Ubuthathaka obuninzi buchongiwe kwi-J-Web interface yewebhu, esetyenziswa kwizixhobo zenethiwekhi zeJuniper ezixhotywe ngenkqubo yokusebenza yeJunOS, eyona yingozi kakhulu (i-CVE-2022-22241) ikuvumela ukuba wenze ukude ikhowudi yakho kwinkqubo ngaphandle uqinisekiso ngokuthumela isicelo esenziwe ngokukodwa seHTTP. Abasebenzisi bezixhobo zeJuniper bayacetyiswa ukuba bafake uhlaziyo lwe-firmware, kwaye ukuba oku akunakwenzeka, qinisekisa ukuba ukufikelela kwi-interface yewebhu kuvaliwe kwiinethiwekhi zangaphandle kwaye zikhawulelwe kwimikhosi ethembekileyo kuphela.
Undoqo wobungozi kukuba umendo wefayile ogqithiselwe ngumsebenzisi ucutshungulwa kwiskripthi /jsdm/ajax/logging_browse.php ngaphandle kokucoca isimaphambili kunye nohlobo lomxholo kwinqanaba ngaphambi kokuqinisekisa ukuqinisekiswa. Umhlaseli unokudlulisa ifayile ye-phar enobungozi phantsi komfanekiso womfanekiso kwaye afezekise ukuphunyezwa kwekhowudi ye-PHP ebekwe kwindawo yokugcina i-phar esebenzisa indlela yokuhlasela ye-"Phar deserialization" (umzekelo, ukucacisa "filepath=phar:/path/pharfile.jpg ” kwisicelo).
Ingxaki kukuba xa ujonga ifayile elayishiweyo usebenzisa umsebenzi we-PHP is_dir (), lo msebenzi ususa ngokuzenzekelayo imetadata esuka kwi-Phar Archive xa kusetyenzwa iindlela eziqala ngo "phar://". Isiphumo esifanayo sibonwa xa kusetyenzwa iindlela zefayile ezinikezelwe ngumsebenzisi kwifayile_get_contents (), fopen (), file (), file_exists (), md5_file (), filemtime () kunye nefayilesize () imisebenzi.
Uhlaselo luyinkimbinkimbi kukuba ngaphezu kokuqalisa ukuphunyezwa kwe-archive ye-phar, umhlaseli kufuneka afumane indlela yokuyikhuphela kwisixhobo (ngokufikelela /jsdm/ajax/logging_brows.php, unokucacisa kuphela indlela eya yenza ifayile esele ikhona). Iimeko ezinokwenzeka zeefayile ezifika kwisixhobo ziquka ukukhuphela ifayile ye-phar efihliweyo njengomfanekiso ngenkonzo yokudlulisa umfanekiso kunye nokubeka ifayile kwindawo yokugcina i-cache yewebhu.
Obunye ubuthathaka:
- I-CVE-2022-22242 - ukutshintshwa kweeparamitha zangaphandle ezingahluzwanga kwimveliso yeskripthi sempazamo.php, evumela ukubhalwa kwe-cross-site kunye nokuphunyezwa kwekhowudi yeJavaScript engafanelekanga kwisikhangeli somsebenzisi xa ulandela ikhonkco (umzekelo, "https:// JUNOS_IP/error.php?SERVER_NAME= alert(0) " Ukuba sesichengeni kungasetyenziselwa ukuthintela iiparamitha zeseshoni yomlawuli ukuba abahlaseli balawula ukufumana umlawuli ukuba avule ikhonkco eliyilwe ngokukodwa.
- I-CVE-2022-22243, i-CVE-2022-22244 i-XPATH yokubeka inkcazo endaweni nge-jsdm/ajax/wizards/setup/setup.php kunye /imodyuli/monitor/interfaces/interface.php izikripthi zivumela umsebenzisi ongenalungelo lokuqinisekisa ukuba aqhube iiseshini zolawulo.
- I-CVE-2022-22245 Ukunqongophala kococeko olufanelekileyo lwe ".." ulandelelwano kwiindlela eziqhutywe kwi-script ye-Upload.php ivumela umsebenzisi oqinisekisiweyo ukuba afake ifayile yakhe ye-PHP kuluhlu oluvumela ukuba izikripthi ze-PHP zenziwe (umzekelo, ngokudlula indlela "fileName=\. .\..\..\..\www\dir\new\shell.php").
- I-CVE-2022-22246 -Ukwenzeka kokuphunyezwa kwefayile yendawo ye-PHP ngokungenasizathu ngokuguqulwa komsebenzisi oqinisekisiweyo weskripthi se-jrest.php, apho iparameters zangaphandle zisetyenziselwa ukwenza igama lefayile elayishwe ngu "require_once ()" umsebenzi (for umzekelo, "/jrest.php?payload =alol/lol/nayiphi\..\..\..\..\nany\file")
umthombo: opennet.ru