ProHoster > Блог > ozi ịntanetị > Adịghị ike na mpempe akwụkwọ:: ParseExcel Perl modul ejiri mebie Barracuda ESG

Adịghị ike na mpempe akwụkwọ:: ParseExcel Perl modul ejiri mebie Barracuda ESG

Achọpụtala ihe ọghọm dị oke egwu (CVE-2023-7101) na Perl modul Spreadsheet :: ParseExcel, nke na-enye ọrụ maka ịkọwapụta faịlụ Excel, nke na-enye ohere igbu koodu aka ike mgbe ị na-ahazi faịlụ XLS ma ọ bụ XLSX nke gụnyere iwu nhazi nọmba ahaziri iche. A na-akpata adịghị ike ahụ site na iji data enwetara site na faịlụ a na-ahazi mgbe ị na-ewu oku "eval". A doziri nsogbu ahụ na akwụkwọ mpịakọta :: ParseExcel 0.66. Enwere prototype nke irigbu. Koodu adịghị ike: ma ọ bụrụ ( $ format_str = ~ / ^ \ [([<>=] [^\]] +) \] (.*)$/ ) {$conditional = $1; $format_str = $2; } ... $ngalaba = eval "$nọmba $conditional"? 0:1; Ihe atụ nke irigbu maka imezu iwu whoami: 1;system('whoami> /tmp/inject.txt')]123″/ >

Barracuda Netwọk chọpụtara adịghị ike ahụ n'oge nyocha nke mwakpo iji tinye malware na ngwaọrụ Barracuda ESG (Email Security Gateway). Ihe kpatara imebi ngwaọrụ ahụ bụ adịghị ike 0-ụbọchị (CVE-2023-7102) na Spreadsheet :: ParseExcel modul, nke e ji mee ihe na Barracuda ESG iji kpachapụta mgbakwunye email na usoro Excel. Iji jiri Barracuda ESG mee koodu gị na sistemụ, o zuru iji zipu ozi-e nwere mgbakwunye email ahaziri ahazi.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster