ProHoster > Π‘Π»ΠΎΠ³ > warta internet > Backdoor ing 93 plugin lan tema AccessPress sing digunakake ing 360 ewu situs

Backdoor ing 93 plugin lan tema AccessPress sing digunakake ing 360 ewu situs

Para panyerang bisa nglebokake backdoor menyang 40 plugins lan 53 tema kanggo sistem manajemen konten WordPress, sing dikembangake dening AccessPress, sing ngaku tambahan kasebut digunakake ing luwih saka 360 ewu situs. Asil analisis saka kedadean durung kasedhiya, nanging dianggep yen kode angkoro ditepungake nalika kompromi situs web AccessPress, nggawe owah-owahan ing arsip sing ditawakake kanggo diundhuh kanthi rilis sing wis dirilis, amarga ana backdoor. mung ing kode sing disebarake liwat situs web resmi AccessPress, nanging ora ana ing rilis tambahan sing padha sing disebarake liwat direktori WordPress.org.

Owah-owahan ala ditemokake dening peneliti ing JetPack (divisi pangembang WordPress Otomatis) nalika mriksa kode jahat sing ditemokake ing situs web klien. Analisis kahanan kasebut nuduhake manawa ana owah-owahan ala ing add-on WordPress sing diundhuh saka situs web resmi AccessPress. Tambahan liyane saka pabrikan sing padha uga tundhuk modifikasi angkoro sing ngidini akses lengkap menyang situs kanthi hak administrator.

Sajrone modifikasi, panyerang nambahake file "initial.php" menyang arsip kanthi plugin lan tema, sing disambungake liwat arahan "kalebu" ing file "functions.php". Kanggo mbingungake jejak kasebut, konten jahat ing file "initial.php" disamarake minangka blok data sing dienkode base64. Sisipan ala, kanthi kedok njupuk gambar saka situs web wp-theme-connect.com, langsung ngemot kode backdoor menyang file wp-includes/vars.php.

Backdoor ing 93 plugin lan tema AccessPress sing digunakake ing 360 ewu situs
Backdoor ing 93 plugin lan tema AccessPress sing digunakake ing 360 ewu situs

Situs pisanan sing kalebu owah-owahan ala kanggo add-on AccessPress diidentifikasi ing September 2021. Dianggep yen banjur lawang mburi dilebokake ing tambahan. Kabar pisanan kanggo AccessPress babagan masalah sing diidentifikasi ora dijawab, lan AccessPress mung bisa narik kawigaten sawise nglibatake tim WordPress.org ing investigasi. Ing tanggal 15 Oktober 2021, arsip sing kena pengaruh lawang mburi wis dibusak saka situs web AccessPress, lan versi anyar saka add-on dirilis tanggal 17 Januari 2022.

Sucuri mriksa situs kanthi kapisah ing ngendi versi AccessPress sing kena pengaruh diinstal lan ngenali ananΓ© modul angkoro sing dimuat liwat lawang mburi sing ngirim spam lan dialihake transisi menyang situs penipuan (modul kasebut tanggal 2019 lan 2020). Dianggep manawa penulis backdoor adol akses menyang situs sing dikompromi.

Tema ing ngendi substitusi backdoor direkam:

  • accessbuddy 1.0.0
  • accesspress-dhasar 3.2.1
  • accesspress-lite 2.92
  • accesspress-mag 2.6.5
  • accesspress-parallax 4.5
  • accesspress-ray 1.19.5
  • accesspress-root 2.5
  • accesspress-staple 1.9.1
  • accesspress-toko 2.4.9
  • agensi-lite 1.1.6
  • aplite 1.0.6
  • bingle 1.0.4
  • blogger 1.2.6
  • construction-lite 1.2.5
  • doko 1.0.27
  • madhangi 1.3.5
  • fashstore 1.2.1
  • fotografi 2.4.0
  • gaga-corp 1.0.8
  • gaga-lite 1.4.2
  • spasi siji 2.2.8
  • paralaks-blog 3.1.1574941215
  • parallaxsome 1.3.6
  • punte 1.1.2
  • muter 1.3.1
  • ripple 1.2.0
  • scrollme 2.1.0
  • sportsmag 1.2.1
  • storevilla 1.4.1
  • ayunan-lite 1.1.9
  • ing-launcher 1.3.2
  • ing-ana 1.4.1
  • uncode-lite 1.3.1
  • unicon-lite 1.2.6
  • vmag 1.2.7
  • vmagazine-lite 1.3.5
  • vmagazine-warta 1.0.5
  • zigcy-bayi 1.0.6
  • zigcy-kosmetik 1.0.5
  • zigcy-lite 2.0.9

Plugins sing diganti backdoor dideteksi:

  • accesspress-anonim-post 2.8.0 2.8.1 1
  • accesspress-custom-css 2.0.1 2.0.2
  • accesspress-custom-post-type 1.0.8 1.0.9
  • accesspress-facebook-otomatis-kirim 2.1.3 2.1.4
  • accesspress-instagram-feed 4.0.3 4.0.4
  • accesspress-pinterest 3.3.3 3.3.4
  • accesspress-sosial-counter 1.9.1 1.9.2
  • accesspress-sosial-ikon 1.8.2 1.8.3
  • accesspress-sosial-login-lite 3.4.7 3.4.8
  • accesspress-sosial-share 4.5.5 4.5.6
  • accesspress-twitter-otomatis-kirim 1.4.5 1.4.6
  • accesspress-twitter-feed 1.6.7 1.6.8
  • ak-menu-icons-lite 1.0.9
  • ap-kanca 1.0.7 2
  • ap-kontak-formulir 1.0.6 1.0.7
  • ap-custom-testimonial 1.4.6 1.4.7
  • ap-mega-menu 3.0.5 3.0.6
  • ap-pricing-tables-lite 1.1.2 1.1.3
  • apex-kabar-bar-lite 2.0.4 2.0.5
  • cf7-store-to-db-lite 1.0.9 1.1.0
  • comments-disable-accesspress 1.0.7 1.0.8
  • gampang-sisih-tab-cta 1.0.7 1.0.8
  • everest-admin-theme-lite 1.0.7 1.0.8
  • everest-coming-soon-lite 1.1.0 1.1.1
  • everest-komentar-rating-lite 2.0.4 2.0.5
  • everest-counter-lite 2.0.7 2.0.8
  • everest-faq-manager-lite 1.0.8 1.0.9
  • everest-galeri-lite 1.0.8 1.0.9
  • everest-google-places-reviews-lite 1.0.9 2.0.0
  • everest-review-lite 1.0.7
  • everest-tab-lite 2.0.3 2.0.4
  • everest-timeline-lite 1.1.1 1.1.2
  • inline-call-to-action-builder-lite 1.1.0 1.1.1
  • product-slider-for-woocommerce-lite 1.1.5 1.1.6
  • pinter-logo-showcase-lite 1.1.7 1.1.8
  • pinter-gulung-kiriman 2.0.8 2.0.9
  • pinter-gulung-kanggo-ndhuwur-lite 1.0.3 1.0.4
  • total-gdpr-compliance-lite 1.0.4
  • total-tim-lite 1.1.1 1.1.2
  • ultimate-author-box-lite 1.1.2 1.1.3
  • ultimate-form-builder-lite 1.5.0 1.5.1
  • woo-badge-designer-lite 1.1.0 1.1.1
  • wp-1-slider 1.2.9 1.3.0
  • wp-blog-manager-lite 1.1.0 1.1.2
  • wp-comment-designer-lite 2.0.3 2.0.4
  • wp-cookie-user-info 1.0.7 1.0.8
  • wp-facebook-review-showcase-lite 1.0.9
  • wp-fb-messenger-button-lite 2.0.7
  • wp-menu ngambang 1.4.4 1.4.5
  • wp-media-manager-lite 1.1.2 1.1.3
  • wp-popup-banner 1.2.3 1.2.4
  • wp-popup-lite 1.0.8
  • wp-product-galery-lite 1.1.1

Source: opennet.ru

Add a comment