ProHoster > Блог > ozi ịntanetị > Enweghị ike dị oke njọ na WordPress- Ngwa mgbakwunye Njikwa faịlụ, nke nwere nrụnye puku 700

Enweghị ike dị oke njọ na WordPress- Ngwa mgbakwunye Njikwa faịlụ, nke nwere nrụnye puku 700

В WordPress-plugin File Managerna ihe karịrị 700 puku arụ ọrụ arụ ọrụ, mara adịghị ike nke na-enye ohere ka e gbuo iwu aka ike na ederede PHP na ihe nkesa ahụ. Esemokwu a na-egosi na Njikwa faili weputara 6.0 ruo 6.8 wee dozie ya na ntọhapụ 6.9.

Ngwa mgbakwunye Njikwa faịlụ na-enye ngwaọrụ njikwa faịlụ maka onye nchịkwa. WordPress, na-eji ọbá akwụkwọ dị na ya maka njikwa faịlụ dị ala elFinderKoodu isi mmalite ọbá akwụkwọ elFinder nwere faịlụ koodu atụ, nke a na-enye na ndekọ ọrụ yana ndọtị ".dist". Ihe kpatara adịghị ike a bụ na n'oge nkesa ọbá akwụkwọ, agbanwere faịlụ "connector.minimal.php.dist" ka ọ bụrụ "connector.minimal.php" ma dị maka mmezu mgbe a na-eziga arịrịọ mpụga. Ederede a na-enye ohere ka arụ ọrụ faịlụ ọ bụla (bulite, mepee, onye nchịkọta akụkọ, ịgbanwe aha, rm, wdg) rụọ, ebe ọ bụ na a na-ebufe paramita ya na ọrụ run() nke ngwa mgbakwunye bụ isi, nke enwere ike iji dochie faịlụ PHP na WordPress ma na-eji koodu aka ike eme ihe.

Ihe na-eme ka ihe egwu dị njọ bụ na adịghị ike adịlarị jiri iji mee mwakpo akpaghị aka, n'oge a na-ebugo onyonyo nwere koodu PHP na ndekọ “plugins/wp-file-manager/lib/files/” site na iji iwu “bulite”, nke a na-atụgharị aha ya na ederede PHP nke aha ya bụ. ahọpụtara na enweghị usoro ma nwee ederede "ike" ma ọ bụ "x," dịka ọmụmaatụ, hardfork.php, hardfind.php, x.php, wdg). Ozugbo e gburu ya, koodu PHP na-agbakwụnye azụ azụ na /wp-admin/admin-ajax.php na /wp-includes/user.php faịlụ, na-enye ndị na-awakpo ohere ịnweta interface nchịkwa saịtị. A na-arụ ọrụ site na izipu arịrịọ POST na faịlụ "wp-file-manager/lib/php/connector.minimal.php".

Ọ bụ ihe kwesịrị ịrịba ama na mgbe mbanye anataghị ikike, na mgbakwunye na ịhapụ azụ azụ, a na-eme mgbanwe iji kpuchido oku ndị ọzọ na faịlụ connector.minimal.php, nke nwere adịghị ike, iji gbochie ohere nke ndị ọzọ na-awakpo na-awakpo ihe nkesa.
Achọpụtara mbọ mbuso agha mbụ na Septemba 1 na elekere asaa nke ụtụtụ (UTC). N'ime
12:33 (UTC) ndị nrụpụta ngwa mgbakwunye Njikwa Njikwa ewepụtala patch. Dị ka ụlọ ọrụ Wordfence nke chọpụtara adịghị ike ahụ, firewall ha gbochiri ihe dị ka puku 450 mgbalị iji mee ihe adịghị ike kwa ụbọchị. Nyocha netwọkụ gosiri na 52% nke saịtị ndị na-eji ngwa mgbakwunye a emelitebeghị ma nọgide na-adị mfe. Mgbe ị wụnye mmelite ahụ, ọ bụ ihe ezi uche dị na ịlele ndekọ ihe nkesa http maka oku na ederede "connector.minimal.php" iji chọpụta ma ọ bụrụ na e mebiela usoro ahụ.

Na mgbakwunye, ị nwere ike ịhụ ntọhapụ mmezi WordPress 5.5.1 nke tụrụ aro 40 ndozi.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster