Ku-plugin ye-WordPress ngokufaka okusebenzayo okungaphezu kwezinkulungwane ezingama-700, ukuba sengozini okuvumela imiyalo engafanele kanye nemibhalo ye-PHP ukuthi isetshenziswe kuseva. Udaba luvela kokuthi Isiphathi Sefayela sikhipha okuthi 6.0 kuye ku-6.8 futhi sixazululwe ekukhishweni kwe-6.9.
I-plugin ye-File Manager inikezela ngamathuluzi okuphatha ifayela omlawuli we-WordPress, kusetshenziswa umtapo wolwazi ofakiwe wokukhohlisa ifayela wezinga eliphansi. . Ikhodi yomthombo yelabhulali ye-elFinder iqukethe amafayela anezibonelo zekhodi, anikezwa kuhla lwemibhalo olusebenzayo nesandiso esithi “.dist”. Ukuba sengozini kubangelwa ukuthi ngenkathi umtapo wezincwadi uthunyelwa, ifayela elithi "connector.minimal.php.dist" laqanjwa kabusha ukuze lithi "connector.minimal.php" futhi latholakala ukuze lisetshenziswe lapho kuthunyelwa izicelo zangaphandle. Iskripthi esishiwo sikuvumela ukuthi wenze noma yimiphi imisebenzi ngamafayela (ukulayisha, ukuvula, umhleli, ukuqamba kabusha, i-rm, njll.), njengoba imingcele yayo idluliselwa ku-run() umsebenzi we-plugin eyinhloko, engasetshenziswa esikhundleni samafayela we-PHP. ku-WordPress futhi usebenzise ikhodi engafanele.
Okwenza ingozi ibe yimbi kakhulu ukuthi ubungozi sebuvele bukhona ukwenza ukuhlasela okuzenzakalelayo, lapho isithombe esiqukethe ikhodi ye-PHP silayishwa kumkhombandlela othi “plugins/wp-file-manager/lib/files/” kusetshenziswa umyalo othi “layisha”, obese uqanjwa kabusha ube umbhalo we-PHP ogama lawo lingu ekhethwe ngokungahleliwe futhi iqukethe umbhalo othi “kanzima” noma “x.”, isibonelo, hardfork.php, hardfind.php, x.php, njll.). Uma isikhishiwe, ikhodi ye-PHP yengeza i-backdoor kumafayela /wp-admin/admin-ajax.php kanye /wp-includes/user.php, enikeza abahlaseli ukufinyelela ku-interface yomphathi wesayithi. Umsebenzi wenziwa ngokuthumela isicelo se-POST efayeleni elithi “wp-file-manager/lib/php/connector.minimal.php”.
Kuyaphawuleka ukuthi ngemva kokugenca, ngaphezu kokushiya i-backdoor, izinguquko zenziwa ukuze kuvikelwe izingcingo ezengeziwe kufayela le-connector.minimal.php, eliqukethe ubungozi, ukuze kuvinjwe ukuthi kungenzeka ukuthi abanye abahlaseli bahlasele iseva.
Imizamo yokuqala yokuhlasela itholwe ngoSepthemba 1 ngo-7 am (UTC). IN
12:33 (UTC) abathuthukisi be-plugin Yesiphathi Sefayela bakhiphe isiqeshana. Ngokusho kwenkampani yakwa-Wordfence ehlonze ubungozi, i-firewall yabo ivimbe imizamo engaba yizinkulungwane ezingama-450 yokuxhaphaza ubuthakathaka ngosuku. Ukuskena kwenethiwekhi kubonise ukuthi u-52% wamasayithi asebenzisa le plugin awakakabuyekezwa futhi ahlala esengozini. Ngemva kokufaka isibuyekezo, kunengqondo ukuhlola ilogi yeseva ye-http ukuze uthole amakholi kuskripthi se-"connector.minimal.php" ukuze unqume ukuthi isistimu ifakwe engcupheni.
Ukwengeza, ungaqaphela ukukhishwa okulungisayo eyahlongoza .
Source: opennet.ru