Sannadkii hore waxaan sii deynay Nemesida WAF Free, module firfircoon oo loogu talagalay NGINX kaas oo xannibaya weerarrada codsiyada shabakadda. Si ka duwan nooca ganacsiga, kaas oo ku salaysan barashada mashiinka, nooca bilaashka ah wuxuu falanqeeyaa codsiyada iyadoo la adeegsanayo habka saxeexa.
Astaamaha sii deynta Nemesida WAF 4.0.129
Kahor siideynta hadda, Nemesida WAF moduleka firfircoon wuxuu taageeray kaliya Nginx Stable 1.12, 1.14 iyo 1.16. Siideynta cusub waxay ku dartay taageerada Nginx Mainline, laga bilaabo 1.17, iyo Nginx Plus, laga bilaabo 1.15.10 (R18).
Waa maxay sababta loo sameeyo WAF kale?
NAXSI iyo mod_security waxay u badan tahay inay yihiin cutubyada WAF ee bilaashka ah ee ugu caansan, iyo mod_security waxaa si firfircoon u xayeysiiya Nginx, in kasta oo markii hore loo adeegsaday Apache2 oo keliya. Labada xal waa bilaash, il furan waxayna leeyihiin isticmaaleyaal badan oo adduunka ah. Mod_security, xirmooyinka saxeexa bilaashka ah iyo kuwa ganacsiga ayaa diyaar u ah $500 sanadkii, NAXSI waxaa jira saxiix bilaash ah oo ka baxsan sanduuqa, waxaad sidoo kale heli kartaa xeerar dheeraad ah, sida doxsi.
Sannadkan waxaanu tijaabinay hawlgalka NAXSI iyo Nemesida WAF Free. Si kooban oo ku saabsan natiijooyinka:
- NAXSI ma sameeyo laba-laab URL-kood oo ku jira cookies
- NAXSI waxay qaadataa waqti aad u dheer in la habeeyo - sida caadiga ah, dejinta qaanuunka caadiga ah ayaa xannibi doona inta badan codsiyada marka la shaqeynayo arjiga webka (ogolaanshaha, tafatirka profile ama walxaha, ka qayb qaadashada sahannada, iwm.) waxaana lagama maarmaan ah in la abuuro liisaska ka reeban. , taasoo saameyn xun ku leh amniga. Nemesida WAF Bilaash ah oo leh goobaha caadiga ah ma aysan samayn hal been ah oo been ah markii ay la shaqeyneysay goobta.
- tirada weerarrada seegay ee NAXSI ayaa marar badan ka badan, iwm.
Inkasta oo ay jiraan cillado, NAXSI iyo mod_security waxay leeyihiin ugu yaraan laba faa'iidooyin - ilo furan iyo tiro badan oo isticmaaleyaal ah. Waxaan taageereynaa fikradda ah inaan shaaca ka qaadno koodhka isha, laakiin tan weli ma samayn karno sababtoo ah dhibaatooyinka suurtagalka ah ee "burcad-badeedda" ee nooca ganacsiga, laakiin si loo magdhabo cilladdan, waxaan si buuxda u muujineynaa waxa ku jira saxeexa. Waxaanu qiimaynaa sirnimada waxaanan kugula talinaynaa inaad tan laftaadu xaqiijiso addoo isticmaalaya server wakiil.
Tilmaamaha Nemesida WAF Bilaash:
- Xogta Saxeexa tayada sare leh oo leh tirada ugu yar ee beenta wanaagsan iyo beenta taban.
- rakibidda iyo cusbooneysiinta kaydka (waa mid degdeg ah oo habboon);
- dhacdooyin fudud oo la fahmi karo oo ku saabsan dhacdooyinka, oo aan ahayn "khas" sida NAXSI;
- gabi ahaanba bilaash ah, wax xaddidaad ah kuma laha tirada taraafikada, martigeliyayaasha casriga ah, iwm.
Gabagabadii, waxaan ku siin doonaa dhawr su'aalood si aan u qiimeeyo waxqabadka WAF (waxaa lagu talinayaa in lagu isticmaalo mid kasta oo ka mid ah aagagga: URL, ARGS, Headers & Body):
')) un","ion se","lect 1,2,3,4,5,6,7,8,9,0,11#"]
')) union/**/select/**/1,/**/2,/**/3,/**/4,/**/5,/**/6,/**/7,/**/8,/**/9,/**/'some_text',/**/11#"]
union(select(1),2,3,4,5,6,7,8,9,0x70656e746573746974,11)#"]
')) union+/*!select*/ (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
')) /*!u%6eion*/ /*!se%6cect*/ (1),(2),(3),(4),(5),(6),(7),(8),(9.),(0x70656e746573746974),(11)#"]
')) %2f**%2funion%2f**%2fselect (1),(2),(3),(4),(5),(6),(7),(8),(9),(0x70656e746573746974),(11)#"]
%5B%221807182982%27%29%29%20uni%22%2C%22on
%20sel%22%2C%22ect%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C%2some_text%27%2C11%23%22%5D
cat /et?/pa?swd
cat /et'c/pa'ss'wd
cat /et*/pa**wd
e'c'ho 'swd test pentest' |awk '{print "cat /etc/pas"$1}' |bas'h
cat /etc/passwd
cat$u+/etc$u/passwd$u
<svg/onload=alert()//
Haddii codsiyada aan la xannibin, markaas waxay u badan tahay in WAF ay seegi doonto weerarka dhabta ah. Kahor intaadan isticmaalin tusaalooyinka, hubi in WAF aysan xannibin codsiyada sharciga ah.
Source: www.habr.com