В WordPress-i-plugin ngokufaka okusebenzayo okungaphezu kwezinkulungwane ezingama-700, ukuba sengozini okuvumela imiyalo engafanele kanye nemibhalo ye-PHP ukuthi isetshenziswe kuseva. Udaba luvela kokuthi Isiphathi Sefayela sikhipha okuthi 6.0 kuye ku-6.8 futhi sixazululwe ekukhishweni kwe-6.9.
I-plugin ye-File Manager inikeza amathuluzi okuphatha amafayela kumphathi. WordPress, kusetshenziswa umtapo wolwazi ofakiwe ukuze kulungiswe amafayela ezingeni eliphansi Ikhodi yomthombo welabhulali ye-elFinder iqukethe amafayela ekhodi ayisibonelo, anikezwa kufolda yokusebenza enesandiso se-".dist". Ubuthakathaka bubangelwa iqiniso lokuthi ngesikhathi sokusatshalaliswa komtapo wolwazi, ifayela le-"connector.minimal.php.dist" laqanjwa kabusha laba yi-"connector.minimal.php" futhi latholakala ukuze lisetshenziswe lapho kuthunyelwa izicelo zangaphandle. Lesi skripthi sivumela noma yimiphi imisebenzi yefayela (ukulayisha, ukuvula, umhleli, ukuqamba kabusha, i-rm, njll.) ukuthi yenziwe, njengoba amapharamitha ayo edluliselwa kumsebenzi we-run() we-plugin eyinhloko, engasetshenziswa ukufaka esikhundleni samafayela e-PHP ku WordPress nokusebenzisa ikhodi engahleliwe.
Okwenza ingozi ibe yimbi kakhulu ukuthi ubungozi sebuvele bukhona ukwenza ukuhlasela okuzenzakalelayo, lapho isithombe esiqukethe ikhodi ye-PHP silayishwa kumkhombandlela othi “plugins/wp-file-manager/lib/files/” kusetshenziswa umyalo othi “layisha”, obese uqanjwa kabusha ube umbhalo we-PHP ogama lawo lingu ekhethwe ngokungahleliwe futhi iqukethe umbhalo othi “kanzima” noma “x.”, isibonelo, hardfork.php, hardfind.php, x.php, njll.). Uma isikhishiwe, ikhodi ye-PHP yengeza i-backdoor kumafayela /wp-admin/admin-ajax.php kanye /wp-includes/user.php, enikeza abahlaseli ukufinyelela ku-interface yomphathi wesayithi. Umsebenzi wenziwa ngokuthumela isicelo se-POST efayeleni elithi “wp-file-manager/lib/php/connector.minimal.php”.
Kuyaphawuleka ukuthi ngemva kokugenca, ngaphezu kokushiya i-backdoor, izinguquko zenziwa ukuze kuvikelwe izingcingo ezengeziwe kufayela le-connector.minimal.php, eliqukethe ubungozi, ukuze kuvinjwe ukuthi kungenzeka ukuthi abanye abahlaseli bahlasele iseva.
Imizamo yokuqala yokuhlasela itholwe ngoSepthemba 1 ngo-7 am (UTC). IN
12:33 (UTC) abathuthukisi be-plugin Yesiphathi Sefayela bakhiphe isiqeshana. Ngokusho kwenkampani yakwa-Wordfence ehlonze ubungozi, i-firewall yabo ivimbe imizamo engaba yizinkulungwane ezingama-450 yokuxhaphaza ubuthakathaka ngosuku. Ukuskena kwenethiwekhi kubonise ukuthi u-52% wamasayithi asebenzisa le plugin awakakabuyekezwa futhi ahlala esengozini. Ngemva kokufaka isibuyekezo, kunengqondo ukuhlola ilogi yeseva ye-http ukuze uthole amakholi kuskripthi se-"connector.minimal.php" ukuze unqume ukuthi isistimu ifakwe engcupheni.
Ukwengeza, ungaqaphela ukukhishwa okulungisayo eyahlongoza .
Source: opennet.ru
