\u8655\u7406\u904e\u3002\u9996\u5148\uff0c$IDFX\u8b8a\u6578\u7528XOR\u64cd\u4f5c\uff08\u898b\u5b57\u5143^\uff09\u4f86\u89e3\u78bc\u5b57\u4e32\u300ccreate_function\u300d\uff0c\u7136\u5f8c\u5c07\u7522\u751f\u7684base64\u5b57\u4e32\u89e3\u78bc\u70ba<strong>@eval($_REQUEST[&#8216;ec_ver2update&#8217;])<\/strong>\uff1b\u9019\u662f\u5f8c\u9580\u7a0b\u5f0f\u78bc\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig7-waterpamola.jpg.png\" alt=\"\u57167. \u7528\u4f86\u4fee\u6539\u5546\u5e97\u7db2\u9801\u6a19\u982d\u4ee5\u6ce8\u5165Web Shell\u7684\u8173\u672c\"\/><figcaption>\u57167. \u7528\u4f86\u4fee\u6539\u5546\u5e97\u7db2\u9801\u6a19\u982d\u4ee5\u6ce8\u5165Web Shell\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u7b2c\u4e09\u7a2e\u65b9\u6cd5\u662f\u5728\u96fb\u5b50\u5546\u52d9\u6846\u67b6\u5167\u5b89\u88ddMakePlugin.tar.gz\u5167\u7684\u60e1\u610f\u5916\u639b\u3002\u8a72\u5916\u639b\u662f\u7528\u4f86\u5c07\u591a\u500bPHP Web Shell\u6a94\u6848\u690d\u5165\u4f3a\u670d\u5668\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig8-waterpamola.jpg.png\" alt=\"\u57168. \u7528\u4f86\u4e0a\u50b3\u548c\u5b89\u88dd\u60e1\u610f\u5916\u639b\u6a94MakePlugin.tar.gz\u7684\u8173\u672c\"\/><figcaption>\u57168. \u7528\u4f86\u4e0a\u50b3\u548c\u5b89\u88dd\u60e1\u610f\u5916\u639b\u6a94MakePlugin.tar.gz\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"The malicious plugin installs several files with web shells\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig9-waterpamola.jpg.png\" alt=\"\u57169. \u60e1\u610f\u5916\u639b\u4f7f\u7528Web Shell\u5b89\u88dd\u4e86\u6578\u500b\u6a94\u6848\"\/><figcaption>\u57169. \u60e1\u610f\u5916\u639b\u4f7f\u7528Web Shell\u5b89\u88dd\u4e86\u6578\u500b\u6a94\u6848<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u60e1\u610f\u8edf\u9ad4\u6d3e\u9001<\/strong><\/h4>\n\n\n\n<p><br>\u5728\u6b64\u6848\u4f8b\u4e2d\uff0c\u653b\u64ca\u8173\u672c\u6703\u986f\u793a\u4e00\u500b\u8b66\u544a\u63d0\u793a\uff0c\u4e0a\u9762\u5beb\u8457\uff1a\u300c\u4f60\u7684Flash\u7248\u672c\u592a\u820a\uff0c\u8acb\u5b89\u88dd\u6700\u65b0\u7248\u672c\u518d\u91cd\u8a66\uff01\u300d\u7136\u5f8c\u5c07\u53d7\u5bb3\u8005\u5c0e\u5411\u4ed6\u5011\u6240\u63a7\u5236\u7684\u5047Flash\u5b89\u88dd\u7a0b\u5f0f\u4e0b\u8f09\u7db2\u7ad9\u3002\uff08\u8acb\u6ce8\u610f\uff0cAdobe\u5df2\u5ba3\u5e03\u81ea<a href=\"https:\/\/www.adobe.com\/products\/flashplayer\/end-of-life.html\">2020\u5e7412\u670831\u65e5<\/a>\u8d77\u7d42\u6b62\u652f\u63f4Flash\u3002\uff09<\/p>\n\n\n\n<p>\u5982\u679c\u53d7\u5bb3\u8005\u4e0b\u8f09\u4e26\u57f7\u884c\u6b64\u9801\u9762\u7684\u5b89\u88dd\u7a0b\u5f0f\uff0c\u5c31\u6703\u611f\u67d3Gh0stRat\u60e1\u610f\u8edf\u9ad4\u8b8a\u7a2e\uff0c\u4e4b\u524d\u4e5f\u88ab\u7a31\u70ba<a href=\"https:\/\/www.binarydefense.com\/gh0stcringeformerly-cirenegrat\/\">Gh0stCringe\u6216CineregRAT<\/a>\u3002\u6b64\u9060\u7aef\u5b58\u53d6\u6728\u99ac\u7684\u7a0b\u5f0f\u78bc\u662f\u57fa\u65bc\u6d41\u51fa\u7684Gh0st RAT\u539f\u59cb\u78bc\uff1b\u4e0d\u904e\u7db2\u8def\u6d41\u91cf\u7684\u52a0\u5bc6\u6709\u7d93\u904e\u5ba2\u88fd\u5316\uff0c\u4e26\u4e14\u65b0\u589e\u4e86\u4e00\u4e9b\u529f\u80fd\uff08\u5982\u7aca\u53d6QQ\u865f\u78bc\uff09\u3002\u8207\u6b64\u6d3b\u52d5\u6709\u95dc\u7684Gh0st RAT\u6a23\u672c\u662f\u6df7\u6dc6\u904e\u7684\u57f7\u884c\u6a94\uff0c\u6703\u5728\u8a18\u61b6\u9ad4\u5167\u89e3\u5bc6\u4e3b\u8981\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\uff0c\u4e26\u57f7\u884c\u540d\u70ba\u300cShellex\u300d\u7684\u4e3b\u8981\u532f\u51fa\u51fd\u5f0f\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig10-waterpamola.jpg.png\" alt=\"\u571610. \u986f\u793a\u932f\u8aa4\u8a0a\u606f\u4e26\u91cd\u65b0\u5c0e\u5411\u5047Flash\u5b89\u88dd\u7a0b\u5f0f\u7684\u8173\u672c\"\/><figcaption>\u571610. \u986f\u793a\u932f\u8aa4\u8a0a\u606f\u4e26\u91cd\u65b0\u5c0e\u5411\u5047Flash\u5b89\u88dd\u7a0b\u5f0f\u7684\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig11-waterpamola.jpg.png\" alt=\"The fake Flash installer download website\"\/><figcaption>\u571611. \u5047Flash\u5b89\u88dd\u7a0b\u5f0f\u4e0b\u8f09\u7db2\u7ad9<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5047Flash<\/strong><strong>\u5b89\u88dd\u7a0b\u5f0f\u5206\u6790<\/strong><\/h4>\n\n\n\n<p><br>\u5982\u524d\u6240\u8ff0\uff0cXSS\u653b\u64ca\u8173\u672c\u5c07\u53d7\u5bb3\u8005\u5c0e\u5411\u5047Flash\u4e0b\u8f09\u7db2\u7ad9\u3002\u9ede\u64ca\u5b89\u88dd\u5f8c\u6703\u4e0b\u8f09\u4e00\u500b.ZIP\u58d3\u7e2e\u6a94\uff0c\u88e1\u9762\u5305\u542b\u4e86\u5408\u6cd5\u6a94\u6848\u53ca\u60e1\u610f\u6a94\u6848\uff0c\u9019\u4e9b\u6a94\u6848\u901a\u5e38\u662fDLL\u683c\u5f0f\u3002\u7576\u57f7\u884c\u5408\u6cd5\u6a94\u6848\u6642\u6703\u8f09\u5165\u9019\u4e9b\u7a0b\u5f0f\u5eab\u6a94\u6848\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"The package of downloaded Flash installer\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig12-waterpamola.jpg.png\" alt=\"\u571612. \u4e0b\u8f09\u7684Flash\u5b89\u88dd\u7a0b\u5f0f\"\/><figcaption>\u571612. \u4e0b\u8f09\u7684Flash\u5b89\u88dd\u7a0b\u5f0f<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u5728\u6b64\u6a23\u672c\u4e2d\uff0cAdobeAirFlashInstaller.exe\uff08\u5408\u6cd5\u6a94\u6848\uff09\u6703\u8f09\u5165xerces-c_2_1_0_0.dll\uff08\u4fee\u6539\u904e\u7684\u5408\u6cd5\u6a94\u6848\uff09\uff0c\u7136\u5f8c\u518d\u8f09\u5165ulibs.dll\uff08\u60e1\u610f\u6a94\u6848\uff09\u3002Ulibs.dll\u6703\u8f09\u5165\u4e00\u500bAdob.dll\uff08\u9019\u5176\u5be6\u662f\u500bZIP\u58d3\u7e2e\u6a94\uff09\u3002\u89e3\u58d3\u7e2eAdob.dll\u5167\u5bb9\u5f8c\u6703\u986f\u793a\u4e26\u57f7\u884c\u5169\u500b\u5408\u6cd5\u4e14\u7d93\u904e\u7c3d\u7ae0\u7684\u57f7\u884c\u6a94\uff0c\u7136\u5f8c\u518d\u9032\u884c\u4e00\u904d\u985e\u4f3c\u7684\u8f09\u5165\u904e\u7a0b\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"The package inside Adob.dll\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig13-waterpamola.jpg.png\" alt=\"\u571613. Adob.dll\u5167\u5bb9\"\/><figcaption>\u571613. Adob.dll\u5167\u5bb9<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u5728\u9019\u88e1\uff0csvchost.exe\uff08\u4f86\u81ea\u9a30\u8a0a\u7684\u5408\u6cd5\u7c3d\u7ae0\u904eLauncher.exe\u6a94\u6848\u7684\u91cd\u65b0\u547d\u540d\u7248\uff09\u6703\u8f09\u5165Utility.dll\uff08\u4fee\u6539\u904e\u7684\u5408\u6cd5\u6a94\u6848\uff09\u3002\u6b64\u6a94\u6848\u5305\u542b\u4e00\u500b\u540d\u70ba.newimp\uff08new import\uff09\u7684\u65b0\u5206\u6bb5\uff0c\u52a0\u5165\u53c3\u7167oplib.dll\u7a0b\u5f0f\u5eab\u7684\u65b0\u532f\u5165\u9805\u3002\u7136\u5f8c\u6703\u8f09\u5165\u6b64oplib.dll\u7a0b\u5f0f\u5eab\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig14-waterpamola.jpg.png\" alt=\"Oplib.dll side-loading\"\/><figcaption>\u571614. \u8f09\u5165Oplib.dll<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6b64\u65b0\u532f\u5165\u9805\u5f88\u53ef\u80fd\u662f\u900f\u904e\u540d\u70baStud_PE\u7684\u5de5\u5177\u624b\u52d5\u52a0\u5165\u3002\u8a72\u5de5\u5177\u6709\u500bImport Adder\u7684\u529f\u80fd\uff0c\u800c\u300c.newimp\u300d\u662f\u5305\u542b\u65b0\u52a0\u532f\u5165\u9805\u7684\u65b0\u5206\u6bb5\u9810\u8a2d\u540d\u7a31\u3002\u63a5\u8457Olibi.dll\u6703\u5f9eWindowsfiles\u8cc7\u6599\u593e\u8f09\u5165\u4e00\u500blib.DAT\u6a94\u6848\uff0c\u89e3\u78bc\u548c\u89e3\u5bc6\u5167\u5bb9\uff08\u4f7f\u7528\u5341\u516d\u9032\u4f4d\u5b57\u4e32\uff1bXOR 0x42\uff09\u5f8c\u8f09\u5165\u5230\u65b0\u5efa\u7acb\u7684svchost.exe\u7a0b\u5e8f\u3002\u6b64\u5916\uff0c\u9084\u6703\u8a2d\u5b9a\u900f\u904e\u8a2d\u5b9a\u767b\u9304\u6a94\u548c\u5de5\u4f5c\u6392\u7a0b\u4f86\u9054\u5230\u6301\u7e8c\u6027\u7684\u76ee\u7684\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig15-waterpamola.jpg.png\" alt=\"XOR routine and svchost injection\"\/><figcaption>\u571615. XOR\u64cd\u4f5c\u548csvchost\u6ce8\u5165<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6700\u5f8c\uff0c\u6b64\u611f\u67d3\u93c8\u7684\u6700\u5f8c\u4e00\u6b65\u662fGh0st RAT\u8b8a\u7a2e\u3002\u5b83\u6703\u7528Socket\u9023\u7ddaC&amp;C\uff0c\u4e26\u4f7f\u7528\u7c21\u55ae\u7684SUB 0x46\uff0cXOR 0x19\u52a0\u5bc6\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig16-waterpamola.jpg.png\" alt=\"XOR routine that encrypts C&amp;C communication\"\/><figcaption>\u571616. \u52a0\u5bc6C&amp;C\u901a\u8a0a\u7684XOR\u64cd\u4f5c<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig17-waterpamola.jpg.png\" alt=\"A packetFlag \u201cxy\u201d was found inside this Gh0st RAT variant\"\/><figcaption>\u571617. \u5728\u6b64Gh0st RAT\u8b8a\u7a2e\u4e2d\u767c\u73fepacketFlag \u201cxy\u201d<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u6b64Gh0st RAT\u8b8a\u7a2e\u65b0\u52a0\u4e86\u7528\u4f86\u7aca\u53d6QQ\u4f7f\u7528\u8005\u8cc7\u8a0a\u7684\u529f\u80fd\uff0c\u4f8b\u5982\u5728\u9078\u5b9a\u96fb\u8166\u4e0a\u7684\u4f7f\u7528\u8005\u5217\u8868\u53ca\u5176QQ\u865f\u78bc\u3002<\/p>\n\n\n\n<p>\u5728<a href=\"https:\/\/www.bilibili.com\/read\/cv2715942\/\">\u9019\u88e1<\/a>\u63d0\u5230\u5e95\u4e0b\u7684\u7a0b\u5f0f\u78bc\u6703\u53d6\u5f97\u76ee\u524d\u96fb\u8166\u4e0a\u767b\u5165\u7684QQ\u865f\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig18-waterpamola.jpg.png\" alt=\"\u571618. \u7528\u4f86\u53d6\u5f97\u4f7f\u7528\u8005QQ\u865f\u78bc\u7684\u7a0b\u5f0f\u78bc\"\/><figcaption><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders\/fig18-waterpamola2.png\" alt=\"Continuation of the code used to obtain user QQ numbers\"><\/figcaption><\/figure>\n\n\n\n<p>\u571618. \u7528\u4f86\u53d6\u5f97\u4f7f\u7528\u8005QQ\u865f\u78bc\u7684\u7a0b\u5f0f\u78bc<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u4fdd\u8b77\u96fb\u5b50\u5546\u52d9\u5e73\u53f0\u62b5\u79a6Water Pamola<\/strong><strong>\u653b\u64ca<\/strong><\/h3>\n\n\n\n<p><br>Water Pamola\u900f\u904e\u5c07XSS\u8173\u672c\u52a0\u9032\u8cfc\u7269\u8a02\u55ae\u4f86\u653b\u64ca\u7db2\u8def\u5546\u5e97\u3002\u9084\u6703\u5229\u7528<a href=\"http:\/\/blog.trendmicro.com.tw\/?p=101\">\u793e\u4ea4\u5de5\u7a0b social engineering \uff09<\/a>\u4f86\u8a98\u9a19\u5e33\u5bc6\u6216\u63d0\u793a\u4e0b\u8f09\u9060\u7aef\u5b58\u53d6\u5de5\u5177\u3002\u7db2\u8def\u5546\u5e97\u7ba1\u7406\u8005\u61c9\u8a72\u8981\u8a8d\u8b58\u5230\u653b\u64ca\u4e0d\u50c5\u6703\u4f86\u81ea\u5783\u573e\u90f5\u4ef6\uff0c\u9084\u53ef\u80fd\u4f86\u81ea\u610f\u6599\u4e4b\u5916\u7684\u611f\u67d3\u5a92\u4ecb\u3002\u540c\u6642\u5efa\u8b70\u7ba1\u7406\u8005\u8981\u78ba\u4fdd\u66f4\u65b0\u7db2\u7ad9\u6240\u7528\u7684\u96fb\u5b50\u5546\u52d9\u5e73\u53f0\u7248\u672c\uff0c\u9632\u6b62\u4efb\u4f55\u53ef\u80fd\u7684\u6f0f\u6d1e\u653b\u64ca\uff08\u5305\u62ecXSS\uff09\u3002<\/p>\n\n\n\n<p>\u4f01\u696d\u53ef\u4ee5\u7528\u8da8\u52e2\u79d1\u6280\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848\uff08\u5982<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/user-protection.html\">\u8da8\u52e2\u79d1\u6280Smart Protection Suites<\/a>\u548c<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/small-business\/worry-free-services.html\">Worry-Free Business Security<\/a>\uff09\u4f86\u5f97\u5230\u4fdd\u8b77\u3002\u900f\u904e\u5075\u6e2c\u60e1\u610f\u6a94\u6848\u548c\u5783\u573e\u90f5\u4ef6\uff0c\u4ee5\u53ca\u5c01\u9396\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u4f7f\u7528\u8005\u548c\u4f01\u696d\u514d\u65bc\u5a01\u8105\u3002<\/p>\n\n\n\n<p>\u5165\u4fb5\u6307\u6a19\u53ef\u4ee5\u5728\u6b64<a href=\"https:\/\/documents.trendmicro.com\/assets\/Appendix_Water-Pamola-Attacked-Online-Shops-Via-Malicious-Orders.pdf\">\u9644\u9304<\/a>\u4e2d\u53d6\u5f97\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/d\/water-pamola-attacked-online-shops-via-malicious-orders.html\">Water Pamola Attacked Online Shops Via Malicious Orders<\/a> \u4f5c\u8005\uff1aJaromir Horejsi\uff0cJoseph C Chen<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Water Pamola\u5c0d\u8a31\u591a\u76ee\u6a19\u7db2\u8def\u5546\u5e97\u90fd\u4e0b\u4e86\u5e36\u6709\u5167\u5d4cXSS\u8173\u672c\u7684\u8a02\u55ae\u3002\u4e00\u65e6\u7db2\u8def\u5546\u5e97\u5e36\u6709\u9019\u7a2eXSS\u6f0f\u6d1e\uff0c\u7576\u7db2 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[10,46,2452],"tags":[498,4580],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67965"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=67965"}],"version-history":[{"count":2,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67965\/revisions"}],"predecessor-version":[{"id":67997,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67965\/revisions\/67997"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=67965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=67965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=67965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}