Ho na le bofokoli bo 'maloa ho sebopeho sa marang-rang sa J-Web, se sebelisoang lisebelisoa tsa marang-rang tsa Juniper tse nang le sistimi ea ts'ebetso ea JunOS, e kotsi ka ho fetisisa (CVE-2022-22241) e u lumellang hore u phethe khoutu ea hau u le hole ho sistimi ntle le netefatso ka ho romella kopo e entsoeng ka ho khetheha ea HTTP. Basebelisi ba lisebelisoa tsa Juniper ba eletsoa ho kenya lisebelisoa tsa firmware, 'me haeba sena se sa khonehe, etsa bonnete ba hore ho fihlella sebopeho sa marang-rang ho koetsoe ho marang-rang a kantle mme ho lekanyelitsoe ho baamoheli ba tšepahalang feela.
Ntho ea bohlokoa ea ho ba kotsing ke hore tsela ea faele e fetisitsoeng ke mosebedisi e sebetsoa ho /jsdm/ajax/logging_brows.php ntle le ho sefa sehlomathiso ka mofuta oa litaba sethaleng pele ho hlahloba bopaki. Motho ea hlaselang a ka fetisa faele e mpe ea phar tlas'a sets'oants'o sa setšoantšo mme a fihlelle ts'ebetsong ea khoutu ea PHP e sebakeng sa polokelo ea litaba a sebelisa mokhoa oa tlhaselo oa "Phar deserialization" (mohlala, ho hlakisa "filepath=phar:/path/pharfile.jpg ” kopong).
Bothata ke hore ha u sheba faele e kentsoeng u sebelisa mosebetsi oa PHP is_dir(), ts'ebetso ena e senya metadata ka bo eona ho tsoa ho Phar Archive ha o sebetsana le litsela tse qalang ka "phar://". Phello e ts'oanang e bonoa ha ho sebetsoa litsela tsa faele tse fanoeng ke basebelisi ho file_get_contents(), fopen(), file(), file_exists(), md5_file(), filemtime() le filesize() mesebetsi.
Tlhaselo e rarahane ke taba ea hore ntle le ho qalisa ts'ebetso ea polokelo ea phar, mohlaseli o tlameha ho fumana mokhoa oa ho e jarolla sesebelisoa (ka ho kena /jsdm/ajax/logging_brows.php, o ka hlalosa feela tsela ea ho etsa faele e seng e ntse e le teng). Maemo a ka bang teng bakeng sa lifaele tse kenang sesebelisoa a kenyelletsa ho khoasolla faele ea phar e ipatileng joalo ka setšoantšo ka ts'ebeletso ea phetisetso ea litšoantšo le ho kenya faele sebakeng sa cache ea litaba tsa webo.
Bofokoli bo bong:
- CVE-2022-22242 - ho kenya sebaka sa li-parameter tse sa hloekisoang ka ntle ho tlhahiso ea phoso.php script, e lumellang ho ngola le ho phethahatsa khoutu ea JavaScript ho sebatli sa mosebedisi ha u latela sehokelo (mohlala, "https:// JUNOS_IP/error.php?SERVER_NAME= alert(0) " Ho ba kotsing ho ka sebelisoa ho thibela maemo a tsamaiso haeba bahlaseli ba khona ho etsa hore motsamaisi a bule sehokelo se entsoeng ka mokhoa o ikhethileng.
- CVE-2022-22243, CVE-2022-22244 XPATH expression substitution ka jsdm/ajax/wizards/setup/setup.php le /modules/monitor/interfaces/interface.php e lumella mosebelisi ea se nang tokelo ea netefalitsoeng ho laola linako tsa tsamaiso.
- CVE-2022-22245 Ho hloka sanitization e nepahetseng ea ".." tatellano litseleng tse sebetsitsoeng ho Upload.php script e lumella mosebelisi ea netefalitsoeng ho kenya faele ea hae ea PHP bukeng e lumellang mangolo a PHP hore a etsoe (mohlala, ka ho fetisa. tsela "fileName=\. .\..\..\..\www\dir\new\shell.php").
- CVE-2022-22246 - Monyetla oa ts'ebetso ea faele ea PHP ea lehae ka mokhoa o sa reroang ka ho qhekelloa ke mosebelisi ea netefalitsoeng oa jrest.php script, eo ho eona ho sebelisoang likarolo tsa kantle ho theha lebitso la faele e laetsoeng ke "require_once()" mosebetsi (bakeng sa mohlala, "/jrest.php?payload =alol/lol/any\..\..\..\..\any\file")
Source: opennet.ru