Aafiaga
E mafai e se tagata osofa'i fa'amaonia ona fa'aogaina le PHP code i luga ole laiga ole upegatafa'ilagi [S1]. O lenei mea e mafai ai mo le faʻaogaina atoatoa o le faiga, e aofia ai le faʻaogaina o faʻamatalaga, suiga o mea o loʻo i ai i luga ole laiga, ma le faʻagasolo i tua i totonu ole siosiomaga talimalo [S1].
Mafua'aga
O lo'o iai le fa'aletonu i le SPIP template fasis ma vaega tu'ufa'atasi [S1]. Ua le mafai e le faiga ona fa'amaonia sa'o pe fa'amamā mea fa'aoga i totonu o fa'ailoga fa'ata'ita'i fa'apitoa pe a fa'agaoioi faila na tu'uina atu [S1]. Aemaise lava, o lo'o fa'aogaina sese e le tagata fa'apipi'i fa'ailoga INCLUDE po'o INCLURE i totonu o faila HTML [S1]. Pe a maua e se tagata osofaʻi nei faila na tuʻuina atu e ala i le gaioiga valider_xml, o loʻo faʻagasolo faʻailoga leaga, e taʻitaʻia ai le PHP code execution [S1].
A'afia Versions
- SPIP versions 3.1.2 ma lomiga uma muamua [S1].
Fa'afouga
Fa'afou le SPIP i se fa'amatalaga fou nai lo le 3.1.2 e fa'ailoa ai lenei fa'aletonu [S1]. Ia mautinoa o faʻatagaga e tuʻuina atu faila e faʻatapulaʻaina lava i tagata faʻalagolago i le pulega ma o faila na lafoina e le teuina i totonu o faʻatonuga e mafai ai e le upega tafaʻilagi ona faʻatinoina o ni tusitusiga [S1].
Fa'afefea ona su'e le FixVibe
E mafai e le FixVibe ona iloa lenei tulaga vaivai e ala i ni auala autu se lua:
- Passive Fingerprinting: E ala i le su'esu'eina o ulutala tali HTTP po'o fa'ailoga meta fa'apitoa i le puna HTML, e mafai e le FixVibe ona iloa le fa'aogaina o le SPIP [S1]. Afai o le lomiga o le 3.1.2 poʻo le laʻititi, o le a faʻaosoina se mataala maualuga [S1].
- Repository Scanning: Mo tagata fa'aoga e fa'afeso'ota'i a latou GitHub repositories, FixVibe's repo scanner e mafai ona su'esu'eina faila fa'alagolago po'o fa'aliliuga fa'auiga tumau i le SPIP source code e iloa ai mea fa'apipi'i vaivai ZXCVFIXXVIBETOKEN0.