{"id":2206,"date":"2025-03-09T11:57:36","date_gmt":"2025-03-09T11:57:36","guid":{"rendered":"https:\/\/dijitalturk.com\/veysel\/?p=2206"},"modified":"2025-03-09T11:57:36","modified_gmt":"2025-03-09T11:57:36","slug":"krpano-350den-fazla-web-sitesi-xss-saldirisi-altinda","status":"publish","type":"post","link":"https:\/\/dijitalturk.com\/veysel\/krpano-350den-fazla-web-sitesi-xss-saldirisi-altinda\/","title":{"rendered":"Krpano: 350&#8217;den Fazla Web Sitesi XSS Sald\u0131r\u0131s\u0131 Alt\u0131nda"},"content":{"rendered":"<h1>Sanal Tur Tuza\u011f\u0131: 350&#8217;den Fazla Web Sitesi XSS Sald\u0131r\u0131s\u0131 Alt\u0131nda!<\/h1>\n<p>Siber d\u00fcnyada tehlike \u00e7anlar\u0131 \u00e7al\u0131yor! K\u00f6t\u00fc niyetli ki\u015filerin, pop\u00fcler bir sanal tur olu\u015fturma arac\u0131 olan Krpano&#8217;daki kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanarak y\u00fczlerce web sitesine sald\u0131rd\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131. &#8220;360XSS&#8221; olarak adland\u0131r\u0131lan bu sald\u0131r\u0131, arama sonu\u00e7lar\u0131n\u0131 manip\u00fcle etmeyi ve b\u00fcy\u00fck \u00f6l\u00e7ekli bir spam reklam kampanyas\u0131n\u0131 desteklemeyi ama\u00e7l\u0131yor.<\/p>\n<h2>Kurban: Krpano ve Zafiyetin Detaylar\u0131<\/h2>\n<p>The Hacker News&#8217;in haberine g\u00f6re, g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 Oleg Zaytsev taraf\u0131ndan ortaya \u00e7\u0131kar\u0131lan bu olayda, sald\u0131rganlar Krpano \u00e7er\u00e7evesindeki bir <b>siteler aras\u0131 komut dosyas\u0131 \u00e7al\u0131\u015ft\u0131rma (XSS)<\/b> zafiyetini silah haline getirdi. Bu zafiyet, sald\u0131rganlar\u0131n y\u00fczlerce web sitesine k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131 enjekte etmesine olanak sa\u011flad\u0131.<\/p>\n<p><b>Oleg Zaytsev kimdir?<\/b><\/p>\n<p>Oleg Zaytsev, siber g\u00fcvenlik alan\u0131nda tan\u0131nm\u0131\u015f bir ara\u015ft\u0131rmac\u0131d\u0131r. Zay\u0131fl\u0131k ke\u015fifleri ve siber g\u00fcvenlik fark\u0131ndal\u0131\u011f\u0131na katk\u0131lar\u0131yla bilinmektedir.<\/p>\n<p>Sald\u0131r\u0131n\u0131n temel noktalar\u0131 \u015funlar:<\/p>\n<ul>\n<li><b>Zafiyet:<\/b> Sald\u0131r\u0131, Krpano&#8217;nun eski s\u00fcr\u00fcmlerini (1.20.8&#8217;den \u00f6nceki s\u00fcr\u00fcmler) hedef ald\u0131 ve <code>krpano HTTPServer<\/code>&#8216;daki g\u00fcvensiz serile\u015ftirme \u00f6zelli\u011fini kulland\u0131.<\/li>\n<li><b>Sald\u0131r\u0131 Vekt\u00f6r\u00fc:<\/b> Hacker&#8217;lar, savunmas\u0131z siteleri tespit etmek i\u00e7in otomatik taramalar kulland\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckler da\u011f\u0131tt\u0131.<\/li>\n<li><b>Etki:<\/b> Ele ge\u00e7irilen sunucular sald\u0131rganlar taraf\u0131ndan tamamen kontrol edilebilir hale geldi, bu da hassas verileri ve kullan\u0131c\u0131 g\u00fcvenini riske att\u0131.<\/li>\n<li><b>\u00d6nlem:<\/b> Kullan\u0131c\u0131lara en son Krpano s\u00fcr\u00fcm\u00fcne g\u00fcncellemeleri ve yetkisiz de\u011fi\u015fiklikler i\u00e7in sunucu yap\u0131land\u0131rmalar\u0131n\u0131 denetlemeleri \u015fiddetle tavsiye edildi.<\/li>\n<\/ul>\n<h2>Kritik A\u00e7\u0131klama: Uzaktan Kod Y\u00fcr\u00fctme (RCE) Zafiyeti<\/h2>\n<p>Sald\u0131rganlar, Krpano&#8217;nun eski s\u00fcr\u00fcmlerinde bulunan ve <b>uzaktan kod y\u00fcr\u00fctme (RCE)<\/b> olarak bilinen kritik bir zafiyetten yararland\u0131. Bu zafiyet sayesinde, web sitelerine zararl\u0131 kodlar enjekte edebildiler. Bu durum, yetkisiz sunucu eri\u015fimine, veri h\u0131rs\u0131zl\u0131\u011f\u0131na, web sitesi tahrifat\u0131na ve hatta k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131m\u0131na yol a\u00e7abilir.<\/p>\n<h2>Harekete Ge\u00e7me Vakti: G\u00fcvenli\u011finizi Sa\u011flama Al\u0131n<\/h2>\n<p>Bu olay, web uygulamalar\u0131 i\u00e7in zaman\u0131nda yaz\u0131l\u0131m g\u00fcncellemelerinin ve proaktif g\u00fcvenlik izlemesinin \u00f6nemini bir kez daha vurguluyor. E\u011fer Krpano kullan\u0131yorsan\u0131z veya kullanan bir web siteniz varsa, derhal en son s\u00fcr\u00fcme g\u00fcncelleyin ve sunucu yap\u0131land\u0131rmalar\u0131n\u0131z\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in kontrol edin.<\/p>\n<h2>Unutmay\u0131n: Siber G\u00fcvenlik S\u00fcrekli Bir M\u00fccadeledir<\/h2>\n<p>Siber g\u00fcvenlik tehditleri s\u00fcrekli geli\u015fiyor. Bu nedenle, web sitesi sahipleri ve geli\u015ftiricilerin g\u00fcvenlik konusunda dikkatli olmalar\u0131, yaz\u0131l\u0131mlar\u0131n\u0131 g\u00fcncel tutmalar\u0131 ve d\u00fczenli olarak g\u00fcvenlik taramalar\u0131 yapmalar\u0131 hayati \u00f6nem ta\u015f\u0131yor. Aksi takdirde, bu t\u00fcr sald\u0131r\u0131lar\u0131n hedefi olmak ka\u00e7\u0131n\u0131lmaz olabilir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sanal Tur Tuza\u011f\u0131: 350&#8217;den Fazla Web Sitesi XSS Sald\u0131r\u0131s\u0131 Alt\u0131nda! Siber d\u00fcnyada tehlike \u00e7anlar\u0131 \u00e7al\u0131yor! K\u00f6t\u00fc niyetli ki\u015filerin, pop\u00fcler bir [&hellip;]<\/p>\n","protected":false},"author":512,"featured_media":2205,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[36],"tags":[87,155,370],"class_list":["post-2206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haber","tag-guvenlik","tag-hack","tag-security"],"uagb_featured_image_src":{"full":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss.png",728,380,false],"thumbnail":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss-150x150.png",150,150,true],"medium":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss-300x157.png",300,157,true],"medium_large":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss.png",728,380,false],"large":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss-600x313.png",600,313,true],"1536x1536":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss.png",728,380,false],"2048x2048":["https:\/\/dijitalturk.com\/veysel\/wp-content\/uploads\/2025\/03\/2025-02-26T171900.000Z_1741412136_xss.png",728,380,false]},"uagb_author_info":{"display_name":"Dragon DT","author_link":"https:\/\/dijitalturk.com\/veysel\/author\/dragon\/"},"uagb_comment_info":0,"uagb_excerpt":"Sanal Tur Tuza\u011f\u0131: 350&#8217;den Fazla Web Sitesi XSS Sald\u0131r\u0131s\u0131 Alt\u0131nda! Siber d\u00fcnyada tehlike \u00e7anlar\u0131 \u00e7al\u0131yor! K\u00f6t\u00fc niyetli ki\u015filerin, pop\u00fcler bir [&hellip;]","_links":{"self":[{"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/posts\/2206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/users\/512"}],"replies":[{"embeddable":true,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/comments?post=2206"}],"version-history":[{"count":0,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/posts\/2206\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/media\/2205"}],"wp:attachment":[{"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/media?parent=2206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/categories?post=2206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dijitalturk.com\/veysel\/wp-json\/wp\/v2\/tags?post=2206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}