Achọpụtala ọtụtụ adịghị ike na J-Web interface, nke a na-eji na ngwaọrụ netwọk Juniper nwere sistemụ arụ ọrụ JunOS, nke kachasị dị ize ndụ (CVE-2022-22241) na-enye gị ohere ịmebi koodu gị na sistemụ na-enweghị. nyocha site na izipu arịrịọ HTTP ahaziri ahazi. A na-adụ ndị na-eji akụrụngwa Juniper ọdụ ka ha wụnye mmelite firmware, ma ọ bụrụ na nke a agaghị ekwe omume, hụ na egbochiri ịnweta interface weebụ site na netwọk dị n'èzí na naanị na ndị ọbịa tụkwasịrị obi.
Ihe kachasị mkpa nke adịghị ike bụ na a na-edozi ụzọ faịlụ nke onye ọrụ gafere na /jsdm/ajax/logging_browse.php script na-enweghị nzacha prefix na ụdị ọdịnaya na ogbo tupu nyocha nyocha. Onye na-awakpo nwere ike ibunye faịlụ phar ọjọọ n'okpuru ihe oyiyi wee nweta mmezu nke koodu PHP dị na ebe nchekwa phar site na iji usoro ọgụ "Phar deserialization" (dịka ọmụmaatụ, ịkọwa "filepath=phar:/path/pharfile.jpg) " na arịrịọ).
Nsogbu a bụ na mgbe ị na-elele faịlụ ebugoro site na iji ọrụ PHP is_dir(), ọrụ a na-ewepụ metadata sitere na Phar Archive na-akpaghị aka mgbe ị na-ahazi ụzọ malite na “phar: //”. A na-ahụ mmetụta yiri nke ahụ mgbe ị na-ahazi ụzọ faịlụ nke onye ọrụ na-enye na faịlụ_get_content (), fopen(), faịlụ (), file_exists (), md5_file (), filemtime () na fileize() ọrụ.
Mwakpo a na-agbagwoju anya site n'eziokwu na na mgbakwunye na ịmalite mmebe nke phar Archive, onye na-awakpo ahụ aghaghị ịchọta ụzọ iji budata ya na ngwaọrụ (site na ịnweta /jsdm/ajax/logging_browse.php, ị nwere ike ịkọwapụta naanị ụzọ iji budata ya na ngwaọrụ). Mepụta faịlụ dị ugbua). Ọnọdụ enwere ike maka faịlụ ịbanye na ngwaọrụ ahụ gụnyere nbudata faịlụ phar nke nwogharia ka onyonyo site na ọrụ mbufe onyonyo yana dochie faịlụ na cache ọdịnaya weebụ.
Ihe ọghọm ndị ọzọ:
- CVE-2022-22242 - Mgbanwe nke ihe mpụga na-enweghị atụ na mmepụta nke njehie.php script, nke na-enye ohere ịdebanye aha na saịtị na njedebe nke koodu Javascript na-ezighị ezi na ihe nchọgharị onye ọrụ mgbe ị na-eso njikọ (dịka ọmụmaatụ, "https: //) JUNOS_IP/error.php?SERVER_NAME= alert(0) " Enwere ike iji adịghị ike ahụ gbochie parampat nnọkọ onye nchịkwa ma ọ bụrụ na ndị mwakpo jikwaa mee ka onye nchịkwa mepee njikọ ahaziri ahazi.
- CVE-2022-22243, CVE-2022-22244 XPATH ngbanwe okwu site na jsdm/ajax/wizards/setup/setup.php na /modules/monitor/interfaces/interface.php scripts na-enye ohere onye ọrụ na-enweghị ohere iji megharịa nnọkọ.
- CVE-2022-22245 Enweghi ezi sanitization nke ".." usoro na ụzọ edoziri na Upload.php script na-enye ohere ka onye ọrụ kwadoro bulite faịlụ PHP ha na ndekọ nke na-enye ohere ka e gbuo script PHP (dịka ọmụmaatụ, site na ịgafe). ụzọ "fileName=\. .\...\...\..\www\dir\new\shell.php").
- CVE-2022-22246 - Ohere nke imezu faịlụ PHP mpaghara aka ike site na iji aka site n'aka onye ọrụ nke script jrest.php, bụ nke a na-eji ihe mpụga na-emepụta aha faịlụ nke arụrụ ọrụ "require_once()" (maka). ọmụmaatụ, "/jrest.php?payload =alol/lol/ọ bụla\...\..\..\..\ ọ bụla\file")
isi: opennet.ru