Cov kws tshaj lij cybersecurity tau tshaj tawm cov ntaub ntawv ntawm peb qhov chaw sib sau ua ke (XSS) qhov tsis zoo hauv cov ntawv thov qhib nrov uas tuaj yeem ua rau kev ua txhaum cai nyob deb (RCE).
Kev tawm tsam XSS thaum ntxov tso cai rau tus neeg ua yeeb yam hem thawj JavaScript code kom raug tua hauv tus neeg raug tsim txom lub vev xaib browser, uas qhib lub qhov rooj rau cov khoom qab zib tub sab, xa mus rau qhov chaw phishing, thiab ntau ntxiv.
Cross-Site Scripting (XSS) yog ib qho kev tawm tsam ntau tshaj plaws hauv web apps.Yog tias tus neeg ua phem hem thawj siv javascript code hauv app cov zis, nws tsis tsuas yog nyiag cov ncuav qab zib, tab sis kuj qee zaum ua rau muaj kev cuam tshuam tag nrho ntawm cov tshuab.
Thawj kab laum, Evolution CMS V3.1.8, tso cai rau tus neeg nyiag nkas tso tawm qhov cuam tshuam XSS ntawm ntau qhov chaw hauv ntu kev tswj hwm. Aleksey Solovev hais tias nyob rau hauv qhov kev tshwm sim ntawm kev ua tiav kev tawm tsam ntawm tus neeg saib xyuas kev tso cai hauv lub kaw lus, cov ntaub ntawv index.php yuav raug sau dua nrog cov lej uas tus neeg tawm tsam muab tso rau hauv lub payload.
Qhov thib ob qhov tsis zoo, pom hauv FUDForum v3.1.1, tuaj yeem tso cai rau tus neeg nyiag nkag los tso tawm XSS nres. Aleksey Solovev hais tias FUDforum yog lub rooj sib tham ceev ceev thiab loj tuaj. Nws yog customizable heev thiab txhawb unlimited cov tswv cuab, forums, posts, topics, polls, thiab attachments.
FUDforum tswj vaj huam sib luag muaj tus neeg saib xyuas cov ntaub ntawv uas tso cai rau koj xa cov ntaub ntawv mus rau lub server, suav nrog cov ntaub ntawv nrog PHP txuas ntxiv. Tus neeg tawm tsam tuaj yeem siv archived XSS los xa cov ntaub ntawv PHP uas tuaj yeem ua tiav ib qho lus txib ntawm lub server.
Nyob rau hauv qhov tseeb qhov tsis txaus ntseeg, Bitbucket v4.37.1, muaj kab mob kev ruaj ntseg tau pom tias tuaj yeem tso cai rau tus neeg tawm tsam los tua XSS nres hauv ntau qhov chaw. Aleksey Solovev tau hais tias muaj qhov archived XSS nres tuaj yeem sim siv nws los ua cov cai ntawm lub server. Lub vaj huam sib luag admin muaj cov cuab yeej los khiav SQL queries.
GitBucket siv H2 Database Cav los ntawm lub neej ntawddefintua. Rau cov ntaub ntawv no, muaj kev siv pej xeem siv los ua kom tiav cov lej ua haujlwm nyob deb. Yog li, txhua tus neeg tawm tsam yuav tsum ua yog tsim PoC code raws li qhov kev siv no, upload nws mus rau qhov chaw cia khoom, thiab siv nws thaum muaj kev tawm tsam:
Ib txwm hloov kho Open Source platform, tam sim ntawd nruab ib qho kev kho thaj ua rau thaj.
Nug cov lus qhia, kev ntsuam xyuas, kev kwv yees yuav ua li cas kom ruaj ntseg koj lub cev.
Nws yog cov txheej txheem tseem ceeb rau kev ntsuas koj lub tuam txhab qib kev ruaj ntseg tam sim no.
Ua li no nws yog ib qho tsim nyog yuav tsum koom nrog pawg Cyber Team npaj kom txaus, muaj peev xwm ua tiav kev soj ntsuam ntawm lub xeev uas lub tuam txhab pom nws tus kheej nrog rau IT kev ruaj ntseg.
Kev tsom xam tuaj yeem ua tiav synchronously, los ntawm kev xam phaj ua los ntawm Cyber Team lossis
kuj asynchronous, los ntawm kev sau daim ntawv nug hauv online.
Peb tuaj yeem pab koj, tiv tauj cov kws tshaj lij ntawm ilwebcreativo.nws sau rau info@ilwebcreativo.it lossis los ntawm kev sib tham ntawm whatsapp ncaj qha siv lub cim ntawm sab xis hauv qab.
Lub vev xaib tsaus yog hais txog cov ntsiab lus ntawm World Wide Web hauv darknets uas tuaj yeem ncav cuag hauv Is Taws Nem los ntawm cov software tshwj xeeb, teeb tsa thiab nkag mus.
Nrog peb Kev Saib Xyuas Kev Ruaj Ntseg Hauv Web peb tuaj yeem tiv thaiv thiab muaj kev tawm tsam cyber, pib los ntawm kev txheeb xyuas lub tuam txhab sau npe (piv txwv li: ilwebcreativo.it ) thiab tus kheej e-mail chaw nyob.
Tiv tauj peb ntawm vhatsapp, peb tuaj yeem npaj cov phiaj xwm daws teeb meem kom cais tawm qhov kev hem thawj, tiv thaiv nws kev sib kis thiab defipeb ua qhov tsim nyog kho. Kev pabcuam yog muab 24/XNUMX los ntawm Ltalis
CyberDrive yog tus tswj hwm cov ntaub ntawv huab nrog cov qauv kev nyab xeeb siab ua tsaug rau kev ywj pheej ntawm txhua cov ntaub ntawv. Ua kom muaj kev ruaj ntseg ntawm cov ntaub ntawv koom nrog thaum ua haujlwm hauv huab thiab sib qhia thiab kho cov ntaub ntawv nrog lwm tus neeg siv. Yog tias qhov kev twb kev txuas ploj lawm, tsis muaj cov ntaub ntawv khaws cia ntawm tus neeg siv lub PC. CyberDrive tiv thaiv cov ntaub ntawv los ntawm kev ploj vim yog kev puas tsuaj los yog raug nyiag los ntawm lub cev lossis digital.
Qhov tsawg tshaj plaws thiab muaj zog tshaj plaws nyob rau hauv-ib-lub thawv datacenter muab kev suav lub zog thiab kev tiv thaiv los ntawm kev puas tsuaj rau lub cev thiab cov laj thawj. Tsim los rau kev tswj cov ntaub ntawv nyob rau hauv ntug thiab robo ib puag ncig, khw muag khoom ib puag ncig, chaw ua haujlwm tshaj lij, chaw ua haujlwm nyob deb thiab cov lag luam me uas qhov chaw, nqi thiab kev siv hluav taws xob yog qhov tseem ceeb. Nws tsis xav tau cov chaw zov me nyuam thiab cov khoom khib nyiab. Nws tuaj yeem muab tso rau hauv txhua yam ntawm ib puag ncig ua tsaug rau qhov cuam tshuam zoo nkauj hauv kev sib raug zoo nrog cov chaw ua haujlwm. "Lub Cube" muab kev lag luam software technology ntawm kev pabcuam ntawm cov lag luam me thiab nruab nrab.
Txhawm rau tshawb xyuas cov teeb meem kev nyab xeeb, daws qhov tsis zoo, kom ruaj ntseg koj cov ntaub ntawv, ib txwm cia siab rau cov kws tshaj lij hauv kev lag luam:
Ercole Palmeri: Innovation addicted
Kev kwv yees kev saib xyuas yog hloov pauv cov roj & roj sector, nrog rau txoj hauv kev tshiab thiab muaj txiaj ntsig rau kev tswj cov nroj tsuag.…
UK CMA tau tshaj tawm lus ceeb toom txog Big Tech tus cwj pwm hauv kev lag luam kev txawj ntse. Nyob ntawd…
Txoj Cai "Case Green", tsim los ntawm European Union los txhim kho lub zog ua haujlwm ntawm cov tsev, tau xaus nws txoj kev cai lij choj nrog…
Casaleggio Associati daim ntawv tshaj tawm txhua xyoo ntawm Ecommerce hauv Ltalis nthuav tawm. Daim ntawv tshaj tawm hu ua "AI-Commerce: Frontiers ntawm Ecommerce nrog Artificial Intelligence".…
