2026.3.21 WePan WeTrade Forex Trading Platform Security Vulnerability Fix: ThinkPHP SQL Injection and Malicious Code Removal Guide

Abstract

This article records in detail the complete process of security vulnerability fixes for the WePan WeTrade forex trading platform, providing practical reference for developers.

───

1. Platform Overview

WePan WeTrade is a mobile forex options trading platform developed based on ThinkPHP 5 framework, supporting trading of various financial products including forex, gold, and crude oil.

Tech Stack:

ThinkPHP 5.x + MySQL + Nginx + PHP-FPM 7.3

───

2. Problem Discovery

On March 20, 2026, the platform experienced:

• Login function failure

• Page loading anomalies

───

3. Technical Investigation

1. Malicious Code Injection

grep -r ‘clipboardData’ /www/wwwroot/dajian168.com/

Result: View.php was implanted with cryptocurrency theft script

2. SQL Injection Vulnerability

grep -n “$_POST” User.php

Result: Found 36 instances of direct $_POST usage

3. Backdoor Function

Discovered curlfun() can be remotely invoked

───

4. Fix Solution (Core)

SQL Injection Fix

// Before (Dangerous)

$payments = Db::table(‘lc_payments’)->where(‘id = ‘.$_POST[‘type’])->find();

// After (Secure)

$type_id = input(‘post.type/d’, 0);

$payments = Db::table(‘lc_payments’)->where(‘id’, $type_id)->find();

Parameter Security Mapping

| Original写法 | Secure写法 |

| ————— | ———————— |

| $_POST[‘type’] | input(‘post.type/d’, 0) |

| $_POST[‘money’] | input(‘post.money/f’, 0) |

| $_POST[‘title’] | input(‘post.title’, ”) |

───

5. Fix Statistics

• SQL Injection: 36 locations ✅

• Malicious Code: 1 location ✅

• Backdoor Function: 1 ✅

───

6. Security Recommendations

1. Regular security audits

2. Timely framework updates

3. Configure PHP disable_functions

4. Enable log monitoring

5. Establish backup mechanisms

#TechUpdate #PHPDevelopment #MaintenanceLog #WePan #WeTrade #ForexPlatform