{"id":5198,"date":"2015-10-26T06:50:45","date_gmt":"2015-10-26T06:50:45","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=5198"},"modified":"2015-10-26T07:49:41","modified_gmt":"2015-10-26T07:49:41","slug":"drupal-7-41-ve-joomla-3-4-5-in-guvenlik-aciklari-kapatildi","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/drupal-7-41-ve-joomla-3-4-5-in-guvenlik-aciklari-kapatildi\/","title":{"rendered":"Drupal 7.41 ve Joomla 3.4.5 &#8216;in g\u00fcvenlik a\u00e7\u0131klar\u0131 kapat\u0131ld\u0131"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Pop\u00fcler i\u00e7erik y\u00f6netim sistemleri (CMS) <strong>Joomla 3.4.5 ve Drupal 7.41 g\u00fcncellemeleri ile \u00e7e\u015fitli g\u00fcvenlik a\u00e7\u0131klar\u0131 kapat\u0131ld\u0131.<\/strong><\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69e74233d94d4\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-69e74233d94d4\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/drupal-7-41-ve-joomla-3-4-5-in-guvenlik-aciklari-kapatildi\/#Drupal-741\" >Drupal\u00a07.41<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/drupal-7-41-ve-joomla-3-4-5-in-guvenlik-aciklari-kapatildi\/#Joomla-345\" >Joomla\u00a03.4.5<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Drupal-741\"><\/span><span style=\"font-size: 14pt;\">Drupal\u00a07.41<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ge\u00e7ti\u011fimiz hafta yay\u0131nlanan Drupal 7.41 g\u00fcncellemesi ile d\u00fc\u015f\u00fck kritik seviyedeki <strong>&#8220;open redirect&#8221; a\u00e7\u0131\u011f\u0131 kapat\u0131lm\u0131\u015f oldu<\/strong>. Drupal core&#8217;daki Overlay mod\u00fcl\u00fcndeki bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 <strong>Drupal 7.0 ve sonraki t\u00fcm s\u00fcr\u00fcmlerde yer al\u0131yordu.<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu a\u00e7\u0131k, Overlay mod\u00fcl\u00fc aktif olan ve &#8220;access to administrative overlay&#8221; izni verilmi\u015f t\u00fcm kullan\u0131c\u0131lar\u0131 etkiliyordu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/drupal.png\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"aligncenter size-full wp-image-5200\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/drupal.png\" alt=\"drupal\" width=\"397\" height=\"174\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/drupal.png 397w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/drupal-300x131.png 300w\" sizes=\"(max-width: 397px) 100vw, 397px\" \/><\/a><\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Joomla-345\"><\/span><span style=\"font-size: 14pt;\">Joomla\u00a03.4.5<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Benzer bir \u015fekilde ge\u00e7ti\u011fimiz hafta yay\u0131nlanan Joomla\u00a03.4.5 ile bir \u00e7ok g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kapat\u0131l\u0131rken, ayn\u0131 zamanda <strong>UploadShield sistemine de g\u00fcvenlik geli\u015ftirmeleri getirmi\u015f oldu.<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kapat\u0131lan a\u00e7\u0131klar aras\u0131ndan <strong>en ciddi olan\u0131 ise SQL injection&#8217;a imkan tan\u0131yan<\/strong>, ve Trustwave&#8217;den Asaf Orpani ve PerimeterX&#8217;den Netanel Rubin taraf\u0131ndan bildirilen a\u00e7\u0131k denilebilir.<a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/drupal.png\"><br \/>\n<\/a><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/joomla.jpg\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"aligncenter size-full wp-image-5199\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/joomla.jpg\" alt=\"joomla\" width=\"540\" height=\"230\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/joomla.jpg 540w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/joomla-300x128.jpg 300w\" sizes=\"(max-width: 540px) 100vw, 540px\" \/><\/a><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ayr\u0131ca ara\u015ft\u0131rmac\u0131lar\u0131n bildirdi\u011fine g\u00f6re Joomla&#8217;n\u0131n administrator klas\u00f6r\u00fcndeki bir PHP dosyas\u0131, bir SQL injection ile tetiklenerek sald\u0131rgan\u0131n web sitesinin <strong>veritaban\u0131na \u00f6zel \u00fcretilmi\u015f bir request&#8217;i g\u00f6ndermesine<\/strong> imkan tan\u0131yor. Bu a\u00e7\u0131k Joomla 3.2.0&#8217;dan 3.4.4&#8217;e kadarki t\u00fcm s\u00fcr\u00fcmlerde yer al\u0131yordu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">SQL injection&#8217;a ek olarak, Joomla 3.4.5 gizli olmas\u0131 gereken verilerin okunmas\u0131na imkan veren bir \u00e7ok ACL violation&#8217;\u0131 da \u00e7\u00f6z\u00fcyor ve <strong>platformu daha g\u00fcvenli hale getiriyor.<\/strong><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pop\u00fcler i\u00e7erik y\u00f6netim sistemleri (CMS) Joomla 3.4.5 ve Drupal 7.41 g\u00fcncellemeleri ile \u00e7e\u015fitli g\u00fcvenlik a\u00e7\u0131klar\u0131 kapat\u0131ld\u0131. Drupal\u00a07.41 Ge\u00e7ti\u011fimiz hafta yay\u0131nlanan Drupal 7.41&hellip;<\/p>\n","protected":false},"author":3,"featured_media":5201,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5198"}],"version-history":[{"count":5,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5198\/revisions"}],"predecessor-version":[{"id":5209,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5198\/revisions\/5209"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/5201"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}