Ob peb qhov tsis zoo tau raug txheeb xyuas hauv lub cav pub dawb rau kev tsim cov vev xaib sib tham MyBB, uas ua ke tso cai rau kev ua tiav ntawm PHP code ntawm lub server. Cov teeb meem tshwm sim hauv kev tso tawm 1.8.16 txog 1.8.25 thiab tau kho hauv MyBB 1.8.26 hloov tshiab.
Thawj qhov muaj qhov tsis zoo (CVE-2021-27889) tso cai rau ib tus tswv cuab ntawm lub rooj sab laj uas tsis tsim nyog los kos JavaScript code rau hauv cov lus, kev sib tham, thiab cov lus ntiag tug. Lub rooj sab laj tso cai rau koj ntxiv cov duab, cov npe, thiab cov ntaub ntawv multimedia los ntawm cov cim tshwj xeeb uas tau hloov dua siab tshiab rau hauv HTML markup. Vim yog qhov yuam kev hauv kev hloov pauv code rau cov cim npe, ob qhov URL tsim [img]http://xyzsomething.com/image?)http://x.com/onerror=alert(1);//[/img ] yog convert V
Qhov thib ob qhov tsis zoo (CVE-2021-27890) ua rau nws muaj peev xwm hloov SQL cov lus txib thiab ua tiav kev ua tiav ntawm koj cov cai. Qhov teeb meem tshwm sim vim hloov $ ntsiab lus ['templateset'] rau hauv lub cev ntawm SQL query yam tsis muaj kev tu kom zoo thiab ua tiav ${...} cov khoom los ntawm kev hu eval. Piv txwv li, koj tuaj yeem khiav PHP hais kom passthru ('ls') thaum ua cov ntsiab lus nrog kev tsim xws li: ') THIAB 1=0 UNION SELECT title, '${passthru(\'ls\')}' los ntawm mybb_templates —
Txhawm rau siv qhov tsis zoo thib ob, koj yuav tsum siv lub rooj sib tham nrog cov cai tswj hwm lub rooj sib tham. Txhawm rau xa daim ntawv thov nrog tus thawj tswj hwm txoj cai, tus neeg tawm tsam tuaj yeem ua kom zoo dua ntawm thawj qhov muaj qhov tsis zoo thiab xa tus thawj coj cov lus ntiag tug nrog JavaScript code, uas, thaum pom, yuav siv qhov tsis zoo thib ob.
Tau qhov twg los: opennet.ru
