{"id":6437,"date":"2021-10-27T16:38:17","date_gmt":"2021-10-27T16:38:17","guid":{"rendered":"https:\/\/musilda.cz\/?p=6437"},"modified":"2021-10-27T16:38:17","modified_gmt":"2021-10-27T16:38:17","slug":"vazna-zranitelnost-v-pluginu-optin-monster-ohrozuje-vice-nez-1-000-000-webu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/vazna-zranitelnost-v-pluginu-optin-monster-ohrozuje-vice-nez-1-000-000-webu\/","title":{"rendered":"V\u00e1\u017en\u00e1 zranitelnost v pluginu Optin Monster ohro\u017euje v\u00edce ne\u017e 1 000 000 web\u016f"},"content":{"rendered":"\n

Optin Monster je velmi obl\u00edben\u00fd plugin pro vytv\u00e1\u0159en\u00ed prodejn\u00edch kampan\u00ed na WordPress webech. Verze pluginu ni\u017e\u0161\u00ed ne\u017e 2.6.5 velmi v\u00e1\u017enou zranitelnost, umo\u017e\u0148uj\u00edc\u00ed napadnou web.<\/p>\n\n\n\n

Plugin je dost roz\u0161\u00ed\u0159en\u00fd nato, aby jste tento probl\u00e9m brali dostate\u010dn\u011b v\u00e1\u017en\u011b. <\/p>\n\n\n\n

Optin Monster stejn\u011b jako site app, pro p\u0159enos dat pou\u017e\u00edv\u00e1 \u0159adu API endpoint\u016f, na kter\u00e9 jsou data sm\u011b\u0159ov\u00e1na.<\/p>\n\n\n\n

Bohu\u017eel, v\u011bt\u0161ina Rest API endpoint\u016f je velmi slab\u011b chr\u00e1n\u011bna a o\u0161et\u0159ena, proti p\u0159\u00edstupu neautorizovan\u00fdch u\u017eivatel\u016f na r\u016fzn\u00e9 endpointy na webu, kde je nainstalov\u00e1na zraniteln\u00e1 verze pluginu. <\/p>\n\n\n\n

Nejv\u00edce kritick\u00fd je p\u0159\u00edstup na Rest API endpoint \/wp-json\/omapp\/v1\/support\/, kter\u00fd umo\u017e\u0148uje z\u00edskat citliv\u00e9 informace, nap\u0159\u00edklad server path, spole\u010dn\u011b s API kl\u00ed\u010dem, kter\u00fd je vy\u017eadov\u00e1n pro zas\u00edl\u00e1n\u00ed request\u016f na OptinMonster web. <\/p>\n\n\n\n

S API kl\u00ed\u010dem m\u016f\u017ee \u00fato\u010dn\u00edk z\u00edskat p\u0159\u00edstup ke kampan\u00edm, kter\u00e9 m\u00e1te nastaven\u00e9 a ty pozm\u011bnit takov\u00fdm zp\u016fsobem, \u017ee do nich p\u0159id\u00e1 z\u00e1ke\u0159n\u00fd Javascript k\u00f3d, kter\u00fd m\u016f\u017ee kdykoliv spustit.<\/p>\n\n\n\n

Nejhor\u0161\u00ed na tom je, \u017ee \u00fato\u010dn\u00edk nemus\u00ed b\u00fdt nijak p\u0159ihl\u00e1\u0161en, nebo autorizov\u00e1n, proto\u017ee API endpoint m\u00e1 na parametru permisionss_callback implementov\u00e1nu funkci logged_in_or_has_api_key. <\/p>\n\n\n\n

Ta umo\u017e\u0148uje p\u0159i requestu na endpoint, kter\u00fd m\u00e1 jako referer nastaveno https:\/\/wp.app.optinmonster.test a request method = options, z\u00edskat jako odpov\u011b\u010f funkce true. <\/p>\n\n\n\n

Pak ji\u017e sta\u010d\u00ed nastavit X-HTTP-Method-Override na GET, nebo POST pro \u00fasp\u011b\u0161n\u00e9 vykon\u00e1n\u00ed requestu.<\/p>\n\n\n\n

Funkce logged_in_or_has_api_key:<\/p>\n\n\n\n

public function logged_in_or_has_api_key( $request ) {\n    if (\n        ! empty( $_SERVER['HTTP_REFERER'] )\n        && false !== strpos( $_SERVER['HTTP_REFERER'], 'https:\/\/wp.app.optinmonster.test' )\n        && 'OPTIONS' === $_SERVER['REQUEST_METHOD']\n    ) {\n        return true;\n    }\n\n    return is_user_logged_in() || true === $this->has_valid_api_key( $request );\n}<\/code><\/pre>\n\n\n\n

V p\u0159\u00edpad\u011b, \u017ee m\u00e1te podez\u0159en\u00ed, \u017ee v\u00e1\u0161 web byl napaden p\u0159es OptinMonster, podpora v\u00e1m zneplatn\u00ed v\u00e1\u0161 API kl\u00ed\u010d a vygeneruje v\u00e1m nov\u00fd. <\/p>\n\n\n\n

V ka\u017ed\u00e9m p\u0159\u00edpad\u011b tato chyba neovliv\u0148uje pouze tento konkr\u00e9tn\u00ed endpoint, ale i dal\u0161\u00ed, kter\u00e9 jsou pluginem registrov\u00e1ny, proto bez prodlevy aktualizujte plugin na verzi 2,6,5, kter\u00e1 obsahuje z\u00e1platu.<\/p>\n\n\n\n

Zdroj: https:\/\/www.wordfence.com\/blog\/2021\/10\/1000000-sites-affected-by-optinmonster-vulnerabilities\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Optin Monster je velmi obl\u00edben\u00fd plugin pro vytv\u00e1\u0159en\u00ed prodejn\u00edch kampan\u00ed na WordPress webech. Verze pluginu ni\u017e\u0161\u00ed ne\u017e 2.6.5 velmi v\u00e1\u017enou zranitelnost, umo\u017e\u0148uj\u00edc\u00ed napadnou web. Plugin je dost roz\u0161\u00ed\u0159en\u00fd nato, aby jste tento probl\u00e9m brali dostate\u010dn\u011b v\u00e1\u017en\u011b. Optin Monster stejn\u011b jako site app, pro p\u0159enos dat pou\u017e\u00edv\u00e1 \u0159adu API endpoint\u016f, na kter\u00e9 jsou data sm\u011b\u0159ov\u00e1na. Bohu\u017eel,<\/p>\n","protected":false},"author":1,"featured_media":9467,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-6437","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6437"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=6437"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6437\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/9467"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=6437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=6437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=6437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}