Vatsvagiri kubva kuCheck Point
Kuti ubudirire kurwiswa, zvinodikanwa kuti ugone kugadzirisa dhatabhesi mafaera eakarwiswa maapplication, ayo anoganhura nzira yekurwisa maapplication anoshandisa SQLite dhatabhesi sefomati yekufambisa uye yekuisa data. Iyo nzira inogonawo kushandiswa kuwedzera kuwanikwa kwenzvimbo iripo, semuenzaniso, kubatanidza yakavanzika backdoors mumashandisirwo akashandiswa, pamwe nekunzvenga nzira dzekuchengetedza paunenge uchiongorora malware nevanochengetedza vaongorori. Kushanda mushure mekutsiva faira kunoitwa panguva iyo application ichiita yekutanga SARA mubvunzo uchipokana netafura mune yakagadziridzwa dhatabhesi.
Semuenzaniso, takaratidza kukwanisa kushandisa kodhi muIOS pakuvhura bhuku rekero, faira ine "AddressBook.sqlitedb" database yakagadziridzwa uchishandisa nzira yakarongwa. Kurwiswa uku kwakashandisa kusagadzikana mune fts3_tokenizer basa (CVE-2019-8602, pointer dereference kugona), yakagadziriswa muna Kubvumbi SQLite 2.28 update, pamwe neimwe.
Iyo nzira yekurwisa yakavakirwa pakushandiswa kwemaitiro maviri "Query Hijacking" uye "Query Oriented Programming", iyo inobvumira kushandisa zvisina tsarukano zvinetso zvinotungamira kuhuori hwendangariro muSQLite injini. Izvo zvakakosha zve "Query Hijacking" ndeyekutsiva zviri mukati me "sql" ndima mune sqlite_master service tafura, iyo inosarudza chimiro chedhatabhesi. Munda wakataurwa une DDL (Data Definition Mutauro) block inoshandiswa kutsanangura chimiro chezvinhu zviri mudhatabhesi. Tsanangudzo inotsanangurwa uchishandisa yakajairwa SQL syntax, i.e. iyo "CREATE TABLE" kuvaka inoshandiswa,
iyo inoitwa panguva yekutangisa dhatabhesi (panguva yekutanga kuvhurwa
sqlite3LocateTable mabasa ekugadzira zvine chekuita netafura zvimiro zvemukati mundangariro.
Pfungwa ndeyokuti, semugumisiro wekutsiva "CREATE TABLE" ne "CREATE VIEW", zvinova zvinogoneka kudzora chero kuwana kune dhatabhesi nekutsanangura maonero ako. Uchishandisa "CREATE VIEW" basa re "SELECT" rinosungirirwa patafura, iyo ichadanwa pachinzvimbo che "CREATE TABLE" uye inobvumidza iwe kuwana zvikamu zvakasiyana zveSQLite muturikiri. Tevere, nzira iri nyore yekurwisa ingave yekudaidza iyo "load_extension" basa, iro rinokutendera kuti utakure raibhurari yezvipo nekuwedzera, asi basa iri rakavharwa nekusingaperi.
Kuita kurwisa kana zvichikwanisika kuita "SELECT" mashandiro, iyo "Query Oriented Programming" nzira inokurudzirwa, iyo inoita kuti zvibvire kushandisa matambudziko muSQLite anotungamirira kuhuori hwendangariro. Iyo tekinoroji inoyeuchidza yekudzoka-yakatarisana programming (
Source: opennet.ru