{"id":37647,"date":"2022-06-04T01:30:03","date_gmt":"2022-06-03T22:30:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=37647"},"modified":"2022-06-04T01:30:03","modified_gmt":"2022-06-03T22:30:03","slug":"nextgen-gallery-eklentisinde-guvenlik-aciklari-kesfedildi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=37647","title":{"rendered":"NextGEN Gallery Eklentisinde G\u00fcvenlik A\u00e7\u0131klar\u0131 Ke\u015ffedildi"},"content":{"rendered":"<p>G\u00fcn\u00fcm\u00fczde internet sitesi geli\u015ftirmek isteyen bir ki\u015finin birinci se\u00e7eneklerinden birisi <strong>WordPress <\/strong>platformudur. \u0130ster deneyimli ister deneyimsiz herkes taraf\u0131ndan kullan\u0131labilen WordPress, kolayl\u0131\u011f\u0131 ve sahip oldu\u011fu her kullan\u0131c\u0131ya hitap edecek kadar geni\u015f eklenti k\u00fct\u00fcphanesiyle internet d\u00fcnyas\u0131ndaki pop\u00fclerli\u011fini m\u00fcdafaaya devam ediyor.<\/p>\n<p>Fakat bug\u00fcn, WordPress&#8217;in en tan\u0131nan eklentilerinden birisi hakk\u0131nda k\u0131ymetli bir ikaz yap\u0131ld\u0131. 2007 y\u0131l\u0131nda yay\u0131nlanan ve 800 binden fazla faal WordPress sitesinde kullan\u0131lan galeri eklentisi <strong>NextGEN Gallery&#8217;de<\/strong> birden fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffedildi. Uygulama geli\u015ftiricileri, ke\u015ffedilen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatmay\u0131 ba\u015fard\u0131 ve t\u00fcm kullan\u0131c\u0131lar\u0131n\u0131n <strong>eklentiyi g\u00fcncellemeleri gerekti\u011fini<\/strong> s\u00f6yledi.<\/p>\n<p><b>Site direkt ele ge\u00e7irilebiliyor:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/100\/36e53f52c0edfe686ee0cbaeeb3f8e11d884b334.jpeg\"\/><\/p>\n<p>Wordfence Threat Intelligence taraf\u0131ndan ke\u015ffedilen g\u00fcvenlik a\u00e7\u0131klar\u0131, iki adet &#8220;<strong>cross-site request forgery (CSRF\/XSRF)<\/strong>&#8221; isimli g\u00fcvenlik a\u00e7\u0131\u011f\u0131yd\u0131. G\u00fcvenlik a\u00e7\u0131klar\u0131, ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan s\u0131ras\u0131yla &#8220;<strong>y\u00fcksek \u015fiddet<\/strong>&#8221; ve &#8220;<strong>kritik<\/strong>&#8221; olarak s\u0131n\u0131fland\u0131r\u0131ld\u0131. A\u00e7\u0131klar, bir internet sitesinin ele ge\u00e7irilmesine neden olabilme potansiyeline sahipti.<\/p>\n<p>Eklentideki g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanmak isteyen bir sald\u0131rgan, \u00f6ncelikle WordPress y\u00f6neticisini bir formda kand\u0131rmal\u0131yd\u0131. Mak\u00fbs niyetli kontaklar ya da yemleme yoluyla tamamlanabilecek bu kademenin akabinde sald\u0131rgan, internet sitesine mak\u00fbs niyetli ili\u015fkiler ve yemleme d\u00fczenekleri ekleyebilirlerdi. Ayr\u0131yeten <strong>sitenin denetimi de<\/strong> <strong>b\u00fcsb\u00fct\u00fcn onlara ge\u00e7iyordu<\/strong>.<\/p>\n<p>Wordfence, payla\u015ft\u0131\u011f\u0131 blog yaz\u0131s\u0131nda bu taarruzun belirli bir derecede <strong>toplumsal m\u00fchendislik gerektirdi\u011fini<\/strong> tabir etti. NextGEN Gallery eklentisinin geli\u015ftiricileri g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatan bir g\u00fcncelleme yay\u0131nlam\u0131\u015f olsalar da bu g\u00fcncelleme \u015fimdi gayesine ula\u015fmad\u0131. Geli\u015ftiriciler, \u015fu ana kadar 300 bin kullan\u0131c\u0131n\u0131n gerekli g\u00fcncellemeyi y\u00fckledi\u011fini, geri kalan 500 binden fazla kullan\u0131c\u0131n\u0131nsa internet sitelerinin inan\u00e7s\u0131z oldu\u011funu a\u00e7\u0131klad\u0131.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>G\u00fcn\u00fcm\u00fczde internet sitesi geli\u015ftirmek isteyen bir ki\u015finin birinci se\u00e7eneklerinden birisi WordPress platformudur. \u0130ster deneyimli ister deneyimsiz &#8230;<\/p>\n","protected":false},"author":1,"featured_media":37648,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[1003,4827],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/37647"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37647"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/37647\/revisions"}],"predecessor-version":[{"id":37649,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/37647\/revisions\/37649"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/37648"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}