{"id":5714,"date":"2020-07-16T18:38:35","date_gmt":"2020-07-16T18:38:35","guid":{"rendered":"https:\/\/musilda.cz\/?p=5714"},"modified":"2020-07-16T18:38:35","modified_gmt":"2020-07-16T18:38:35","slug":"vazna-zranitelnost-v-pluginu-all-in-seo-pack","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/vazna-zranitelnost-v-pluginu-all-in-seo-pack\/","title":{"rendered":"V\u00e1\u017en\u00e1 zranitelnost v pluginu All in SEO Pack"},"content":{"rendered":"\n

Popul\u00e1rn\u00ed plugin Al in SEO Pack, kter\u00fd pou\u017e\u00edv\u00e1 v\u00edce ne\u017e dva miliony web\u016f, obsahuje v\u00e1\u017enou zranitelnost. <\/p>\n\n\n\n

Jde o neo\u0161et\u0159en\u00fd vstup p\u0159i ukl\u00e1d\u00e1n\u00ed meta dat, jako je title a description v metaboxu pluginu. <\/p>\n\n\n\n

To znamen\u00e1, \u017ee ka\u017ed\u00fd, kdo m\u00e1 opr\u00e1vn\u011bn\u00ed tato pole upravovat, m\u016f\u017ee spustit \u0161kodliv\u00fd k\u00f3d, co\u017e je i redaktor. <\/p>\n\n\n\n

Tak\u017ee kdokoliv, kdo m\u016f\u017ee p\u0159id\u00e1vat p\u0159\u00edsp\u011bvky, v\u00e1m m\u016f\u017ee hacknout web. <\/p>\n\n\n\n

V p\u0159\u00edpad\u011b, \u017ee z\u00e1\u0161kodn\u00edk vypln\u00ed do pole pro meta description k\u00f3d, m\u00edsto popisu, plugin ho bez sanitizace ulo\u017e\u00ed:<\/p>\n\n\n\n

$value = isset( $_POST[ \"aiosp_$optionName\" ] ) ? $_POST[ \"aiosp_$optionName\" ] : '';\n update_post_meta( $id, \"_aioseop_$optionName\", $value );\n<\/pre>\n\n\n\n

Co\u017e je u takov\u00e9ho pluginu opravdu pr\u016f\u0161vih. Ka\u017ed\u00fd m\u016f\u017ee ud\u011blat chybu, ale tohle je \u0161\u00edlen\u00e1 nedbalost. Sanitizace dat by m\u011bla b\u00fdt z\u00e1klad, p\u0159i ukl\u00e1d\u00e1n\u00ed hodnot do datab\u00e1ze. <\/p>\n\n\n\n

T\u00edm \u017ee se neo\u0161et\u0159en\u00fd k\u00f3d ulo\u017e\u00ed, sta\u010d\u00ed jej pak vyvolat na\u010dten\u00edm v\u00fdpisu post\u016f. Meta title a meta description se vypisuj\u00ed ve v\u00fdpisu \u010dl\u00e1nku v administraci a jenom zobrazen\u00ed tohoto v\u00fdpisu se k\u00f3d spust\u00ed. <\/p>\n\n\n\n

Pokud m\u00e1te podez\u0159en\u00ed na to, \u017ee v\u00e1m n\u011bkdo hacknul web a p\u0159estaly se v\u00e1m zobrazovat meta data pluginu All in SEO Pack v administraci \u010dl\u00e1nk\u016f, je to pravd\u011bpodobn\u011b zp\u016fsobeno touto zranitelnost\u00ed. <\/p>\n\n\n\n

Oprava probl\u00e9mu byla velmi rychl\u00e1, v\u010dera vy\u0161la verze 3.6.2, kter\u00e1 chybu \u0159e\u0161\u00ed, ale co si budeme \u0159\u00edkat – zraniteln\u00fdch web\u016f z\u016fstane cel\u00e1 \u0159ada. <\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Popul\u00e1rn\u00ed plugin Al in SEO Pack, kter\u00fd pou\u017e\u00edv\u00e1 v\u00edce ne\u017e dva miliony web\u016f, obsahuje v\u00e1\u017enou zranitelnost. Jde o neo\u0161et\u0159en\u00fd vstup p\u0159i ukl\u00e1d\u00e1n\u00ed meta dat, jako je title a description v metaboxu pluginu. To znamen\u00e1, \u017ee ka\u017ed\u00fd, kdo m\u00e1 opr\u00e1vn\u011bn\u00ed tato pole upravovat, m\u016f\u017ee spustit \u0161kodliv\u00fd k\u00f3d, co\u017e je i redaktor. Tak\u017ee kdokoliv, kdo m\u016f\u017ee p\u0159id\u00e1vat<\/p>\n","protected":false},"author":1,"featured_media":9470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-5714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5714"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=5714"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/9470"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=5714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=5714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=5714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}