Gore rapfuura takaburitsa Nemesida WAF Yemahara, ine simba module yeNGINX inovhara kurwiswa kwewebhu application. Kusiyana neshanduro yekutengeserana, iyo yakavakirwa pakudzidza muchina, iyo yemahara vhezheni inoongorora zvikumbiro chete uchishandisa siginecha nzira.
Zvimiro zvekuburitswa kweNemesida WAF 4.0.129
Isati yaburitswa ikozvino, iyo Nemesida WAF ine simba module yakatsigira chete Nginx Stable 1.12, 1.14 uye 1.16. Kuburitswa kutsva kunowedzera rutsigiro rweNginx Mainline, kutanga kubva 1.17, uye Nginx Plus, kutanga kubva 1.15.10 (R18).
Sei kugadzira imwe WAF?
NAXSI uye mod_security ingangove inonyanya kufarirwa yemahara WAF module, uye mod_security inokurudzirwa neNginx, kunyangwe pakutanga yaishandiswa chete muApache2. Ese mhinduro ndeyemahara, yakavhurika sosi uye ine vashandisi vazhinji pasirese. Kune mod_security, yemahara uye yekutengeserana siginecha seti inowanikwa ne500 $ pagore, yeNAXSI pane yemahara seti yemasaini kunze kwebhokisi, uye iwe unogona zvakare kuwana mamwe seti emitemo, akadai sedoxsi.
Gore rino takaedza kushanda kweNAXSI neNemesida WAF Yemahara. Muchidimbu nezvemibairo:
- NAXSI haiite kaviri URL decode mumakuki
- NAXSI inotora nguva yakareba kwazvo kugadzirisa - nekusarudzika, iyo yekumisikidza mitemo inovhara zvikumbiro zvakawanda kana uchishanda newebhu application (mvumo, kugadzirisa chimiro kana zvinhu, kutora chikamu muongororo, nezvimwewo) uye zvinodikanwa kugadzira zvinyorwa zvisirizvo. , iyo ine tapuro yakaipa pakuchengeteka. Nemesida WAF Yemahara ine default zvigadziriso haina kuita imwechete yenhema yakanaka ichishanda nesaiti.
- iyo nhamba yekupotsa kurwiswa kweNAXSI yakapetwa kakawanda, nezvimwe.
Pasinei nekukanganisa, NAXSI uye mod_security vane zvingangoita zviviri zvakanaka - yakavhurika sosi uye nhamba huru yevashandisi. Isu tinotsigira pfungwa yekuburitsa kodhi kodhi, asi isu hatigone kuita izvi nekuda kwematambudziko anogona kuitika ne "piracy" yeshanduro yekutengeserana, asi kutsiva kukanganisa uku, isu tiri kuburitsa zvizere zviri mukati mesiginecha seti. Isu tinokoshesa kuvanzika uye tinokupa kuti uzviratidze iwe pachako uchishandisa proxy server.
Zvimiro zveNemesida WAF Yemahara:
- yepamusoro-soro siginicha dhatabhesi ine hushoma nhamba yeNhema Positive uye Nhema Negative.
- kuisa uye kugadzirisa kubva kune repository (inokurumidza uye iri nyore);
- zviitiko zviri nyore uye zvinonzwisisika nezvezviitiko, uye kwete "kukanganisa" seNAXSI;
- zvachose yemahara, haina zvirambidzo pahuwandu hwetraffic, chaiwo mauto, nezvimwe.
Mukupedzisa, ini ndichapa akati wandei mibvunzo yekuongorora mashandiro eWAF (inokurudzirwa kuishandisa mune imwe neimwe yenzvimbo: URL, ARGS, Headers & Muviri):
')) un","ion se","lect 1,2,3,4,5,6,7,8,9,0,11#"]
')) union/**/select/**/1,/**/2,/**/3,/**/4,/**/5,/**/6,/**/7,/**/8,/**/9,/**/'some_text',/**/11#"]
union(select(1),2,3,4,5,6,7,8,9,0x70656e746573746974,11)#"]
')) union+/*!select*/ (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
')) /*!u%6eion*/ /*!se%6cect*/ (1),(2),(3),(4),(5),(6),(7),(8),(9.),(0x70656e746573746974),(11)#"]
')) %2f**%2funion%2f**%2fselect (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
%5B%221807182982%27%29%29%20uni%22%2C%22on
%20sel%22%2C%22ect%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C%2some_text%27%2C11%23%22%5D
cat /et?/pa?swd
cat /et'c/pa'ss'wd
cat /et*/pa**wd
e'c'ho 'swd test pentest' |awk '{print "cat /etc/pas"$1}' |bas'h
cat /etc/passwd
cat$u+/etc$u/passwd$u
<svg/onload=alert()//
Kana zvikumbiro zvisina kuvharwa, saka kazhinji iyo WAF ichapotsa kurwiswa chaiko. Usati washandisa mienzaniso, ita shuwa kuti WAF haisi kuvharidzira zvikumbiro zviri pamutemo.
Source: www.habr.com