A cikin WordPress plugin tare da fiye da 700 dubu aiki shigarwa, rashin lahani wanda ke ba da damar umarni na sabani da rubutun PHP don aiwatar da su akan sabar. Batun ya bayyana a cikin Mai sarrafa Fayil yana fitar da 6.0 zuwa 6.8 kuma an warware shi a cikin sakin 6.9.
Fayil ɗin Mai sarrafa Fayil yana ba da kayan aikin sarrafa fayil don mai gudanar da WordPress, ta yin amfani da ɗakin karatu da aka haɗa don sarrafa ƙananan matakin fayil . Lambar tushe na ɗakin karatu na elFinder ya ƙunshi fayiloli tare da misalan lambar, waɗanda aka kawo a cikin kundin aiki tare da tsawo ".dist". Rashin lahani yana faruwa ne saboda gaskiyar cewa lokacin da aka aika ɗakin karatu, an canza sunan fayil ɗin "connector.minimal.php.dist" zuwa "connector.minimal.php" kuma ya zama samuwa don aiwatarwa lokacin aika buƙatun waje. Rubutun da aka ƙayyade yana ba ku damar yin kowane aiki tare da fayiloli (loading, budewa, edita, sake suna, rm, da dai sauransu), tun da an wuce sigoginsa zuwa aikin run () na babban plugin, wanda za'a iya amfani dashi don maye gurbin fayilolin PHP. a cikin WordPress kuma gudanar da lambar sabani.
Abin da ke sa haɗarin ya fi muni shine rashin lahani ya rigaya don aiwatar da hare-hare ta atomatik, yayin da ake loda hoton da ke ɗauke da lambar PHP zuwa ga directory “plugins/wp-file-manager/lib/files/” ta amfani da umarnin “upload”, wanda sai a sake masa suna zuwa rubutun PHP wanda sunansa yake. zaɓaɓɓu kuma ya ƙunshi rubutun “hard” ko “x.”, misali, hardfork.php, hardfind.php, x.php, da sauransu). Da zarar an kashe shi, lambar PHP tana ƙara kofa zuwa ga /wp-admin/admin-ajax.php da /wp-includes/user.php fayiloli, yana ba maharan damar yin amfani da mai sarrafa rukunin yanar gizo. Ana aiwatar da aikin ta hanyar aika buƙatar POST zuwa fayil ɗin "wp-file-manager/lib/php/connector.minimal.php".
Yana da mahimmanci cewa bayan hack, ban da barin bayan gida, ana yin canje-canje don kare ƙarin kira zuwa fayil ɗin connector.minimal.php, wanda ya ƙunshi raunin da ya faru, don toshe yiwuwar kai hari ga uwar garke ta wasu maharan.
An gano yunkurin harin farko a ranar 1 ga Satumba da karfe 7 na safe (UTC). IN
12:33 (UTC) masu haɓaka plugin Manager File sun fito da faci. A cewar kamfanin Wordfence wanda ya gano raunin, tacewar tasu ta toshe kusan 450 yunkurin yin amfani da raunin a kowace rana. Binciken cibiyar sadarwa ya nuna cewa kashi 52% na rukunin yanar gizon da ke amfani da wannan kayan aikin ba su riga sun sabunta ba kuma sun kasance masu rauni. Bayan shigar da sabuntawa, yana da ma'ana don bincika log ɗin uwar garken http don kira zuwa rubutun "connector.minimal.php" don sanin ko an lalata tsarin.
Bugu da ƙari, zaku iya lura da sakin gyara wanda ya ba da shawara .
source: budenet.ru