ari Check Point vaongorori vachangobva kuburitsa kumusangano weDEF uine ruzivo yehunyanzvi nyowani yakawanikwa, ichi chinoshandiswa pKurwisa zvishandiso zvinoshandisa zvinyowani shanduro zveSQLite.
Nzira yacho Check Point inoona mafaira e database semukana wekubatanidza njodzi dzekushandisa zvisizvo mune dzakasiyana dzemukati SQLite subsystems ayo asinga svikirwe nekushandiswa kwehuma. Vatsvakurudzi vakagadzirawo hunyanzvi hwekushandisa kusagadzikana nekutora coding muchimiro chetambo yeSELECT queries mune SQLite database, iyo inobvumira ASLR kudzivirirwa.
Nezve kusagadzikana
The Check Point vaongorori vanotsanangura izvozvo yekurwisa kwakabudirira, anorwisa anofanira kunge achigona kushandura mafaira e database ezvibodzwa zvakarwiswa, iyo inoganhurira nzira yekurwisa mashandisiro ayo anoshandisa SQLite dhatabhesi semafomati ekufambisa uye data rekuisa
Kunyange ivo zvakare vanozivisa kuti nzira yacho inogona zvakare kushandiswa kuwedzera yemunharaunda kuwana yatowanikwa, semuenzaniso, kusanganisa yakavanzwa mikova yekumashure mumaapplication akashandiswa, pamwe nekudzivirira vezvekuchengeteka kana vachiongorora malware.
Iko kushanda mushure mekuteedzera kwefaira kunoitwa panguva iyo iko kunyorera kwekutanga KUSVIRA chikumbiro kutafura mune yakashandurwa dhatabhesi.
Semuenzaniso, kugona kumhanyisa kodhi pane iOS paunenge uchivhura bhuku rekero kwakaratidzirwa, iyo faira ine dhatabhesi «AddressBook.sqlitedb»Ndeipi yakagadziriswa uchishandisa nzira yakatsanangurwa.
Zvekurwisa, kusagadzikana kwakashandiswa mune fts3_tokenizer basa (CVE-2019-8602, iko kugona kutarisa pointer), yakagadziriswa muna Kubvumbi SQLite 2.28 kugadzirisa, pamwe nekumwe kushushikana mukuitwa kwemawindo mabasa.
Uyewo, inoratidza kushandiswa kwenzira yekutora kure kudzora kwe backend server kubva kune vanorwisa akanyorwa muPHP, iyo inounganidza mapassword akabatwa panguva yekushanda kwecode code (iwo mapassword akabatwa akaendeswa nenzira yeSQLite dhatabhesi).
Iyo nzira yekurwisa yakavakirwa pakushandiswa kwemaitiro maviri, Query Kubvuta uye Query Yakatemerwa Chirongwa, iyo inobvumidza zvinomomomoka matambudziko anotungamira mukufunga huori mune iyo SQLite injini kuti ishandiswe.
Iko kukosha kwe "Kubvunza kubvunza" ndiko kutsiva zvemukati me "sql" munda mune sqlite_master sevhisi tafura inotsanangura chimiro che database. Iyo yakadomwa munda ine iyo DDL (Data Dudziro Mutauro) bhuroka rinoshandiswa kutsanangura chimiro chezvinhu zviri mudhatabhesi.
Tsananguro inoiswa uchishandisa yakajairwa SQL syntax, kureva. Iyo "GADZIRA TABLE" inovaka, inoitwa panguva yekutanga kwedhatabhesi (panguva yekutanga kuitiswa kwe sqlite3LocateTable function) inoshandiswa kugadzira zvimiro zvemukati zvine chekuita netafura mundangariro.
Pfungwa ndeyekuti semhedzisiro yekutsiva "GADZIRA TABLE" uye "GADZIRA ZVINOONA, zvinokwanisika kudzora chero kuwanikwa kune dhatabhesi kuburikidza netsananguro yekuona kwayo
Kune rimwe divi, uchishandisa iyo "GADZIRA ZVINOONA" kuraira, "Sarudza" mashandiro akaiswa patafura, inozodaidzwa pachinzvimbo che "GADZIRA TABLE" uye inobvumira murwisi kuwana zvikamu zvakasiyana zvemuturikiri weSQLite.
Kunze kweizvi, nzira iri nyore yekurwisa ingave yekudaidza iyo "load_extension" basa, iro rinotendera anorwisa kuti akwanise kurodha raibhurari yekumanikidza pamwe nekuwedzera, asi basa iri rakaremara nekutadza.
Kuita kurwisa pasi pemamiriro ekugona kuita SELECT oparesheni, iyo-yakatarisana nemubvunzo chirongwa chakatemwa, icho chinobvumidza kushandisa matambudziko muSQLite inotungamira mukufunga kwehuori.
Maitiro aya anoyeuchidza nezve Kudzoka Kwakatenderedzwa Programming (ROP), asi inoshandisa zvisipo zvemakina kodhi, asi inoiswa mune yakasetwa mukati meSELECT kuvaka tambo yekufona ("gadget").
mabviro: https://threatpost.com/