HUIDU.io- Find Resources, Discuss Cooperation, Join HUIDU

開源網頁應用程式框架ThinkPHP已知漏洞遭到利用，中國駭客將其用於部署名為Dama的Web Shell

Share

支付動態

2024-06-07

中國駭客鎖定ThinkPHP開發的網頁應用程式下手，一旦成功入侵，將對其植入名為Dama的Web Shell。值得留意的是，過程中對方利用兩項已公布5年以上的漏洞CVE-2018-20062、CVE-2019-9082，來從事攻擊行動

此外，該後門工具還能讓攻擊者掃描網路連接埠，或是對資料庫及伺服器的資料進一步存取，甚至能濫用Windows工作排程器設定WMI組態，新增高權限使用者。

而對於攻擊來源，研究人員指出惡意酬載來自位於香港的伺服器，而這臺伺服器也被部署了Dama。對此，他們研判，受害伺服器一旦遭到入侵，就有可能被攻擊者納入基礎架構的節點。

Popular selection

Are you ready to maximize your earnings? Try ProPush.me Constructor!

SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda

JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11

Indiana online casino bill stalls in House committee

Institutional Academy that exceeded expectations marked the opening of GAT CDMX

HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!

PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months

Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking

Vietnam's tightening online gaming policy creates new market opportunities

British gambling levy rates confirmed for each vertical

GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry

Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says

Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags

Full House at GAT Expo Cartagena 2026 Academic Agenda

GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat

Disclaimer：

Details

GROWTH DRIVEN GLOBAL PTE. LTD. 202618650K

101 THOMSON ROAD, #28-03A, UNITED SQUARE, SINGAPORE 307591

[email protected]

Copyright 2026 HuiDu

About HUIDU Contact Us Disclaimer Terms Privacy Policy Terms of Use Integrity Reporting Law Enforcement Requests