bayani game da rashin daidaituwa (0-day) rashin lahani mai mahimmanci (CVE-2019-16759) a cikin injin mallakar mallaka don ƙirƙirar dandalin yanar gizo , wanda ke ba ku damar aiwatar da lamba akan uwar garken ta hanyar aika buƙatun POST na musamman. Ana samun amfani mai aiki don matsalar. Ana amfani da vBulletin ta ayyukan buɗe ido da yawa, gami da taron tattaunawa akan wannan injin. , , и .
Rashin lahani yana kasancewa a cikin mai kula da "ajax/render/widget_php", wanda ke ba da damar yin amfani da lambar harsashi na sabani ta hanyar sigar "widgetConfig[lambar]" (lambar ƙaddamarwa kawai ta wuce, ba kwa buƙatar tserewa komai) . Harin baya buƙatar tantancewar dandalin. An tabbatar da matsalar a cikin duk fitowar reshen vBulletin 5.x na yanzu (wanda aka haɓaka tun 2012), gami da sakin kwanan nan 5.5.4. Har yanzu ba a shirya sabuntawa tare da gyara ba.
Ƙari na 1: Don nau'ikan 5.5.2, 5.5.3 da 5.5.4 faci. An shawarci masu tsofaffin 5.x sakewa da su fara sabunta tsarin su zuwa sabbin nau'ikan da aka goyan baya don kawar da rauni, amma a matsayin mafita. kiran "eval ($ code)" a cikin lambar aikin evalCode daga fayil ɗin ya haɗa da /vb5/frontend/controller/bbcode.php.
Addendum 2: Rauni ya riga ya yi aiki don hare-hare, и . Ana iya lura da alamun harin a cikin rajistan ayyukan sabar http ta kasancewar buƙatun layin "ajax/render/widget_php".
Addendum 3: alamun amfani da matsalar da ake tattaunawa a cikin tsofaffin hare-hare, a fili, an riga an yi amfani da raunin har kusan shekaru uku. Bayan haka, Rubutun da za a iya amfani da shi don aiwatar da manyan hare-hare masu sarrafa kansa da ke neman tsarin marasa ƙarfi ta hanyar sabis na Shodan.
source: budenet.ru