真的不知道怎么被挂马的啊

指纹

主站：PHP/5.2.17p1、ThinkPHP 3.1.3

8080端口有个wdcp

扫目录

wdcp

扫出点东西

[14:59:33] Starting: 
[14:59:37] 301 -  239B  - /js  ->  /js/
[14:59:48] 403 -  213B  - /.ht_wsr.txt
[14:59:48] 403 -  216B  - /.htaccess.bak1
[14:59:48] 403 -  216B  - /.htaccess.save
[14:59:48] 403 -  214B  - /.htaccess_sc
[14:59:48] 403 -  217B  - /.htaccess_extra
[14:59:48] 403 -  216B  - /.htaccess.orig
[14:59:48] 403 -  216B  - /.htaccess_orig
[14:59:48] 403 -  214B  - /.htaccessOLD
[14:59:48] 403 -  206B  - /.htm
[14:59:48] 403 -  207B  - /.html
[14:59:48] 403 -  218B  - /.htaccess.sample
[14:59:48] 403 -  214B  - /.htaccessBAK
[14:59:49] 403 -  216B  - /.htpasswd_test
[14:59:49] 403 -  212B  - /.htpasswds
[14:59:49] 403 -  213B  - /.httr-oauth
[14:59:48] 403 -  215B  - /.htaccessOLD2
[15:00:20] 301 -  242B  - /admin  ->  /admin/
[15:00:22] 403 -  208B  - /admin/
[15:00:48] 301 -  240B  - /api  ->  /api/
[15:00:49] 403 -  206B  - /api/
[15:01:07] 200 -  294B  - /cgi-bin/printenv
[15:01:07] 200 -  779B  - /cgi-bin/test-cgi
[15:01:24] 403 -  206B  - /data
[15:01:24] 403 -  213B  - /data/debug/
[15:01:24] 403 -  231B  - /data/DoctrineORMModule/Proxy/
[15:01:24] 403 -  215B  - /data/backups/
[15:01:25] 403 -  212B  - /data/logs/
[15:01:25] 403 -  216B  - /data/sessions/
[15:01:25] 403 -  218B  - /data/adminer.php
[15:01:25] 403 -  207B  - /data/
[15:01:25] 403 -  231B  - /data/DoctrineORMModule/cache/
[15:01:25] 403 -  213B  - /data/cache/
[15:01:26] 403 -  213B  - /data/files/
[15:01:26] 403 -  211B  - /data/tmp/
[15:01:33] 403 -  218B  - /data/autosuggest
[15:01:43] 200 -    4KB - /favicon.ico
[15:01:49] 301 -  240B  - /ftp  -> /ftp/
[15:01:54] 301 -  241B  - /help  ->  /help/
[15:01:54] 403 -  207B  - /help/
[15:01:59] 301 -  243B  - /images  ->  /images/
[15:01:59] 403 -  209B  - /images/
[15:01:59] 403 -  206B  - /inc/
[15:01:59] 301 -  240B  - /inc  ->  /inc/
[15:02:06] 403 -  205B  - /js/
[15:02:10] 200 -  838B  - /license.txt
[15:02:18] 301 -  243B  - /manual  ->  /manual/
[15:02:18] 200 -    7KB - /manual/index.html
[15:02:19] 301 -  243B  - /member  ->  /member/
[15:02:19] 403 -  209B  - /member/
[15:02:25] 301 -  242B  - /mysql  ->  /mysql/
[15:02:27] 403 -  208B  - /mysql/
[15:02:39] 301 -  247B  - /phpmyadmin  ->  /phpmyadmin/
[15:02:44] 401 -  966B  - /phpmyadmin/
[15:02:44] 401 -  966B  - /phpmyadmin/index.php
[15:02:44] 200 -    3KB - /phpmyadmin/README
[15:02:45] 200 -   11KB - /phpmyadmin/ChangeLog
[15:02:57] 200 -   74B  - /register.php
[15:03:00] 200 -   26B  - /robots.txt
[15:03:24] 403 -  212B  - /templates/
[15:03:24] 301 -  246B  - /templates  ->  /templates/
[15:03:33] 200 -    0B  - /user/
[15:03:34] 301 -  241B  - /user  ->  /user/

Task Completed

碰碰运气，看看phpmyadmin直接改状态码骗不过去

1

[09:54:15] Starting: admin/
[09:54:30] 403 -  219B  - /admin/.ht_wsr.txt
[09:54:30] 403 -  222B  - /admin/.htaccess.bak1
[09:54:30] 403 -  222B  - /admin/.htaccess.save
[09:54:30] 403 -  222B  - /admin/.htaccess.orig
[09:54:30] 403 -  224B  - /admin/.htaccess.sample
[09:54:30] 403 -  220B  - /admin/.htaccess_sc
[09:54:30] 403 -  223B  - /admin/.htaccess_extra
[09:54:30] 403 -  222B  - /admin/.htaccess_orig
[09:54:30] 403 -  220B  - /admin/.htaccessOLD
[09:54:30] 403 -  220B  - /admin/.htaccessBAK
[09:54:31] 403 -  219B  - /admin/.httr-oauth
[09:54:31] 403 -  218B  - /admin/.htpasswds
[09:54:32] 403 -  222B  - /admin/.htpasswd_test
[09:54:40] 403 -  221B  - /admin/.htaccessOLD2
[09:55:08] 301 -  245B  - /admin/_notes  ->  /admin/_notes/
[09:55:08] 200 -  516B  - /admin/_notes/dwsync.xml
[09:58:09] 200 -    4KB - /admin/mail.php

有个页面架构吧

真的啥也没有啊，都怀疑是不是古早时期挂马，然后被网信扫到然后下发通报的