WordPress, \u00e7evikliyi v\u0259 geni\u015f plagin ekosistemin\u0259 g\u00f6r\u0259 m\u0259\u015fhur olan milyonlarla veb sayt\u0131n onur\u011fa s\u00fctunu olaraq qalmaqdad\u0131r. Bununla bel\u0259, onun geni\u015fl\u0259nm\u0259si b\u0259z\u0259n, x\u00fcsus\u0259n d\u0259 MU-Plugins (M\u00fctl\u0259q \u0130stifad\u0259 Edil\u0259n Plugins) il\u0259 ba\u011fl\u0131 z\u0259iflikl\u0259r\u0259 \u00e7evril\u0259 bil\u0259r. Bu yax\u0131nlarda MU-Plugins-i h\u0259d\u0259f alan bir istismar, WordPress icmas\u0131nda h\u0259y\u0259can t\u0259bili \u00e7ald\u0131 v\u0259 sayt administratorlar\u0131n\u0131n g\u00f6zard\u0131 ed\u0259 bilm\u0259diyi kritik t\u0259hl\u00fck\u0259sizlik riskl\u0259rini \u00fcz\u0259 \u00e7\u0131xard\u0131.<\/p>\n
Bu m\u0259qal\u0259d\u0259 MU-Plugin istismar\u0131n\u0131n daxili mexanizml\u0259ri d\u0259rind\u0259n ara\u015fd\u0131r\u0131l\u0131r, onun mexanikas\u0131n\u0131 de\u015fifr\u0259 edir v\u0259 vura bil\u0259c\u0259yi potensial z\u0259r\u0259rl\u0259r\u0259 i\u015f\u0131q sal\u0131r. Bununla yana\u015f\u0131, WordPress istifad\u0259\u00e7il\u0259rinin saytlar\u0131n\u0131 nec\u0259 qoruya v\u0259 bu gizli t\u0259hl\u00fck\u0259y\u0259 qar\u015f\u0131 g\u00fccl\u00fc t\u0259hl\u00fck\u0259sizlik m\u00f6vqel\u0259rini qoruya bil\u0259c\u0259kl\u0259ri bar\u0259d\u0259 praktiki m\u0259lumatlar ara\u015fd\u0131r\u0131l\u0131r.<\/p>\n
\u0130st\u0259r geli\u015ftirici, ist\u0259r sayt sahibi, ist\u0259rs\u0259 d\u0259 t\u0259hl\u00fck\u0259sizlik h\u0259v\u0259skar\u0131 olun, WordPress m\u00f6vcudlu\u011funuzun etibarl\u0131l\u0131\u011f\u0131n\u0131 v\u0259 etibarl\u0131l\u0131\u011f\u0131n\u0131 qorumaq \u00fc\u00e7\u00fcn bu \u00fcst\u00fcnl\u00fckl\u0259ri anlamaq vacibdir.<\/p>\n
MU-Pluginl\u0259r<\/strong> WordPress-d\u0259 istifad\u0259\u00e7i m\u00fcdaxil\u0259sin\u0259 ehtiyac olmadan h\u0259r s\u0259hif\u0259 y\u00fckl\u0259ndikd\u0259 avtomatik olaraq aktivl\u0259\u015f\u0259n v\u0259 i\u015fl\u0259y\u0259n x\u00fcsusi plaginl\u0259r var. Onlar x\u00fcsusi bir qovluqda yerl\u0259\u015firl\u0259r v\u0259 tez-tez t\u0259rtibat\u00e7\u0131lar t\u0259r\u0259find\u0259n vacib funksiyalar\u0131 v\u0259 ya t\u0259hl\u00fck\u0259sizlik yamalar\u0131n\u0131 yerl\u0259\u015fdirm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 olunurlar. Bu istismar, WordPress-in bu plaginl\u0259rd\u0259 yerl\u0259\u015fdirdiyi etibardan faydalanaraq, MU-Plugin qovlu\u011funa z\u0259r\u0259rli bir y\u00fck yeridir v\u0259 t\u0259cav\u00fczkarlar\u0131n ixtiyari kodu icra etm\u0259sin\u0259 imkan verir.<\/p>\n Eksploytun \u0259sas mahiyy\u0259ti bir \u00e7ox WordPress qur\u011fusunun yazma giri\u015fi verm\u0259sidir Texniki c\u0259h\u0259td\u0259n, istismar t\u0259hl\u00fck\u0259siz olmayan fayl y\u00fckl\u0259m\u0259 t\u0259cr\u00fcb\u0259l\u0259rind\u0259n v\u0259 z\u0259if qovluq icaz\u0259l\u0259rind\u0259n istifad\u0259 edir. Z\u0259r\u0259rli MU-Plugin daxil edildikd\u0259n sonra m\u0259lumatlar\u0131n \u00e7\u0131xar\u0131lmas\u0131ndan tutmu\u015f arxa qap\u0131 yarad\u0131lmas\u0131na v\u0259 hosting m\u00fchitind\u0259 sonrak\u0131 h\u00fccumlar \u00fc\u00e7\u00fcn f\u0131rlanmaya q\u0259d\u0259r bir s\u0131ra z\u0259r\u0259rli h\u0259r\u0259k\u0259tl\u0259r ed\u0259 bil\u0259r. A\u015fkarlamaq \u00e7\u0259tindir, \u00e7\u00fcnki bu MU-Pluginl\u0259r WordPress arxa plaginl\u0259ri b\u00f6lm\u0259sind\u0259 g\u00f6r\u00fcnm\u00fcr v\u0259 bu da onlar\u0131 bir \u00e7ox administrator \u00fc\u00e7\u00fcn g\u00f6r\u00fcnm\u0259z bir t\u0259hl\u00fck\u0259y\u0259 \u00e7evirir.<\/p>\n Bu MU-Plugin istismar\u0131na qar\u015f\u0131 ilk m\u00fcdafi\u0259 x\u0259tti m\u0259lumatl\u0131l\u0131qd\u0131r. Sayt sahibl\u0259ri MU-Plugin qovlu\u011funun g\u00fccl\u00fc olmas\u0131na baxmayaraq, \u0259n y\u00fcks\u0259k t\u0259hl\u00fck\u0259sizlik standartlar\u0131n\u0131 v\u0259 diqq\u0259tli idar\u0259etm\u0259ni t\u0259l\u0259b etdiyini bilm\u0259lidirl\u0259r. Yaln\u0131z etibarl\u0131 istifad\u0259\u00e7il\u0259rin bu qovlu\u011fa yazma giri\u015fi olmas\u0131n\u0131 t\u0259min etm\u0259k, icaz\u0259siz y\u00fckl\u0259m\u0259l\u0259ri v\u0259 ya d\u0259yi\u015fiklikl\u0259ri bloklayan m\u0259hdudla\u015fd\u0131r\u0131c\u0131 fayl icaz\u0259l\u0259rinin t\u0259tbiqi kimi vacibdir.<\/p>\n Bundan \u0259lav\u0259, m\u00fcnt\u0259z\u0259m auditl\u0259r Daha geni\u015f perspektivd\u0259n baxd\u0131qda, t\u0259kmill\u0259\u015fdirilmi\u015f server konfiqurasiyalar\u0131n\u0131, yenil\u0259nmi\u015f WordPress n\u00fcv\u0259sini v\u0259 plaginl\u0259rini, el\u0259c\u0259 d\u0259 g\u00fccl\u00fc identifikasiya protokollar\u0131n\u0131 birl\u0259\u015fdir\u0259n t\u0259hl\u00fck\u0259sizlik strategiyas\u0131n\u0131n t\u0259tbiqi istismar \u015fans\u0131n\u0131 k\u0259skin \u015f\u0259kild\u0259 azaldacaq. Veb sayt operatorlar\u0131 h\u0259m\u00e7inin PHP kodunu izl\u0259y\u0259n v\u0259 h\u0259ssas qovluqlar\u0131 h\u0259d\u0259f alan z\u0259r\u0259rli c\u0259hdl\u0259ri bloklayan x\u00fcsusi t\u0259hl\u00fck\u0259sizlik plaginl\u0259rind\u0259n istifad\u0259 etm\u0259yi d\u00fc\u015f\u00fcnm\u0259lidirl\u0259r.<\/p>\n MU-Plugin istismar\u0131, m\u00fctl\u0259q istifad\u0259 edilm\u0259li plaginl\u0259rd\u0259n istifad\u0259 ed\u0259n WordPress qura\u015fd\u0131rmalar\u0131nda gizli, lakin ciddi bir t\u0259hl\u00fck\u0259sizlik riskini ortaya qoyur. Avtomatik y\u00fckl\u0259m\u0259 v\u0259 plagin idar\u0259etm\u0259 interfeysind\u0259 g\u00f6r\u00fcnm\u0259zlik s\u0259b\u0259bind\u0259n MU-Pluginl\u0259r, h\u00fccum ed\u0259nl\u0259r \u00fc\u00e7\u00fcn davaml\u0131, a\u015fkarlanmas\u0131 \u00e7\u0259tin olan arxa qap\u0131lar\u0131 yerl\u0259\u015fdirm\u0259k \u00fc\u00e7\u00fcn \u0259sas vektor hal\u0131na g\u0259lir.<\/p>\n Bu riskl\u0259ri azaltmaq \u00fc\u00e7\u00fcn ciddi icaz\u0259 n\u0259zar\u0259ti, davaml\u0131 fayl b\u00fct\u00f6vl\u00fcy\u00fcn\u00fcn monitorinqi v\u0259 ixtisasla\u015fm\u0131\u015f t\u0259hl\u00fck\u0259sizlik vasit\u0259l\u0259rind\u0259n istifad\u0259 daxil olmaqla proaktiv t\u0259hl\u00fck\u0259sizlik gigiyenas\u0131 vacibdir. \u0130stismar mexanizml\u0259rini ba\u015fa d\u00fc\u015fm\u0259kl\u0259 v\u0259 \u00e7oxqatl\u0131 m\u00fcdafi\u0259 t\u0259tbiq etm\u0259kl\u0259 WordPress sayt sahibl\u0259ri r\u0259q\u0259msal aktivl\u0259rini bu artan h\u00fccum s\u0259thind\u0259n qoruya bil\u0259rl\u0259r.<\/p>\n WordPress ekosistemi inki\u015faf etdikc\u0259, m\u0259lumatl\u0131 v\u0259 ay\u0131q qalmaq, MU-Plugin istismar\u0131 da daxil olmaqla, yeni yaranan t\u0259hl\u00fck\u0259l\u0259ri aradan qald\u0131rmaq \u00fc\u00e7\u00fcn \u0259n yax\u015f\u0131 strategiya olaraq qal\u0131r. Etibarl\u0131l\u0131\u011f\u0131, i\u015fl\u0259m\u0259 m\u00fcdd\u0259tini v\u0259 rahatl\u0131\u011f\u0131 qorumaq \u00fc\u00e7\u00fcn sayt\u0131n\u0131z\u0131 bu g\u00fcn t\u0259hl\u00fck\u0259siz saxlay\u0131n.<\/p>","protected":false},"excerpt":{"rendered":" WordPress-in s\u0259thinin alt\u0131nda s\u0259ssiz bir t\u0259hl\u00fck\u0259 gizl\u0259nir: MU-Plugin istismar\u0131. Bu gizli z\u0259iflik veb saytlar\u0131 risk\u0259 at\u0131r v\u0259 h\u0259m t\u0259rtibat\u00e7\u0131lar\u0131, h\u0259m d\u0259 istifad\u0259\u00e7il\u0259ri t\u0259hl\u00fck\u0259sizlik m\u00fcdafi\u0259l\u0259rini yenid\u0259n d\u00fc\u015f\u00fcnm\u0259y\u0259 vadar edir.<\/p>","protected":false},"author":1,"featured_media":6554,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-6555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/6555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/comments?post=6555"}],"version-history":[{"count":0,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/6555\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media\/6554"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media?parent=6555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/categories?post=6555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/tags?post=6555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}mu-plugins<\/code> qovlu\u011fa daxil olun v\u0259 ya i\u00e7ind\u0259ki fayllar\u0131 d\u00fczg\u00fcn \u015f\u0259kild\u0259 yoxlay\u0131n. Hostinq icaz\u0259l\u0259rini u\u011furla pozan h\u00fccum\u00e7ular s\u0259ssizc\u0259 qanuni MU-Pluginl\u0259r kimi gizl\u0259dilmi\u015f skriptl\u0259ri ata bil\u0259rl\u0259r. WordPress adi plaginl\u0259rd\u0259n \u0259vv\u0259l MU-Pluginl\u0259ri y\u00fckl\u0259diyind\u0259n, bu, z\u0259r\u0259rli koda y\u00fcks\u0259k icra konteksti verir v\u0259 tez-tez administrator s\u0259viyy\u0259li imtiyazlar verir.<\/p>\n\n\n
\n \n\u0130stismar Komponenti<\/th>\n Risk T\u0259sviri<\/th>\n T\u0259sir<\/th>\n<\/tr>\n<\/thead>\n \n Z\u0259r\u0259rli MU-Plugin Fayl\u0131<\/td>\n \u0130caz\u0259siz PHP skripti daxil edildi<\/td>\n Admin h\u00fcquqlar\u0131 il\u0259 kod icras\u0131<\/td>\n<\/tr>\n \n Yanl\u0131\u015f Kataloq \u0130caz\u0259l\u0259ri<\/td>\n \u0130caz\u0259siz fayl y\u00fckl\u0259m\u0259l\u0259rin\u0259 icaz\u0259 verir<\/td>\n Davaml\u0131 arxa qap\u0131 qura\u015fd\u0131r\u0131lmas\u0131<\/td>\n<\/tr>\n \n T\u0259sdiql\u0259nm\u0259nin olmamas\u0131<\/td>\n Fayllar b\u00fct\u00f6vl\u00fck yoxlan\u0131\u015f\u0131 olmadan y\u00fckl\u0259ndi<\/td>\n WP admin panelind\u0259 g\u00f6r\u00fcnm\u0259zlik<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Sayt\u0131n\u0131z\u0131n T\u0259hl\u00fck\u0259sizliyi: WordPress T\u0259hl\u00fck\u0259sizlik Riskini Anlamaq<\/h3>\n
wp-content\/mu-plugins\/<\/code> qovluq anomaliyalar\u0131 erk\u0259n a\u015fkar etm\u0259y\u0259 k\u00f6m\u0259k ed\u0259 bil\u0259r. Bu plaginl\u0259r adi plagin idar\u0259etm\u0259 panelind\u0259 g\u00f6r\u00fcnm\u0259diyi \u00fc\u00e7\u00fcn nam\u0259lum fayllar\u0131 m\u00fc\u0259yy\u0259n etm\u0259k \u00fc\u00e7\u00fcn \u0259l il\u0259 fayl yoxlamas\u0131 v\u0259 ya avtomatla\u015fd\u0131r\u0131lm\u0131\u015f b\u00fct\u00f6vl\u00fck monitorinqi al\u0259tl\u0259ri laz\u0131md\u0131r. Real vaxt rejimind\u0259 fayl d\u0259yi\u015fikliyi bildiri\u015fl\u0259rinin inteqrasiyas\u0131 \u015f\u00fcbh\u0259li d\u0259yi\u015fiklikl\u0259r ba\u015f verdikd\u0259 administratorlar\u0131 tez bir zamanda x\u0259b\u0259rdar ed\u0259 bil\u0259r.<\/p>\n\n\n
\n \nT\u0259hl\u00fck\u0259sizlik T\u0259dbiri<\/th>\n T\u0259svir<\/th>\n Fayda<\/th>\n<\/tr>\n<\/thead>\n \n M\u0259hdudla\u015fd\u0131r\u0131c\u0131 Fayl \u0130caz\u0259l\u0259ri<\/td>\n MU-Plugin qovlu\u011funa yazma giri\u015fini m\u0259hdudla\u015fd\u0131r\u0131n<\/td>\n \u0130caz\u0259siz y\u00fckl\u0259m\u0259l\u0259rin qar\u015f\u0131s\u0131n\u0131 al\u0131r<\/td>\n<\/tr>\n \n Daimi Kataloq Auditl\u0259ri<\/td>\n Nam\u0259lum v\u0259 ya d\u0259yi\u015fdirilmi\u015f fayllar\u0131 skan edin<\/td>\n Erk\u0259n t\u0259hl\u00fck\u0259 a\u015fkarlanmas\u0131<\/td>\n<\/tr>\n \n T\u0259hl\u00fck\u0259sizlik Plaginl\u0259ri<\/td>\n Z\u0259r\u0259rli kodun icras\u0131n\u0131 izl\u0259yin v\u0259 bloklay\u0131n<\/td>\n \u0130stismarlara qar\u015f\u0131 g\u00fccl\u0259ndirilmi\u015f qorunma<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n N\u0259tic\u0259<\/h2>\n