Hauv WordPress plugin nrog ntau tshaj 700 txhiab active installations, muaj qhov tsis zoo uas tso cai rau cov lus txib tsis raug cai thiab PHP scripts raug tua ntawm lub server. Qhov teeb meem tshwm sim hauv Tus Thawj Tswj Ntaub Ntawv tso tawm 6.0 txog 6.8 thiab raug daws hauv kev tso tawm 6.9.
Cov Ntaub Ntawv Tus Thawj Tswj plugin muab cov cuab yeej tswj cov ntaub ntawv rau tus thawj tswj hwm WordPress, siv cov tsev qiv ntawv suav nrog rau kev tswj cov ntaub ntawv qis . Lub hauv paus chaws ntawm lub tsev qiv ntawv elFinder muaj cov ntaub ntawv nrog cov piv txwv code, uas tau muab rau hauv cov npe ua haujlwm nrog qhov txuas ntxiv ".dist". Qhov tsis zoo yog tshwm sim los ntawm qhov tseeb tias thaum lub tsev qiv ntawv raug xa mus, cov ntaub ntawv "connector.minimal.php.dist" tau hloov npe rau "connector.minimal.php" thiab tau muaj rau kev ua tiav thaum xa cov lus thov sab nraud. Cov ntawv teev cia tso cai rau koj ua txhua yam haujlwm nrog cov ntaub ntawv (upload, qhib, editor, rename, rm, thiab lwm yam), txij li nws cov kev txwv tau dhau mus rau qhov khiav () kev ua haujlwm ntawm lub ntsiab plugin, uas tuaj yeem siv los hloov cov ntaub ntawv PHP. hauv WordPress thiab khiav arbitrary code.
Dab tsi ua rau muaj kev phom sij loj dua yog qhov muaj qhov tsis zoo twb muaj lawm txhawm rau ua kom muaj kev tawm tsam tsis siv neeg, thaum lub sijhawm cov duab uas muaj PHP code raug xa mus rau "plugins/wp-file-manager/lib/files/" directory siv "upload" hais kom ua, uas yog tom qab hloov npe rau hauv PHP tsab ntawv uas nws lub npe yog xaiv random thiab muaj cov ntawv "nyuaj" lossis "x." Piv txwv li, hardfork.php, hardfind.php, x.php, thiab lwm yam). Thaum ua tiav, PHP code ntxiv qhov rov qab rau /wp-admin/admin-ajax.php thiab /wp-includes/user.php cov ntaub ntawv, muab cov neeg tawm tsam nkag mus rau qhov chaw tswj xyuas qhov chaw. Kev ua haujlwm yog ua los ntawm kev xa POST thov rau cov ntaub ntawv "wp-file-manager/lib/php/connector.minimal.php".
Nws yog ib qho tseem ceeb tias tom qab lub hack, ntxiv rau kev tawm hauv lub backdoor, kev hloov pauv tau ua los tiv thaiv kev hu xov tooj ntxiv mus rau cov ntaub ntawv connector.minimal.php, uas muaj qhov tsis zoo, txhawm rau txhawm rau txhawm rau tiv thaiv lub server los ntawm lwm tus neeg tawm tsam.
Thawj qhov kev sim tawm tsam tau kuaj pom lub Cuaj Hlis 1 thaum 7 teev sawv ntxov (UTC). IN
12: 33 (UTC) cov neeg tsim tawm ntawm File Manager plugin tau tso tawm ib thaj. Raws li lub tuam txhab Wordfence uas tau txheeb xyuas qhov muaj qhov tsis zoo, lawv lub qhov hluav taws xob tau thaiv txog 450 txhiab qhov kev sim siv qhov tsis zoo ib hnub. Kev txheeb xyuas lub network tau pom tias 52% ntawm cov chaw siv cov plugin no tseem tsis tau hloov kho thiab tseem muaj kev pheej hmoo. Tom qab kev txhim kho qhov hloov tshiab, nws ua rau kev txiav txim siab los kuaj xyuas http server rau kev hu mus rau "connector.minimal.php" tsab ntawv los txiav txim seb lub kaw lus puas raug cuam tshuam.
Tsis tas li ntawd, koj tuaj yeem nco ntsoov qhov kev tso tawm kom raug uas tau npaj .
Tau qhov twg los: opennet.ru