cikakkun bayanai game da sabon hari akan rukunin yanar gizon da ke amfani da samfurin gaba-karshen-baya, kamar waɗanda ke gudana ta hanyoyin sadarwar isar da abun ciki, ma'aunin nauyi ko wakilai. Harin yana ba da damar, ta hanyar aika wasu buƙatun, don shiga cikin abubuwan da ke cikin wasu buƙatun da aka sarrafa a cikin zaren iri ɗaya tsakanin gaba da baya. An yi nasarar amfani da hanyar da aka tsara don tsara wani harin da ya ba da damar tsai da matakan tantance masu amfani da sabis na PayPal, wanda ya biya masu bincike kimanin dala dubu 40 a matsayin wani ɓangare na shirin don sanar da kasancewar rashin lahani. Har ila yau harin ya shafi shafuka masu amfani da hanyar sadarwar isar da abun ciki na Akamai.
Matsalolin matsalar ita ce gaba da baya sau da yawa suna ba da matakai daban-daban na tallafi ga ka'idar HTTP, amma a lokaci guda suna tattara buƙatun masu amfani daban-daban zuwa tashar gama gari. Don haɗa buƙatun karɓa na gaba da buƙatun sarrafa bayanan baya, an kafa haɗin TCP mai tsawo, ta hanyar da ake watsa buƙatun mai amfani, ana watsa shi tare da sarkar ɗaya bayan ɗaya, rabuwa ta hanyar ka'idar HTTP. Don raba buƙatun, masu taken "Tsarin Abun ciki" (yana ƙayyade adadin adadin bayanai a cikin buƙatar) da ""(yana ba ku damar canja wurin bayanai a cikin sassa, ƙayyadaddun tubalan masu girma dabam dabam a cikin tsarin "{size}\r\n{block}\r\n{size}\r\n{block}\r\n0").
Matsalar ta taso idan gaban gaba yana goyan bayan "Tsawon-Tsawon Abun ciki" amma yayi watsi da "Transfer-Encoding: chunked" (misali, Akamai CDN yayi wannan) ko akasin haka. Idan Canja wurin-Encoding: chunked yana goyan bayan bangarorin biyu, ana iya amfani da fasalulluka na aiwatarwa na masu bitar taken HTTP don hari (misali, lokacin da ƙarshen gaba yayi watsi da layukan kamar "Transfer-Encoding: xchunked", "Transfer-Encoding: chunked" ", "Transfer-Encoding": [tab] chunked", "X: X[\n] Canja wurin-Encoding: chunked", "Transfer-Encoding[\n]: chunked" ko "Transfer-Encoding: chunked", da kuma backend yayi nasarar aiwatar da su).
A wannan yanayin, maharin na iya aika buƙatun da ke ɗauke da duka biyun "Length Content-Length" da "Transfer-Encoding: chunked", amma girman da ke cikin "Content-Length" bai dace da girman sarkar da aka yanke ba, wanda ya yi ƙasa da ainihin ƙimar. Idan frontend ya aiwatar da tura buƙatun bisa ga "Length Content-Length" kuma bayan yana jiran toshewar don kammala bisa "Transfer-Encoding: chunked", to ƙarshen bayanan dangane da "Transfer-Encoding: chunked" zai a tantance a baya kuma sauran wutsiya na bukatar wanda ya kai harin zai kasance a farkon bukata ta gaba, watau. maharin zai iya makala bayanan sabani zuwa farkon bukatar wani da ake yadawa a gaba.
Don tantance matsalar a haɗawar gaba-baya da aka yi amfani da ita, zaku iya aika buƙatu kamar wannan ta gaban gaban:
POST /game da HTTP/1.1
Mai watsa shiri: example.com
Canja wurin-Encoding: chunked
Abun ciki-Length: 4
1
Z
Q
Matsalar tana nan idan mai baya bai aiwatar da buƙatar nan da nan ba kuma yana jiran isowar shingen iyaka na ƙarshe na chunked bayanai. Don ƙarin cikakken bincike wani kayan aiki na musamman wanda kuma yana gwada hanyoyin da za a iya bi don ɓoye taken "Transfer-Encoding: chunked" daga gaba.
Aiwatar da kai hari na gaske ya dogara da damar wurin da aka kai harin, alal misali, lokacin da kake kai hari kan aikace-aikacen gidan yanar gizo na Trello, zaku iya maye gurbin farkon buƙatun (masanin bayanan kamar “PUT / 1/members/1234... x=x&csrf) =1234&username=testzzz&bio=cake”) da aika saƙo gami da ainihin buƙatun mai amfani na ɓangare na uku da kuki ɗin da aka ƙayyade a ciki. Don kai hari kan saas-app.com, ya zama mai yiwuwa a sauya lambar JavaScript a cikin martani ta hanyar musanya shi a ɗayan sigogin buƙatun. Don harin akan redhat.com, an yi amfani da mai kula da ciki don turawa zuwa gidan yanar gizon maharin (buƙatar fom "POST /search?dest=../assets/idx?redir=//)[email kariya]/ HTTP/1.1).
Yin amfani da hanyar don hanyoyin sadarwar isar da abun ciki ya ba da damar a sauƙaƙe maye gurbin rukunin yanar gizon da aka nema ta hanyar musanya taken "Mai watsa shiri:". Hakanan ana iya amfani da harin don guba abubuwan da ke cikin tsarin adana abun ciki da fitar da bayanan sirri da aka adana. Babbar hanyar ita ce tsara harin da aka yi wa PayPal, wanda ya ba da damar shigar da kalmomin shiga da masu amfani suka aiko yayin tantancewa (an canza buƙatar iframe don aiwatar da JavaScript a cikin mahallin shafin paypal.com/us/gifts, don wanda CSP (Manufofin Tsaro na Abubuwan ciki) ba a yi amfani da su ba).
Abin sha'awa, a cikin 2005 akwai wata dabara mai kama da kama da neman buƙatun da ke ba ka damar zurfafa bayanai a cikin bayanan ɓoye (Tomcat, squid, mod_proxy) ko ketare shingen bangon wuta ta hanyar tantance buƙatun “GET” ko “POST” da yawa a cikin zaman HTTP ɗaya.
source: budenet.ru