Mwakpo Cyber: ihe ọ bụ, otu o si arụ ọrụ, ebumnobi na otu esi egbochi ya: ahụhụ XSS nwere ike ime ka mmechi sistemu zuru oke.

Taa, anyị na-ahụ ụfọdụ adịghị ike nke Cross Site Scripting (XSS) dị na ụfọdụ ngwa mepere emepe, nke nwere ike ime ka mkpochapụ koodu dịpụrụ adịpụ.

Ndị ọkachamara nchekwa ịntanetị ekesala ozi na adịghị ike scripting saịtị atọ (XSS) na ngwa mepere emepe na-ewu ewu nke nwere ike ime ka mkpochapụ koodu dịpụrụ adịpụ (RCE).

Mwakpo XSS oge ochie na-enye ohere ka e gbuo koodu JavaScript nke onye na-eme ihe egwu na ihe nchọgharị weebụ onye ọrụ ahụ, nke na-emepe ụzọ maka izu ohi kuki, na-atụgharị gaa na saịtị phishing, na ọtụtụ ndị ọzọ.

Ka anyị lee anya ụfọdụ adịghị ike achọtara

Cross-Site Scripting (XSS) bụ otu n'ime mwakpo a na-agbasa na ngwa weebụ Ọ bụrụ na onye na-eme ihe egwu na-etinye koodu javascript na mmepụta ngwa ahụ, ọ bụghị naanị na ọ na-ezu ohi kuki, kamakwa mgbe ụfọdụ na-eduga n'imebi sistemu ahụ kpamkpam.

Evolution CMS V3.1.8

Njehie mbụ, Evolution CMS V3.1.8, na-enye onye na-agba ọsọ ohere ịmalite mwakpo XSS gosipụtara na ebe dị iche iche na ngalaba nchịkwa. Aleksey Solovev na-ekwu na ọ bụrụ na mwakpo na-aga nke ọma na onye nchịkwa ikike na usoro ahụ, a ga-edegharị faịlụ index.php na koodu nke onye na-awakpo ahụ tinyere na ụgwọ ọrụ.

Nzukọ FUD v3.1.1

Ihe ọghọm nke abụọ, nke achọpụtara na FUDForum v3.1.1, nwere ike ikwe ka onye na-agba ọsọ malite mwakpo XSS echekwara. Aleksey Solovev na-ekwu na FUDforum bụ nnukwu mkparịta ụka na-agba ọsọ na scalable. Ọ bụ nke ukwuu ahaziri ma na-akwado ndị otu na-akparaghị ókè, forums, posts, isiokwu, ntuli aka, na mgbakwunye.

Ogwe nchịkwa FUDforum nwere onye njikwa faịlụ na-enye gị ohere bulite faịlụ na ihe nkesa, gụnyere faịlụ nwere ndọtị PHP. Onye mwakpo nwere ike iji XSS echekwabara bulite faịlụ PHP nke nwere ike mebie iwu ọ bụla na sava ahụ.

Bitbucket v4.37.1

N'ihe kachasị ọhụrụ, Bitbucket v4.37.1, a chọtara mperi nchekwa nke nwere ike ikwe ka onye na-awakpo malite mwakpo XSS echekwara na ebe dị iche iche. Aleksey Solovev na-ekwu na ịnwe mwakpo XSS echekwara nwere ike ịnwa irigbu ya iji mebie koodu na sava ahụ. Ogwe nchịkwa nwere ngwaọrụ iji mee ajụjụ SQL.

GitBucket na-eji H2 Database Engine na ndabaradefinita. Maka nchekwa data a, enwere nrigbu dị n'ihu ọha iji nweta mkpochapụ koodu dịpụrụ adịpụ. Yabụ, ihe niile onye mwakpo kwesịrị ime bụ imepụta koodu PoC dabere na nrigbu a, bulite ya na ebe nchekwa, wee jiri ya n'oge mwakpo:

Otu esi egbochi ọnụnọ nke adịghị ike

Na-emelite ikpo okwu Open Source mgbe niile, wụnye patches ọ bụla na-edozi ozugbo.

Rịọ maka ndụmọdụ, nyocha, atụmatụ maka otu esi echekwa sistemụ gị.

Ntụle Nchekwa

Ọ bụ usoro dị mkpa maka ịlele ọkwa nchekwa nke ụlọ ọrụ gị ugbu a.

Iji mee nke a, ọ dị mkpa itinye aka na Cyber ​​​​Team akwadoro nke ọma, nwee ike ịme nyocha nke steeti ụlọ ọrụ ahụ na-ahụ onwe ya n'ihe gbasara nchekwa IT.

Enwere ike ịme nyocha ahụ n'otu oge, site na ajụjụ ọnụ nke ndị otu Cyber ​​​​ma ọ bụ

nakwa asynchronous, site n'imeju akwụkwọ ajụjụ online.

Anyị nwere ike inyere gị aka, kpọtụrụ ndị ọkachamara nke ilwebcreativo.ọ na-ede na info@ilwebcreativo.ya ma ọ bụ site na ịkparịta ụka na whatsapp ozugbo na-eji akara ngosi dị na ala aka nri.

Nchekwa Weebụ SECURITY: nyocha nke WEB DARK

Weebụ gbara ọchịchịrị na-ezo aka na ọdịnaya dị na Webụsaịtị World Wide na ụgbụ ọchịchịrị enwere ike nweta site na ịntanetị site na ngwa ngwa, nhazi na nnweta.
Site na nleba anya Weebụ Nche anyị anyị nwere ike igbochi ma nwee mwakpo cyber, malite na nyocha nke ngalaba ụlọ ọrụ (dịka: ilwebcreativo.it ) na adreesị ozi-e nke ọ bụla.

Kpọtụrụ anyị site na vhatsapp, anyị nwere ike ịkwadebe atụmatụ ndozi iji kewapụ ihe iyi egwu ahụ, gbochie mgbasa ya na defianyị na-eme ihe ndozi dị mkpa. A na-enye ọrụ ahụ 24/XNUMX site na Ịtali

CYBERDRIVE: ngwa echekwara maka ịkekọrịta na dezie faịlụ

CyberDrive bụ onye njikwa faịlụ igwe ojii nwere ụkpụrụ nchekwa dị elu maka izo ya ezo nke faịlụ niile. Gbaa mbọ hụ na nchekwa nke data ụlọ ọrụ mgbe ị na-arụ ọrụ n'igwe ojii na ịkekọrịta na dezie akwụkwọ na ndị ọrụ ndị ọzọ. Ọ bụrụ na njikọ ahụ efunahụla, ọ nweghị data echekwara na PC onye ọrụ. CyberDrive na-egbochi faịlụ ịla n'iyi n'ihi mmebi mberede ma ọ bụ wepụ ya maka izu ohi, ma ọ bụ anụ ahụ ma ọ bụ dijitalụ.

"CUBE": ngwọta mgbanwe

Nke kacha nta na ike kachasi ike n'ime igbe datacenter na-enye ike mgbakọ na nchekwa site na mmebi anụ ahụ na ezi uche. Emebere ya maka njikwa data na mpaghara ihu na robo, ebe a na-ere ahịa, ụlọ ọrụ ọkachamara, ụlọ ọrụ dịpụrụ adịpụ na obere azụmaahịa ebe ohere, ọnụ ahịa na oriri ike dị mkpa. Ọ dịghị achọ ebe data na igbe igbe. Enwere ike idowe ya n'ụdị ebe ọ bụla na-ekele maka mmetụta aesthetics na-ekwekọ na oghere ọrụ. "Cube" na-etinye teknụzụ ngwanrọ ụlọ ọrụ na ọrụ nke obere azụmaahịa na ọkara.

Onye na-edozi:

Iji nyochaa okwu nchekwa, iji dozie adịghị ike, iji chekwaa sistemụ ozi gị, dabere na ndị ọkachamara na ngalaba:

• Oku HRC srl + 39 011 8190569
• ma ọ bụ ziga email na Rocco D'Agostino rda@rhrcsrl.it
• ma ọ bụ zipu ozi-e Ercole Palmeri ercolep@ilwebcreativo.it

N'ime izu gara aga, anyị atụleela isiokwu ndị a gbasara nchekwa Cyber ​​​​:

1. Isi na Middle ọgụ
2. malware
3. Phishing na ube phishing
4. Mmegide na Interception
5. Ụgbọ ala-site
6. Ederede saịtị gafere (XSS)
7. Mwakpo injection SQL
8. Ihe atụ gbasara malware
9. Google mbanye & Dropbox: Ebumnuche nke APT29, mkpokọta ndị hackers Russia
10. Mwakpo na okwuntughe
11. Usoro mwakpo Cyber: Akụkọ ọkara mbụ 2022 - Ngwanrọ nyocha

Ercole Palmeri: Innovation riri ahụ

Na