{"id":31,"date":"2013-01-18T22:21:47","date_gmt":"2013-01-18T20:21:47","guid":{"rendered":"http:\/\/www.nettissimo.ro\/news\/?p=31"},"modified":"2013-01-19T20:58:56","modified_gmt":"2013-01-19T18:58:56","slug":"vulnerabilitate-oscommerce-injectie-de-cod","status":"publish","type":"post","link":"https:\/\/www.nettissimo.ro\/news\/blog\/2013\/01\/18\/vulnerabilitate-oscommerce-injectie-de-cod\/","title":{"rendered":"vulnerabilitate oscommerce injectie de cod"},"content":{"rendered":"

Din jurnalul de acces\u0103ri ale paginilor de pe serverele Nettissimo:<\/p>\n

GET \/create_account.php?language=en&osCsid=0bd23d505b9e827959371b26e4cb8857&amp;sa=U&amp;ei=7775UJtT4-bhBISXgeAM&amp;amp;ved=0CP4BEBYwTDj0Aw&amp;usg=AFQjCNHgnWOpMsJ1uYsHOxw2KVImpKO0RA\/admin\/banner_manager.php\/login.php<\/p>\n

sau:<\/p>\n

GET \/create_account.php?language=en&osCsid=0bd23d505b9e827959371b26e4cb8857&amp;sa=U&amp;ei=7775UJtT4-bhBISXgeAM&amp;amp;ved=0CP4BEBYwTDj0Aw&amp;usg=AFQjCNHgnWOpMsJ1uYsHOxw2KVImpKO0RA\/admin\/file_manager.php\/login.php<\/p>\n

Site vizat: un site care ruleaz\u0103 platforma de ecommerce oscommerce.<\/p>\n

Browser-ul folosit de hacker pare real (Firefox), \u00een spatele atacului st\u0103 un IP din Turcia (195.244.34.137) \u015fi o persoan\u0103 aparent uman\u0103, nu un robot spion.<\/p>\n

Accesarea unor linkuri care con\u0163in c\u00e2mpurile file_manager si banner_manager ale unor platforme oscommerce permite hackerilor s\u0103 inecteze cod malitios \u00een site-urile atacate. Acest cod mali\u0163ios const\u0103 \u00een general \u00een scrierea de iframe-uri sau elemente de script pe paginile site-urilor atacate.<\/p>\n

C\u00e2nd un client viziteaz\u0103 paginile sparte si \u00eencarc\u0103 elementele de script sau iframe-urile injectate pe acele pagini poate desc\u0103rca un virus care i se instaleaz\u0103 pe calculator.<\/p>\n

Hackerul care a spart pagina poate urm\u0103ri IP-urile de la care s-a efectuat instalarea virusului si poate exploata in continuare mai departe calculatorul virusat pentru scopurile sale.<\/p>\n

Mai mult de 8 milioane de pagini ruland oscommerce fuseser\u0103 astfel atacate \u00een iulie 2011, conform acestui articol de la armorize<\/a>.<\/p>\n

Varianta de oscommerce vizat\u0103: 2.3.1<\/p>\n

Conform cu site-ul oscommerce de la data de 18\/01\/2013 ultima variant\u0103 disponibil\u0103 de oscommerce: 2.3.3.<\/p>\n

Iar\u0103\u015fi nu pot dec\u00e2t s\u0103 subliniez maxima importan\u0163\u0103 a actualiz\u0103rilor periodice ale platformelor populare folosite pe internet.<\/p>\n

Aceste actualiz\u0103ri, din experien\u0163a mea, nu sunt din p\u0103cate f\u0103cute dec\u00e2t relativ rar, ceea ce las\u0103 site-urile respective vulnerabile la asemenea atacuri. Majoritatea proprietarilor de site-uri care ruleaz\u0103 asemenea platforme populare apeleaz\u0103 la un webmaster care „\u00ee\u015fi face treaba” \u015fi pe urm\u0103 gata, nimic nu se mai schimb\u0103 \u00een timp la pagina respectiv\u0103.<\/p>\n

Solu\u021bia rapid\u0103 este s\u0103 fie rebotezat directorul admin din varianta respectiv\u0103 de oscommerce \u00een altceva – de pild\u0103 antihacker. Poate fi rebotezat\u0103 a\u015fa cum este descris in acest articol<\/a>. Astfel hackerul nu va mai fi capabil s\u0103 acceseze linkurile respective deoarece pur \u015fi simplu nu le va cunoa\u015fte.<\/p>\n

\u015ei mai rapid\u0103 este protejarea prin parol\u0103 a accesului la directorul admin (\u00een Cpanel func\u0163iunea password protect directories). Sau ambele pentru paranoici \ud83d\ude42<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Din jurnalul de acces\u0103ri ale paginilor de pe serverele Nettissimo: GET \/create_account.php?language=en&osCsid=0bd23d505b9e827959371b26e4cb8857&amp;sa=U&amp;ei=7775UJtT4-bhBISXgeAM&amp;amp;ved=0CP4BEBYwTDj0Aw&amp;usg=AFQjCNHgnWOpMsJ1uYsHOxw2KVImpKO0RA\/admin\/banner_manager.php\/login.php sau: GET \/create_account.php?language=en&osCsid=0bd23d505b9e827959371b26e4cb8857&amp;sa=U&amp;ei=7775UJtT4-bhBISXgeAM&amp;amp;ved=0CP4BEBYwTDj0Aw&amp;usg=AFQjCNHgnWOpMsJ1uYsHOxw2KVImpKO0RA\/admin\/file_manager.php\/login.php Site vizat: un site care ruleaz\u0103 platforma de ecommerce oscommerce. Browser-ul folosit de hacker pare real (Firefox), \u00een spatele atacului st\u0103 un IP din Turcia (195.244.34.137) \u015fi o persoan\u0103 aparent uman\u0103, nu un robot spion. Accesarea unor linkuri care con\u0163in… Continu\u0103 lectura vulnerabilitate oscommerce injectie de cod<\/span><\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[15,14,12,16,13],"_links":{"self":[{"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/posts\/31"}],"collection":[{"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/comments?post=31"}],"version-history":[{"count":6,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":49,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/posts\/31\/revisions\/49"}],"wp:attachment":[{"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/media?parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/categories?post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nettissimo.ro\/news\/wp-json\/wp\/v2\/tags?post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}