Mune WordPress plugin ine zvinopfuura 700 zviuru zvezvigadziriso zvinoshanda, kusadzivirirwa kunobvumira mirairo yekupokana uye zvinyorwa zvePHP kuti zviitwe paseva. Iyo nyaya inoonekwa muFaira Maneja inoburitsa 6.0 kuburikidza ne6.8 uye inogadziriswa mukuburitswa 6.9.
Iyo File Manager plugin inopa faira manejimendi maturusi eiyo WordPress maneja, uchishandisa raibhurari inosanganisirwa yeakaderera-level faira manipulation. . Iko kunobva kodhi yeraibhurari yeelFinder ine mafaera ane mienzaniso yekodhi, ayo anowanikwa mudhairekitori rekushanda pamwe nekuwedzera ".dist". Kusagadzikana kunokonzerwa nekuti raibhurari payakatumirwa, faira "connector.minimal.php.dist" yakatumidzwa zita rekuti "connector.minimal.php" uye yakavepo kuti iitwe pakutumira zvikumbiro zvekunze. Iyo yakataurwa script inobvumidza iwe kuita chero mashandiro nemafaira (upload, vhura, mupepeti, rename, rm, zvichingodaro), sezvo maparamita ayo achipfuudzwa kune run () basa reiyo main plugin, inogona kushandiswa kutsiva PHP mafaera. muWordPress uye mhanyisa kodhi kodhi.
Chinoita kuti njodzi iwedzere ndechekuti kusagadzikana kwatove kuita otomatiki kurwisa, panguva iyo chifananidzo chine PHP kodhi chinoiswa kune "plugins/wp-file-manager/lib/mafaira/" dhairekitori uchishandisa "upload" murairo, unozotumidzwa zita rekuti PHP script rine zita yakasarudzwa zvisina tsarukano uye ine zvinyorwa "zvakaoma" kana "x.", semuenzaniso, hardfork.php, hardfind.php, x.php, nezvimwewo). Kana yangoitwa, iyo PHP code inowedzera backdoor kune /wp-admin/admin-ajax.php uye /wp-includes/user.php mafaira, ichipa vanorwisa kupinda kune saiti administrator interface. Kushanda kunoitwa nekutumira chikumbiro chePOST kufaira "wp-file-manager/lib/php/connector.minimal.php".
Zvinokosha kuziva kuti mushure mekuvhara, kunze kwekusiya kumashure, shanduko dzinoitwa kuchengetedza mamwe mafoni kune connector.minimal.php faira, iyo ine hutambudziki, kuitira kudzivirira mukana wevamwe vanorwisa server.
Kuedza kwekutanga kurwisa kwakaonekwa munaGunyana 1 na7 am (UTC). IN
12:33 (UTC) vagadziri veFaira Maneja plugin vakaburitsa chigamba. Maererano nekambani yeWordfence iyo yakaratidza kusagadzikana, firewall yavo yakavhara nezve 450 zviuru kuedza kushandisa kusagadzikana pazuva. Kuongororwa kwetiweki kwakaratidza kuti 52% yemasaiti anoshandisa plugin iyi haisati yagadziridzwa uye inoramba iri panjodzi. Mushure mekuisa iyo yekuvandudza, zvine musoro kutarisa iyo http server log kune mafoni kune "connector.minimal.php" script kuti uone kana system yacho yakakanganiswa.
Mukuwedzera, iwe unogona kucherechedza kusunungurwa kwekugadzirisa izvo zvakakurudzira .
Source: opennet.ru