Qee cov servers nrog nginx tseem muaj kev cuam tshuam rau Nginx Alias ββββTravelsal cov txheej txheem, uas tau npaj los ntawm Blackhat lub rooj sib tham rov qab rau xyoo 2018 thiab tso cai rau nkag mus rau cov ntaub ntawv thiab cov ntawv teev npe nyob sab nraum lub hauv paus directory teev nyob rau hauv "alias" cov lus qhia. Qhov teeb meem tshwm tsuas yog nyob rau hauv configurations nrog ib tug "alias" cov lus qhia muab tso rau hauv lub "qhov chaw" thaiv, qhov parameter uas tsis xaus nrog ib tug "/" cim, thaum "alias" xaus nrog "/".
Lub ntsiab lus ntawm qhov teeb meem yog tias cov ntaub ntawv rau cov blocks nrog cov lus qhia alias tau muab los ntawm kev txuas rau txoj kev thov, tom qab muab nws nrog lub npog ntsej muag los ntawm qhov chaw qhia thiab txiav tawm ib feem ntawm txoj kev tau teev tseg hauv daim npog no. Rau qhov piv txwv ntawm kev teeb tsa yooj yim tau qhia saum toj no, tus neeg tawm tsam tuaj yeem thov cov ntaub ntawv "/img../test.txt" thiab qhov kev thov no yuav phim lub npog ntsej muag uas tau teev tseg hauv qhov chaw "/img", tom qab ntawd tus Tsov tus tw "../ test.txt" yuav txuas rau txoj hauv kev los ntawm cov lus qhia alias "/var/images/" thiab vim li ntawd cov ntaub ntawv "/var/images/../test.txt" yuav raug thov. Yog li, cov neeg tawm tsam tuaj yeem nkag mus rau txhua cov ntaub ntawv hauv "/var" directory, thiab tsis yog cov ntaub ntawv hauv "/var/images/", piv txwv li, txhawm rau rub tawm nginx log, koj tuaj yeem xa qhov kev thov "/ img../log/ nginx/access.log".
Nyob rau hauv configurations nyob rau hauv uas tus nqi ntawm lub alias directive tsis xaus nrog ib tug "/" cim (piv txwv li, "alias /var/dluab;"), tus attacker tsis tuaj yeem hloov mus rau niam txiv directory, tab sis tuaj yeem thov lwm phau ntawv hauv /var uas nws lub npe pib nrog teev nyob rau hauv lub configuration. Piv txwv li, los ntawm kev thov "/img.old/test.txt" koj tuaj yeem nkag mus rau cov npe "var/images.old/test.txt".
Kev tshuaj xyuas ntawm cov chaw khaws cia ntawm GitHub tau pom tias qhov tsis raug hauv nginx teeb tsa uas ua rau muaj teeb meem tseem pom hauv cov haujlwm tiag tiag. Piv txwv li, lub xub ntiag ntawm ib qho teeb meem tau pom nyob rau hauv backend ntawm Bitwarden tus password tus thawj tswj thiab tuaj yeem siv los nkag mus rau txhua cov ntaub ntawv hauv /etc/bitwarden directory (thov thov rau / txuas tau muab los ntawm /etc/bitwarden/attachments/), suav nrog cov ntaub ntawv khaws cia muaj nrog cov passwords "vault. db", daim ntawv pov thawj thiab cov cav, uas nws txaus los xa cov lus thov "/attachments../vault.db", "/attachments../identity.pfx", "/attachments ../logs/api.log", etc. .P.
Cov txheej txheem kuj tau ua haujlwm nrog Google HPC Toolkit, qhov twg / zoo li qhov kev thov raug xa mus rau "../hpc-toolkit/community/front-end/website/static/" directory. Txhawm rau kom tau txais cov ntaub ntawv nrog tus yuam sij ntiag tug thiab cov ntaub ntawv pov thawj, tus neeg tawm tsam tuaj yeem xa cov lus nug "/static../.secret_key" thiab "/static../db.sqlite3".
Tau qhov twg los: opennet.ru