Maanta waxaan eegi doonaa laba kiis hal mar - xogta macaamiisha iyo la-hawlgalayaasha laba shirkadood oo gebi ahaanba kala duwan ayaa si xor ah loo heli karaa "mahadsanid" furitaanka Elasticsearch servers oo leh diiwaannada nidaamyada macluumaadka (IS) ee shirkadahan.
Xaaladda kowaad, kuwani waa tobanaan kun (iyo laga yaabee boqolaal kun) tigidhada munaasabadaha dhaqameed ee kala duwan (tiyaatarada, naadiyada, safarrada webiyada, iwm) ee lagu iibiyo nidaamka Radario (www.radario.ru).
Xaaladda labaad, tani waa xogta ku saabsan safarrada dalxiiska ee kumanaan (laga yaabo dhowr tobanaan kun) oo socdaalayaal ah oo iibsaday dalxiisyo iyada oo loo marayo wakaaladaha safarka ee ku xiran nidaamka Sletat.ru (www.sletat.ru).
Waxaan jeclaan lahaa in aan isla markiiba ogaado in aanay ku kala duwanayn oo keliya magacyada shirkadihii oggolaaday in xogtu si guud loo helo, balse ay sidoo kale ku kala duwan yihiin habka ay shirkadahani u garteen dhacdadan iyo falcelinta ka dambaysa. Laakiin marka hore waxyaabaha ugu horreeyaβ¦
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.
Kiis kow. "Radario"
Habeenka 06.05.2019/XNUMX/XNUMX nidaamkayaga , oo ay leedahay adeegga iibka tigidhada elektiroonigga ah ee Radario.
Marka loo eego dhaqanka murugada leh ee horay loo aasaasay, server-ku wuxuu ka kooban yahay diiwaanno faahfaahsan oo ku saabsan nidaamka macluumaadka adeegga, kaas oo ay suurtagal tahay in la helo xogta shakhsi ahaaneed, gelitaanka isticmaalaha iyo ereyada sirta ah, iyo sidoo kale tigidhada elektaroonigga ah laftooda ee dhacdooyinka kala duwan ee dalka oo dhan.
Tirada guud ee diiwaanadu waxay dhaaftay 1 TB.
Marka loo eego matoorka raadinta ee Shodan, seerfarku waxa uu ahaa mid si guud loo heli karo ilaa Maarso 11.03.2019, 06.05.2019. Waxaan ogaysiiyay shaqaalaha Radario 22/50/07.05.2019 saacadu markay ahayd 09:30 (MSK) iyo XNUMX/XNUMX/XNUMX saacadu markay ahayd XNUMX:XNUMX server-ka lama heli karo.
Logu wuxuu ka koobnaa calaamad caalami ah (hal) oo oggolaansho ah, taasoo bixisa gelitaanka dhammaan tigidhada la iibsaday iyada oo loo marayo xiriiriyo gaar ah, sida:
http://radario.ru/internal/tickets/XXXXXXXX/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTk
http://radario.ru/internal/orders/YYYYYYY/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTkDhibaatadu waxay sidoo kale ahayd in lagu xisaabtamo tigidhada, tirinta joogtada ah ee dalabaadka ayaa la isticmaalay iyo tirinta fudud ee lambarka tigidhada (XXXXXXXXX) ama dalbo (YYYYY), waxaa suurtogal ah in dhammaan tigidhada laga helo nidaamka.
Si aan u hubiyo ku habboonaanta kaydka xogta, xitaa si daacad ah ayaan naftayda u iibsaday tigidhka ugu jaban:
oo markii dambe laga helay server-ka guud ee diiwaanka IS:
http://radario.ru/internal/tickets/11819272/print?access_token==******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTkSi gooni ah, waxaan jeclaan lahaa inaan carrabka ku adkeeyo in tigidhada ay diyaar u yihiin dhacdooyin hore u dhacay iyo kuwa weli la qorsheynayo labadaba. Taasi waa, weeraryahan suurtagal ah ayaa isticmaali kara tigidh qof kale si uu u galo dhacdada la qorsheeyay.
Celcelis ahaan, tusaha Elasticsearch kasta oo ka kooban diiwaannada hal maalin gaar ah (laga bilaabo 24.01.2019/07.05.2019/25 ilaa 35/XNUMX/XNUMX) wuxuu ka koobnaa XNUMX ilaa XNUMX kun tigidh.
Marka lagu daro tigidhada laftooda, tusmuhu waxa uu ka kooban yahay gelitaanka (cinwaannada iimaylka) iyo erayga sirta ah ee qoraalka si loo galo akoonnada gaarka ah ee shuraakada Radario ee iibiya tigidhada munaasabadahooda adeeggan:
Content: "ReturnUrl=&UserEmail=***@yandex.ru&UserPassword=***"Wadar ahaan, in ka badan 500 oo lammaane login/password ah ayaa la ogaaday. Tirakoobka iibka tigidhada ayaa lagu arki karaa xisaabaadka gaarka ah ee la-hawlgalayaasha:
Waxa kale oo si guud loo helay magacyada, lambarada telefoonada iyo ciwaanada iimaylka iibsadayaasha go'aansaday inay soo celiyaan tigidhada hore loo iibsaday:
"Content": "{"name":"***","surname":"*** ","middleName":"ΠΠ²Π³Π΅Π½ΡΠ΅Π²Π½Π° ","passportType":1,"passportNumber":"","passportIssueDate":"11-11-2011 11:11:11","passportIssuedBy":"","email":"***@mail.ru","phone":"+799*******","ticketNumbers":["****24848","****948732"],"refundReason":4,"comment":""}"Hal maalin oo si aan kala sooc lahayn loo xushay, in ka badan 500 oo diiwaan oo noocaas ah ayaa la helay.
Waxaan ka helay jawaab-celinta digniinta agaasimaha farsamada ee Radario:
Anigu waxaan ahay agaasimaha farsamada ee Radario waxaana jeclaan lahaa inaan kaaga mahadceliyo aqoonsiga dhibaatada. Sidaad ogtahay, waxaan xirnay marinka laastikada waxaanan xallineynaa arrinta dib-u-soo-bixinta tigidhada macaamiisha.
Wax yar ka dib shirkadu waxay soo saartay bayaan rasmi ah:
Nuglaanta ayaa laga helay nidaamka iibka tigidhada elektiroonigga ah ee Radario oo isla markiiba la saxay, taas oo horseedi karta in xogta macaamiisha adeegga ay ka baxdo, maamulaha suuqgeynta ee shirkadda Kirill Malyshev, ayaa u sheegay Wakaaladda Wararka ee Magaalada Moscow.
"Waxaan dhab ahaantii ogaanay nuglaanta hawlgalka nidaamka ee la xidhiidha cusbooneysiinta joogtada ah, kaas oo la hagaajiyay isla markiiba ka dib markii la helay. Natiijadii nuglaanshaha awgeed, xaaladaha qaarkood, ficillada saaxiibtinimo ee qolo saddexaad waxay u horseedi kartaa daadinta xogta, laakiin wax shil ah lama diiwaangelin. Hadda, dhammaan khaladaadka waa la tirtiray, "ayuu yiri K. Malyshev.
Wakiil shirkadeed ayaa ku nuuxnuuxsaday in la go'aansaday in dib loo soo saaro dhammaan tikidhada la iibiyay inta lagu jiro xalinta dhibaatada si gebi ahaanba meesha looga saaro suurtagalnimada wax kasta oo khiyaano ah oo ka dhan ah macaamiisha adeegga.
Dhowr maalmood ka dib, waxaan hubiyay helitaanka xogta aniga oo isticmaalaya xiriiriyeyaasha soo daatay - gelitaanka tigidhada "soo bannaan" runtii waa la daboolay. Fikradayda, tani waa hab karti leh, xirfad leh oo lagu xallinayo dhibaatada daadinta xogta.
Kiis labaad. "Fly.ru"
Subaxnimadii 15.05.2019/XNUMX/XNUMX DeviceLock Xogta Jebinta Sirdoonka la aqoonsaday server-ka Elasticsearch dadweynaha oo wata diiwaanka IS gaar ah.
Ka dib waxaa la aasaasay in server-ka uu ka tirsan yahay adeegga xulashada dalxiiska "Sletat.ru".
Laga soo bilaabo index cbto__0 waxaa suurtagal ahayd in la helo kumanyaal (11,7 kun oo ay ku jiraan nuqullo) cinwaano iimayl ah, iyo sidoo kale qaar ka mid ah macluumaadka lacag-bixinta (kharashka dalxiiska) iyo xogta socdaalka (goorma, halkee, faahfaahinta tigidhada hawada Π²ΡΠ΅Ρ dadka safarka ah ee ku jira safarka, iwm) ee qadarka ku saabsan 1,8 kun oo diiwaan:
"full_message": "ΠΠΎΠ»ΡΡΠ΅Π½ Π·Π°ΠΏΡΠΎΡ Π·Π° ΡΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠ»Π°ΡΠ΅ΠΆΠ½ΠΎΠ³ΠΎ ΡΡΠ΅Π΄ΡΡΠ²Π°: {"SuccessReturnUrl":"https://sletat.ru/tour/7-1939548394-65996246/buy/?ClaimId=b5e3bf98-2855-400d-a93a-17c54a970155","ErrorReturnUrl":"https://sletat.ru/","PaymentAgentId":15,"DocumentNumber":96629429,"DocumentDisplayNumber":"4451-17993","Amount":36307.0,"PaymentToolType":3,"ExpiryDateUtc":"2020-04-03T00:33:55.217358+03:00","LifecycleType":2,"CustomerEmail":"[email protected]","Description":"","SettingsId":"8759d0dd-da54-45dd-9661-4e852b0a1d89","AdditionalInfo":"{"TourOfficeAdditionalInfo":{"IsAdditionalPayment":false},"BarrelAdditionalInfo":{"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]},"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]}","FinancialSystemId":9,"Key":"18fe21d1-8c9c-43f3-b11d-6bf884ba6ee0"}"Jid ahaan, isku xirka safarada lacag bixinta ayaa aad u shaqeeya:
In indexes leh magac graylog_ Qoraal cad ayaa ahaa gelitaanka iyo furaha sirta ah ee wakaaladaha socdaalka ee ku xidhan nidaamka Sletat.ru iyo iibinta dalxiiska macaamiishooda:
"full_message": "Tours by request 155213901 added to local cache with key 'user_cache_155213901' at 5/6/2019 4:49:07 PM, rows found 0, sortedPriceLength 215. QueryString: countryId=90&cityFromId=1265&s_nightsMin=6&s_nightsMax=14&stars=403%2c404&minHotelRating=1¤cyAlias=RUB&pageSize=300&pageNumber=1&s_showcase=true&includeOilTaxesAndVisa=0&login=zakaz%40XXX.ru&password=XXX, Referer: , UserAgent: , IP: 94.154.XX.XX."Marka loo eego qiyaastayda, dhowr boqol oo lammaane login/password ah ayaa la soo bandhigay.
Laga soo bilaabo koontada gaarka ah ee wakaaladda socdaalka ee ku taal bogga wakiilka.sletat.ru waxaa suurtogal ah in la helo xogta macaamiisha, oo ay ku jiraan lambarrada baasaboorka, baasaboorka caalamiga ah, taariikhda dhalashada, magacyada buuxa, lambarada telefoonada iyo cinwaannada emailka.
Waxaan ku wargeliyay adeegga Sletat.ru 15.05.2019/10/46 saacadu markay ahayd 16:00 (MSK) dhawr saacadood ka dib (ilaa XNUMX:XNUMX) way ka luntay gelitaankooda bilaashka ah. Ka dib, iyada oo laga jawaabayo daabacaadda Kommersant, maamulka adeegga ayaa bayaan aad u yaab leh ka sameeyay warbaahinta:
Madaxa shirkadda, Andrei Vershinin, ayaa sharraxay in Sletat.ru ay bixiso tiro ka mid ah hawl-wadeennada dalxiiska ee lammaanaha si ay u helaan taariikhda weydiimaha mashiinka raadinta. Oo wuxuu u qaatay in DeviceLock ay heshay: "Si kastaba ha ahaatee, xogta la cayimay kuma jiraan xogta baasaboorka dalxiisayaasha, gelitaanka wakaalada socdaalka iyo furaha sirta ah, macluumaadka lacag bixinta, iwm." Andrei Vershinin ayaa xusay in Sletat.ru aysan weli helin wax caddayn ah eedeymahan halista ah. "Waxaan hadda isku dayeynaa inaan la xiriirno DeviceLock. Waxaan aaminsanahay in tani ay tahay amar. Dadka qaarkiis ma jecla kobacayada degdega ah,β ayuu raaciyay. "
Sida kor ku cad, galitaanka, ereyada sirta ah, iyo xogta baasaboorka ee dalxiisayaashu waxay ku jireen goobta dadweynaha muddo dheer (ugu yaraan ilaa Maarso 29.03.2019, XNUMX, markii server-ka shirkadda markii ugu horreysay lagu duubay goobta dadweynaha ee mashiinka raadinta Shodan). Dabcan, qofna nalama soo xidhiidhin. Waxaan rajeynayaa in ugu yaraan ay ogeysiiyeen wakaaladaha socdaalka wax ku saabsan daadinta oo ay ku qasbeen inay beddelaan furaha sirta ah.
Wararka ku saabsan daadinta macluumaadka iyo kuwa ku jira had iyo jeer waxaa laga heli karaa kanaalkayga Telegram "".
Source: www.habr.com