Snuffleupagus, yakanakisa module yekuvharira kusagadzikana mune PHP mashandisiro

Kana iwe uri mugadziri wewebhu, ichi chinyorwa chingave chinokufadza nekuti mairi isu tichataura zvishoma nezve chirongwa Snuffleupagus, iyo inopa module kune muturikiri wePHP kuti awedzere kuchengetedzeka kwenzvimbo uye vhara izvo zvakajairika zvikanganiso zvinotungamira mukushushikana mukuitwa kwe PHP kunyorera

Iyi module Yakagadzirwa nenzira inonakidza kwazvo, kubvira zvinowedzera zvinoshamisa basa chii chinofanirwa kuitwa kuti ugone kubudirira mukurwisa mawebhusaiti, nekubvisa makirasi ese ekukanganisa. Zvakare inopa yakasimba virtual chigamba system, iyo inobvumira maneja kugadzirisa zvakasarudzika uye kuongorora hunhu hunofungidzirwa pasina kubata iyo PHP kodhi.

Nezve Snuffleupagus

Snuffleupagus inozivikanwa nekupa maitiro ehurongwa iyo inobvumidza kushandisa ese akajairwa matemplate kuwedzera dziviriro uye gadzira yako wega mitemo kudzora yekuisa data uye mashandiro parameter.

Zvakare inopa zvakavakirwa-mukati nzira dzekuvharidzira mikana yekusagadzikana senge matambudziko ane chekuita nedatha serialization, kushandiswa zvisina kuchengeteka kweiyo PHP tsamba () basa, kurasikirwa kwehukuki zvemukati panguva yekurwiswa kweXSS, matambudziko nekuda kwekuodha pasi mafaera ane kodhi inoitisa (semuenzaniso, mufomati yephar), Chinzvimbo cheyakavaka isiriyo XML.

Iyo module zvakare inoita kuti iwe inokutendera kuti ugadzire chaiwo zvigamba kune manejimendi webhusaiti kugadzirisa mamwe matambudziko pasina kushandura kodhi yekushandisa kodhi panjodzi, inokodzera kushandiswa muhurongwa hwekubata masisitimu uko zvisingaite kuchengetedza ese mashandisirwo emushandisi-kusvika-ikozvino.

Iyo yakajairika sosi yemari inotorwa kubva mukushanda kwemo module inofungidzirwa seyashoma. Iyo module yakanyorwa muC mutauro, yakabatana nenzira yeraibhurari yakagovaniswa mufaira "php.ini".

Pakati pesarudzo dzekuchengetedza dzakapihwa naSnuffleupagus, zvinotevera zvinomira pachena:

  • Otomatiki kuiswa kwe "yakachengeteka" uye "samesite" mireza (dziviriro kubva kuCSRF) yemakuki, cookie encryption.
  • Yakavakirwa-mukati seti yemitemo yekuona maratidziro ekurwiswa uye kukanganisa maitiro.
  • Kumanikidzwa kusanganisirwa kwepasirese kwemaitiro akaomarara "akaomarara" ayo semuenzaniso anovharidzira kuyedza kudoma tambo pakamirirwa huwandu hwenhamba sekupokana uye kudzivirirwa kubva pakubiridzira kwerudzi.
  • Iko kusingavharirwi kwekuvharirwa kweprotocol wrappers (semuenzaniso, iyo "phar: //" ban) nemvumo yako yakajeka yemuridzi
  • Kurambidzwa kwekuita mafaira anonyorwa.
  • Dema uye chena zvinyorwa zve eval.
  • Kugonesa kumisikidzwa kusimbiswa kwesetifiketi yeTLS kana uchishandisa curl.
  • Wedzera HMAC kune zvakasarudzika zvinhu kuti uve nechokwadi chekuti kushushikana kunotora iyo data yakachengetwa neyekutanga application.
  • Kumbira kunyoresa maitiro.
  • Bvisa kurodha kwemafaira ekunze mu libxml uchishandisa zvinongedzo mumagwaro eXML.
  • Mano ekubatanidza ekunze madhiraivha (upload_validation) kuongorora uye kuongorora mafaira akatorwa.
  • Simbisa TLS chitupa kusimbiswa kana uchishandisa curl
  • Kumbira kurodha pasi chinzvimbo
  • Iyo ine hutano kodhi kodhi
  • Yakazara bvunzo pasuru ine padyo ne100% kufukidzwa
  • Chibvumirano chega chega chinoedzwa pane akawanda akagoverwa

Zvimwe zvinowanikwa

Parizvino module iyi iri mushanduro yayo 0.5.1 uye mairi munobuda a tsigiro iri nani yePHP 7.4 uye yakaitwa inoenderana nebazi rePHP 8 (iro parizvino riri kuvandudzwa).

kunze kwaizvozvo iyo yakasarudzika mutemo seti yakagadziridzwa uye kune chii mitsva mitsva yakawedzerwa yevekutsva ichangobva kuwanikwa uye maitiro ekurwisa mashandisiro ewebhu.

Maitiro ekuisa Snuffleupagus paLinux?

Finalmente kune avo vanofarira kugona kuyedza iyi module mune pentest bvunzo dzezvishandiso zvako kuitira kuti uvandudze kuchengetedzeka kwavo kana kuitira kuti uwedzere kuchengetedzeka kwezvaunoshandisa.

Izvo zvavanofanira kuita kuenda kune iyo yepamutemo webhusaiti yemo module uye mune yako kurodha chikamu Iwe uchave unokwanisa kutsvaga mirairo yeimwe yemakasiyana Linux magove, chinongedzo ichi.

Kunyange, ivo vanogona zvakare kusarudza kuisa kubva kunobva kodhi, kune izvi ivo vanogona kuteedzera rairo zvakadzama mune iyi link.

Chekupedzisira asi chisiri chidiki, kana iwe uchida kuziva zvakawanda nezvazvo, verenga zvinyorwa kana uwane kodhi yekodhi yekudzokorora, unogona kuzviita. kubva pano.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako