{"id":5489,"date":"2020-04-18T05:57:02","date_gmt":"2020-04-18T05:57:02","guid":{"rendered":"https:\/\/musilda.cz\/?p=5489"},"modified":"2020-04-18T05:57:02","modified_gmt":"2020-04-18T05:57:02","slug":"kriticka-zranitelnost-v-sablone-onetone","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/kriticka-zranitelnost-v-sablone-onetone\/","title":{"rendered":"Kritick\u00e1 zranitelnost v \u0161ablon\u011b OneTone"},"content":{"rendered":"\n
WordPress \u0161ablona OneTone obsahuje kritickou zranitelnost, jen\u017e umo\u017e\u0148uje nasadit \u00fato\u010dn\u00edk\u016fm do va\u0161eho webu \u0161kodliv\u00fd k\u00f3d.<\/p>\n\n\n\n
P\u0159ed n\u011bkolika dny se na n\u00e1s obr\u00e1til z\u00e1kazn\u00edk, s t\u00edm, \u017ee m\u00e1 napaden\u00fd web a i kdy\u017e jej vy\u010dist\u00ed, infekce je za chv\u00edli zp\u011bt. <\/p>\n\n\n\n
Nejprve jsme se domn\u00edvali, \u017ee jde o infekci, jen\u017e se ned\u00e1vno prohnala internetem a jen\u017e vyu\u017e\u00edvala p\u0159edev\u0161\u00edm zraniteln\u00fd adminer, viz. https:\/\/blog.sucuri.net\/2019\/11\/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html<\/a>.<\/p>\n\n\n\n Na doty\u010dn\u00e9m webu, ale \u017e\u00e1dn\u00fd adminer nebyl, ani \u017e\u00e1dn\u00fd zn\u00e1m\u00fd zraniteln\u00fd plugin. <\/p>\n\n\n\n Nebudu to prodlu\u017eovat, Ta umo\u017e\u0148uje \u00fato\u010dn\u00edk\u016fm zm\u011bnit option pro nastaven\u00ed \u0161ablony. Konfigurace \u0161ablony se z datab\u00e1ze natahuje p\u0159i na\u010dten\u00ed ka\u017ed\u00e9 str\u00e1nky a \u00fato\u010dn\u00edk\u016fm pak umo\u017en\u00ed prov\u00e1d\u011bt o\u0161kliv\u00e9, nep\u011bkn\u00e9 v\u011bci. <\/p>\n\n\n\n K\u00f3d, kter\u00fd za to m\u016f\u017ee je tato funkce:<\/p>\n\n\n\n Jde o ajax callback pro ulo\u017een\u00ed nastaven\u00ed \u0161ablony.<\/p>\n\n\n\n Stripslashes opravdu ni\u010demu nezabr\u00e1n\u00ed a \u00fato\u010dn\u00edk si do db ulo\u017e\u00ed co chce, konkr\u00e9tn\u011b n\u011bco takov\u00e9ho:<\/p>\n\n\n\n Screen jsem si p\u016fj\u010dil ze Sucuri.net, odkaz na konci \u010dl\u00e1nku. <\/p>\n\n\n\n Chov\u00e1n\u00ed scriptu je n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n V\u00fdsledek je zn\u00e1m\u00fd ka\u017ed\u00e9mu, kdo se setkal s napaden\u00fdm webem – doch\u00e1z\u00ed k p\u0159esm\u011brov\u00e1n\u00ed na jin\u00e9 str\u00e1nky a web je tak nedostupn\u00fd. <\/p>\n\n\n\n V dob\u011b psan\u00ed tohoto \u010dl\u00e1nku jsem si st\u00e1hl zip soubor se \u0161ablonou a k\u00f3d je st\u00e1le zraniteln\u00fd. <\/p>\n\n\n\n Pokud m\u00e1te \u0161ablonu nainstalovanou, okam\u017eit\u011b ji odstra\u0148te.<\/p>\n\n\n\n Odkazy:<\/strong><\/p>\n\n\n\n https:\/\/blog.sucuri.net\/2020\/04\/onetone-vulnerability-leads-to-javascript-cookie-hijacking.html<\/a><\/p>\n\n\n\npr\u016fser<\/s> probl\u00e9m je v \u0161ablon\u011b OneTone od MageeWP<\/a>.<\/p>\n\n\n\nfunction\u00a0onetone_options_import(){\n\u00a0\u00a0\u00a0\u00a0$option_name\u00a0=\u00a0onetone_option_name();\n\u00a0\u00a0\u00a0\u00a0if(isset($_POST['options'])){\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0$options\u00a0=\u00a0stripslashes($_POST['options']);\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0$new_options\u00a0=\u00a0json_decode($options,\u00a0true);\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if(is_array($new_options)\u00a0&&\u00a0$new_options\u00a0!=\u00a0NULL\u00a0){\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0update_option($option_name,$new_options);\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0_e(\u00a0'Import\u00a0successful.',\u00a0'onetone');\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0exit(0);\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}\n\u00a0\u00a0\u00a0\u00a0_e(\u00a0'Import\u00a0failed.',\u00a0'onetone');\n\u00a0\u00a0\u00a0\u00a0exit(0);\n}\nadd_action('wp_ajax_onetone_options_import',\u00a0'onetone_options_import');\nadd_action('wp_ajax_nopriv_onetone_options_import',\u00a0'onetone_options_import');<\/pre>\n\n\n\n
$options\u00a0=\u00a0stripslashes($_POST['options']);<\/pre>\n\n\n\n
<\/figure>\n\n\n\n
V sou\u010dasn\u00e9 dob\u011b je \u0161ablona odstran\u011bna z WordPress.org, a nen\u00ed zn\u00e1m\u00fd \u017e\u00e1dn\u00fd update s opravou<\/h2>\n\n\n\n