Ochwepheshe be-Cybersecurity basabalalise ulwazi ngobungozi obuthathu be-cross-site scripting (XSS) kuzinhlelo zokusebenza zomthombo ovulekile ezidumile ezingabangela ukukhishwa kwekhodi yesilawuli kude (RCE).
Ukuhlasela kwe-XSS yakudala kuvumela ikhodi ye-JavaScript yomlingisi osongelayo ukuthi isetshenziswe esipheqululini sewebhu somsebenzisi oyisisulu, esivula umnyango wokwebiwa kwekhukhi, ukuqondisa kabusha kusayithi lobugebengu bokweba imininingwane ebucayi, nokunye okuningi.
I-Cross-Site Scripting (XSS) ingenye yokuhlasela okusabalele kakhulu ezinhlelweni zokusebenza zewebhu. Uma umlingisi osongelayo esebenzisa ikhodi ye-javascript kokuphumayo kohlelo lokusebenza, akagcini ngokuntshontsha amakhukhi, kodwa futhi ngezinye izikhathi kuholela ekupheleleni ekonakaleni kwamasistimu.
Isiphazamisi sokuqala, i-Evolution CMS V3.1.8, ivumela isigebengu se-inthanethi ukuthi siqalise ukuhlasela kwe-XSS okubonakalayo ezindaweni ezihlukahlukene esigabeni sokuphatha. U-Aleksey Solovev uthi uma kwenzeka ukuhlaselwa okuphumelelayo kumlawuli ogunyaziwe ohlelweni, ifayela le-index.php lizobhalwa ngaphezulu ngekhodi umhlaseli ayibeka ekulayisheni.
Ukuba sengozini kwesibili, okutholwe ku-FUDForum v3.1.1, kungavumela isigebengu se-inthanethi ukuthi siqalise ukuhlasela kwe-XSS egciniwe. U-Aleksey Solovev uthi i-FUDforum iyinkundla yezingxoxo eshesha kakhulu futhi eyingozi. Yenziwa ngendlela oyifisayo kakhulu futhi isekela amalungu angenamkhawulo, izinkundla, okuthunyelwe, izihloko, ukuvota, nokunamathiselwe.
Iphaneli yokuphatha ye-FUDforum inomphathi wefayela okuvumela ukuthi ulayishe amafayela kuseva, okuhlanganisa namafayela anesandiso se-PHP. Umhlaseli angasebenzisa i-XSS efakwe kungobo yomlando ukuze alayishe ifayela le-PHP elingasebenzisa noma yimuphi umyalo kuseva.
Ebucayini bakamuva, i-Bitbucket v4.37.1, kutholwe iphutha lezokuphepha elingavumela umhlaseli ukuthi aqalise ukuhlasela kwe-XSS okugcinwe ezindaweni ezihlukahlukene. U-Aleksey Solovev uthi ukuba nokuhlasela kwe-XSS okufakwe kungobo yomlando kungazama ukukusebenzisa ukuze kusetshenziswe ikhodi kuseva. Iphaneli yomqondisi inamathuluzi okuqalisa imibuzo ye-SQL.
I-GitBucket isebenzisa i-H2 Database Engine ngokuzenzakalelayodefinita. Kule database, kukhona ukuxhashazwa okutholakala esidlangalaleni ukuze kuzuzwe ukusetshenziswa kwekhodi okukude. Ngakho-ke, konke umhlaseli okudingeka akwenze ukudala ikhodi ye-PoC esekelwe kulokhu kuxhaphaza, ayilayishe endaweni yokugcina, futhi ayisebenzise ngesikhathi sokuhlasela:
Hlala ubuyekeza inkundla yomthombo ovulekile, faka ngokushesha noma yiziphi iziqephu zokulungisa.
Cela iseluleko, ukuhlaziya, isilinganiso sokuthi uvikela kanjani isistimu yakho.
Kuyinqubo eyisisekelo yokukala izinga lamanje lokuphepha lenkampani yakho.
Ukwenza lokhu kuyadingeka ukufaka ithimba le-Cyber elilungiselelwe ngokwanele, elikwazi ukwenza ukuhlaziya isimo lapho inkampani izithola ikuso ngokuphathelene nokuphepha kwe-IT.
Ukuhlaziywa kungenziwa ngokuvumelanayo, ngenhlolokhono eyenziwa yi-Cyber Team noma
futhi i-asynchronous, ngokugcwalisa uhlu lwemibuzo ku-inthanethi.
Singakusiza, xhumana nochwepheshe be ilwebcreativo.ibhalela ku-info@ilwebcreativo.it noma ngokuxoxa ku-whatsapp ngokuqondile usebenzisa isithonjana esingezansi kwesokudla.
Iwebhu emnyama isho okuqukethwe kwe-World Wide Web kuma-darknets angafinyelelwa nge-inthanethi ngesofthiwe ethile, ukucupha kanye nokufinyelela.
Ngokugada kwethu Iwebhu Yezokuphepha siyakwazi ukuvimbela futhi siqukathe ukuhlaselwa ku-inthanethi, kusukela ekuhlaziyweni kwesizinda senkampani (isb.: ilwebcreativo.it ) kanye namakheli e-imeyili angawodwana.
Xhumana nathi nge-vhatsapp, singalungiselela uhlelo lokulungisa ukuhlukanisa usongo, ukuvimbela ukusabalala kwayo kanye defisithatha izinyathelo ezidingekayo zokulungisa. Isevisi inikezwa 24/XNUMX evela e-Italy
I-CyberDrive ingumphathi wefayela lefu onamazinga aphezulu okuphepha ngenxa yokubethela okuzimele kwawo wonke amafayela. Qinisekisa ukuvikeleka kwedatha yebhizinisi ngenkathi usebenza efwini futhi wabelana futhi uhlela amadokhumenti nabanye abasebenzisi. Uma uxhumano lulahlekile, ayikho idatha egcinwa ku-PC yomsebenzisi. I-CyberDrive ivimbela amafayela ukuthi alahleke ngenxa yokulimala kwengozi noma akhishelwe ukweba, kungaba okoqobo noma okwedijithali.
Isikhungo sedatha esincane kunazo zonke nesinamandla kakhulu se-in-a-box esinikeza amandla ekhompuyutha nesivikelo ekulimaleni ngokomzimba nokunengqondo. Idizayinelwe ukuphathwa kwedatha ezindaweni ezisemaphethelweni naserobo, izindawo zokudayisa, amahhovisi ochwepheshe, amahhovisi akude kanye namabhizinisi amancane lapho isikhala, izindleko kanye nokusetshenziswa kwamandla kubalulekile. Ayidingi izikhungo zedatha namakhabhinethi ama-rack. Ingabekwa kunoma yiluphi uhlobo lwendawo ngenxa yomthelela wobuhle obuhambisana nezindawo zokusebenza. «I-Cube» ibeka ubuchwepheshe besoftware yebhizinisi ensizeni yamabhizinisi amancane naphakathi nendawo.
Ukuze uphenye izinkinga zokuphepha, ukuxazulula ubungozi, ukuvikela isistimu yakho yolwazi, hlala uthembele kochwepheshe kulo mkhakha:
Ercole Palmeri: I-Innovation iyalutha
A
I-Google DeepMind yethula inguqulo ethuthukisiwe yemodeli yayo yobuhlakani bokwenziwa. Imodeli entsha ethuthukisiwe ayinikezi kuphela…
I-Laravel, edume nge-syntax yayo enhle nezici ezinamandla, iphinde inikeze isisekelo esiqinile sokwakhiwa kwe-modular. Lapho…
I-Cisco ne-Splunk zisiza amakhasimende ukuthi asheshise uhambo lwawo oluya ku-Security Operations Center (SOC) yesikhathi esizayo nge...
I-Ransomware iphethe izindaba kule minyaka emibili edlule. Iningi labantu lazi kahle ukuthi ukuhlasela...
Ukuhlinzwa kwe-ophthalmoplasty kusetshenziswa isibukeli sezentengiso se-Apple Vision Pro kwenziwa eCatania Polyclinic…
Ukuthuthukisa amakhono amahle emisipha ngokusebenzisa imibala kulungiselela izingane amakhono ayinkimbinkimbi njengokubhala. Ukufaka umbala...
Umkhakha wezempi wasolwandle ungamandla ezomnotho weqiniso emhlabeni jikelele, osudlule wafinyelela emakethe yezigidigidi eziyi-150...
NgoMsombuluko odlule, i-Financial Times imemezele isivumelwano ne-OpenAI. I-FT inikeza amalayisense ubuntatheli bayo obusezingeni lomhlaba…