I-Los Muva nje kuvezwe abacwaningi beCheck Point engqungqutheleni ye-DEF enemininingwane kwendlela entsha etholakele, lokhu kusetshenziswa pUkuhlasela izinhlelo ezisebenzisa izinhlobo ezibucayi ze-SQLite.
Indlela I-Check Point ibona amafayela e-database njengethuba lokuhlanganisa izimo zokuxhashazwa kwezinhlekelele ezinhlelweni ezahlukahlukene zangaphakathi ze-SQLite ezingatholakali ukuxhashazwa kwebunzi. Abaphenyi baphinde basungula isu lokusebenzisa ubungozi ngokuxhaphaza ukufaka amakhodi ngendlela yochungechunge lwemibuzo ye-SELECT ku-database ye-SQLite, evumela ukuthi i-ASLR igwenywe.
Mayelana nokuba sengozini
Abaphenyi beCheck Point bakucacisa lokho ngokuhlasela okuyimpumelelo, umhlaseli kufanele akwazi ukuguqula amafayela wedatha ezinhlelo zokusebenza ezihlaselwe, ekhawulela indlela yokuhlasela kwezinhlelo zokusebenza ezisebenzisa imininingwane ye-SQLite njengefomethi yedatha yokuhamba neyokufaka.
Noma badalula nokuthi indlela ingasetshenziswa futhi ukunweba ukufinyelela kwasendaweni okutholakele, isibonelo, ukuhlanganisa iminyango yangemuva efihliwe ezinhlelweni ezisetshenzisiwe, kanye nokugwema abacwaningi bezokuphepha lapho behlaziya i-malware.
Umsebenzi ngemuva kokuzenza ongeyena wefayela wenziwa ngesikhathi uhlelo lokusebenza lukhipha isicelo sokuqala SELECT etafuleni ku-database eguquliwe.
Njengesibonelo, ikhono lokusebenzisa ikhodi ku-iOS lapho kuvulwa incwadi yamakheli likhonjisiwe, ifayela eline-database «I-AddressBook.sqlitedb»Okuguqulwe kusetshenziswa indlela ehlongozwayo.
Okokuhlasela, ukuba sengozini kusetshenzisiwe fts3_tokenizer function (I-CVE-2019-8602, amandla okususa inkomba), kulungiswe kusibuyekezo se-Ephreli SQLite 2.28, kanye nokunye ukuba sengozini ekusetshenzisweni kwemisebenzi yewindi.
Futhi, kukhombisa ukusetshenziswa kwendlela yokubanjwa kwesilawuli kude kweseva yokubuyela emuva kubahlaseli ababhalwe ku-PHP, eqoqa amaphasiwedi abanjiwe ngesikhathi sokusebenza kwekhodi enonya (amaphasiwedi abanjiwe adluliswa ngesimo semininingwane ye-SQLite).
Indlela yokuhlasela isuselwe ekusetshenzisweni kwamasu amabili, iQuery Hijacking and Query Oriented Programming, evumela izinkinga ezingaqondakali eziholela ekonakaleni kwenkumbulo enjinini ye-SQLite ukuthi isetshenziswe.
Ingqikithi ye- "Query hijacking" ukufaka okunye okuqukethwe kwenkambu ye- "sql" kuthebula lesevisi le-sqlite_master elichaza ukwakheka kwedatha. Inkambu ebekiwe iqukethe i-DDL (Data Definition Language) block esetshenziselwa ukuchaza ukwakheka kwezinto ku-database.
Incazelo isethwe kusetshenziswa i-syntax ejwayelekile ye-SQL, isb. Ukwakhiwa kwe- "CREATE TABLE", okwenziwa ngesikhathi sokuqalwa kwedatha (ngesikhathi sokuqala kokusebenza kwe-sqlite3LocateTable function) kusetshenziselwa ukwakha izakhiwo zangaphakathi ezihambisana netafula kwimemori.
Umqondo ngukuthi ngenxa yokufaka esikhundleni se- "DALA ITHABULA" kanye ne- "DALA UKUBUKA, kungenzeka ukulawula noma yikuphi ukufinyelela ku-database ngokusebenzisa incazelo yombono wayo.
Ngakolunye uhlangothi, kusetshenziswa umyalo we- "CREATE VIEW", umsebenzi othi "KHETHA" unamathiselwe etafuleni, ozobizwa esikhundleni se- "CREATE TABLE" futhi uvumele umhlaseli ukuthi afinyelele ezingxenyeni ezahlukahlukene zotolika we-SQLite.
Ngaphandle kwalokhu, indlela elula yokuhlasela kungaba ukubiza umsebenzi we- "load_extension", Ovumela umhlaseli ukuthi akwazi ukulayisha umtapo wezincwadi ongenasisekelo ngesandiso, kepha lo msebenzi ukhutshazwe ngokuzenzakalela.
Ukwenza ukuhlaselwa ngaphansi kwezimo zekhono lokwenza umsebenzi WOKUKHETHA, kwaphakanyiswa inqubo yohlelo oluqonde imibuzo, evumela ukuxhashazwa kwezinkinga ku-SQLite okuholela ekonakaleni kwenkumbulo.
Le ndlela ikhumbuza i-Return Oriented Programming (ROP), kepha isebenzisa amazwibela ekhodi yomshini engekho, kepha ifakwa kusethi yokubuza ngaphakathi kwe-SELECT ukwakha uchungechunge lwamakholi ("amagajethi").
Umthombo: https://threatpost.com/