ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > curl 7.71.0 ืฉื•ื—ืจืจ, ืžืชืงืŸ ืฉืชื™ ื ืงื•ื“ื•ืช ืชื•ืจืคื”

curl 7.71.0 ืฉื•ื—ืจืจ, ืžืชืงืŸ ืฉืชื™ ื ืงื•ื“ื•ืช ืชื•ืจืคื”

ื–ืžื™ืŸ ื’ืจืกื” ื—ื“ืฉื” ืฉืœ ื›ืœื™ ื”ืฉื™ืจื•ืช ืœืงื‘ืœื” ื•ืฉืœื™ื—ื” ืฉืœ ื ืชื•ื ื™ื ื“ืจืš ื”ืจืฉืช - ืชืœืชืœ 7.71.0, ื”ืžืกืคืง ืืช ื”ื™ื›ื•ืœืช ืœื ืกื— ื‘ืงืฉื” ื‘ืฆื•ืจื” ื’ืžื™ืฉื” ืขืœ ื™ื“ื™ ืฆื™ื•ืŸ ืคืจืžื˜ืจื™ื ื›ื’ื•ืŸ cookie, user_agent, referer ื•ื›ืœ ื›ื•ืชืจื•ืช ืื—ืจื•ืช. cURL ืชื•ืžืš ื‘-HTTP, HTTPS, HTTP/2.0, HTTP/3, SMTP, IMAP, POP3, Telnet, FTP, LDAP, RTSP, RTMP ื•ืคืจื•ื˜ื•ืงื•ืœื™ ืจืฉืช ืื—ืจื™ื. ื‘ืžืงื‘ื™ืœ, ืฉื•ื—ืจืจ ืขื“ื›ื•ืŸ ืœืกืคืจื™ื™ืช libcurl, ื”ืžืคื•ืชื—ืช ื‘ืžืงื‘ื™ืœ, ื”ืžืกืคืง API ืœืฉื™ืžื•ืฉ ื‘ื›ืœ ืคื•ื ืงืฆื™ื•ืช ื”-curl ื‘ืชื•ื›ื ื•ืช ื‘ืฉืคื•ืช ื›ืžื• C, Perl, PHP, Python.

ื”ืžื”ื“ื•ืจื” ื”ื—ื“ืฉื” ืžื•ืกื™ืคื” ืืช ื”ืืคืฉืจื•ืช "--retry-all-errors" ื›ื“ื™ ืœื ืกื•ืช ืฉื•ื‘ ืคืขื•ืœื•ืช ืื ืžืชืจื—ืฉื•ืช ืฉื’ื™ืื•ืช ื›ืœืฉื”ืŸ ื•ืžืชืงืŸ ืฉืชื™ ื ืงื•ื“ื•ืช ืชื•ืจืคื”:

  • ืคื’ื™ืขื•ืช CVE-2020-8177 ืžืืคืฉืจ ืœืš ืœื”ื—ืœื™ืฃ ืงื•ื‘ืฅ ืžืงื•ืžื™ ื‘ืžืขืจื›ืช ื‘ืขืช ื’ื™ืฉื” ืœืฉืจืช ื”ื ืฉืœื˜ ืขืœ ื™ื“ื™ ื”ืชื•ืงืฃ. ื”ื‘ืขื™ื” ืžื•ืคื™ืขื” ืจืง ื›ืืฉืจ ื”ืืคืฉืจื•ื™ื•ืช "-J" ("-remote-header-name") ื•-"-i" ("-head") ืžืฉืžืฉื•ืช ื‘ื• ื–ืžื ื™ืช. ื”ืืคืฉืจื•ืช "-J" ืžืืคืฉืจืช ืœืฉืžื•ืจ ืืช ื”ืงื•ื‘ืฅ ืขื ื”ืฉื ืฉืฆื•ื™ืŸ ื‘ื›ื•ืชืจืช
    "ืชื•ื›ืŸ-ื“ื™ืกืคื•ื–ื™ืฆื™ื”". ืื ื›ื‘ืจ ืงื™ื™ื ืงื•ื‘ืฅ ืขื ืื•ืชื• ืฉื, ืชื•ื›ื ื™ืช ื”-Curl ืžืกืจื‘ืช ื‘ื“ืจืš ื›ืœืœ ืœื‘ืฆืข ื”ื—ืœืคื”, ืืš ืื ื”ืืคืฉืจื•ืช "-i" ืงื™ื™ืžืช, ืœื•ื’ื™ืงื™ืช ื”ื‘ื“ื™ืงื” ื ืฉื‘ืจืช ื•ื”ืงื•ื‘ืฅ ืžื•ื—ืœืฃ (ื”ื‘ื“ื™ืงื” ืžืชื‘ืฆืขืช ื‘ืฉืœื‘ ืฉืœ ืงื‘ืœืช ื’ื•ืฃ ื”ืชื’ื•ื‘ื”, ืืš ืขื ื”ืืคืฉืจื•ืช "-i" ืžื•ืฆื’ื•ืช ืชื—ื™ืœื” ื›ื•ืชืจื•ืช HTTP ื•ื™ืฉ ืœื”ืŸ ื–ืžืŸ ืœื”ื™ืฉืžืจ ืœืคื ื™ ืชื—ื™ืœืช ืขื™ื‘ื•ื“ ื’ื•ืฃ ื”ืชื’ื•ื‘ื”). ืจืง ื›ื•ืชืจื•ืช HTTP ื ื›ืชื‘ื•ืช ืœืงื•ื‘ืฅ, ืื‘ืœ ื”ืฉืจืช ื™ื›ื•ืœ ืœืฉืœื•ื— ื ืชื•ื ื™ื ืฉืจื™ืจื•ืชื™ื™ื ื‘ืžืงื•ื ื›ื•ืชืจื•ืช ื•ื”ื ื™ื™ื›ืชื‘ื•.

  • ืคื’ื™ืขื•ืช CVE-2020-8169 ืขืœื•ืœ ืœื”ื•ื‘ื™ืœ ืœื“ืœื™ืคื” ืœืฉืจืช ื”-DNS ืฉืœ ื—ืœืง ืžืกื™ืกืžืื•ืช ื”ื’ื™ืฉื” ืœืืชืจ (Basic, Digest, NTLM ื•ื›ื•'). ืขืœ ื™ื“ื™ ืฉื™ืžื•ืฉ ื‘ืกืžืœ "@" ื‘ืกื™ืกืžื”, ื”ืžืฉืžืฉืช ื’ื ื›ืžืคืจื™ื“ ืกื™ืกืžื” ื‘ื›ืชื•ื‘ืช ื”ืืชืจ, ื›ืืฉืจ ืžื•ืคืขืœืช ื”ืคื ื™ื” ืžื—ื“ืฉ ืฉืœ HTTP, curl ื™ืฉืœื— ืืช ื”ื—ืœืง ืฉืœ ื”ืกื™ืกืžื” ืฉืื—ืจื™ ื”ืกืžืœ "@" ื™ื—ื“ ืขื ื”ื“ื•ืžื™ื™ืŸ ืœืคืชืจื•ืŸ ื”ืฉื. ืœื“ื•ื’ืžื”, ืื ืชืกืคืง ืืช ื”ืกื™ืกืžื” "passw@rd123" ื•ืืช ืฉื ื”ืžืฉืชืžืฉ "dan", curl ื™ืคื™ืง ืืช ื›ืชื•ื‘ืช ื”ืืชืจ "https://dan:passw@[ืžื•ื’ืŸ ื‘ื“ื•ื"ืœ]/path" ื‘ืžืงื•ื "https://dan:passw%[ืžื•ื’ืŸ ื‘ื“ื•ื"ืœ]/path" ื•ื™ืฉืœื— ื‘ืงืฉื” ืœืคืชืจื•ืŸ ื”ืžืืจื— "[ืžื•ื’ืŸ ื‘ื“ื•ื"ืœ]" ื‘ืžืงื•ื "example.com".

    ื”ื‘ืขื™ื” ืžื•ืคื™ืขื” ื›ืืฉืจ ืžื•ืคืขืœืช ืชืžื™ื›ื” ื‘ืžืคื ื™ื™ HTTP ื™ื—ืกื™ื™ื (ืžื•ืฉื‘ืชื™ื ื‘ืืžืฆืขื•ืช CURLOPT_FOLLOWLOCATION). ืื ื ืขืฉื” ืฉื™ืžื•ืฉ ื‘-DNS ืžืกื•ืจืชื™, ืžื™ื“ืข ืขืœ ื—ืœืง ืžื”ืกื™ืกืžื” ื™ื›ื•ืœ ืœื”ืชืงื‘ืœ ืขืœ ื™ื“ื™ ืกืคืง ื”-DNS ื•ืขืœ ื™ื“ื™ ืชื•ืงืฃ ืฉื™ืฉ ืœื• ืืช ื”ื™ื›ื•ืœืช ืœื™ื™ืจื˜ ืชืขื‘ื•ืจืช ืจืฉืช ืžืขื‘ืจ (ื’ื ืื ื”ื‘ืงืฉื” ื”ืžืงื•ืจื™ืช ื”ื™ื™ืชื” ื‘ืืžืฆืขื•ืช HTTPS, ืฉื›ืŸ ืชืขื‘ื•ืจืช DNS ืื™ื ื” ืžื•ืฆืคื ืช). ื‘ืขืช ืฉื™ืžื•ืฉ ื‘-DNS-over-HTTPS (DoH), ื”ื“ืœื™ืคื” ืžื•ื’ื‘ืœืช ืœืžืคืขื™ืœ ื”-DoH.

ืžืงื•ืจ: OpenNet.ru

ื”ื•ืกืคืช ืชื’ื•ื‘ื”