{"id":8799,"date":"2016-10-26T15:09:28","date_gmt":"2016-10-26T13:09:28","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=8799"},"modified":"2021-07-06T09:56:48","modified_gmt":"2021-07-06T07:56:48","slug":"prestashop-virusu-yonetici-kimlik-bilgilerini-kullaniyor","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/prestashop-virusu-yonetici-kimlik-bilgilerini-kullaniyor\/","title":{"rendered":"Prestashop Vir\u00fcs\u00fc Y\u00f6netici Kimlik Bilgilerini Kullan\u0131yor"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">\u015eu an ortal\u0131kta <strong>Prestashop<\/strong> kullan\u0131c\u0131lar\u0131n\u0131 tehdit eden yeni bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m dolan\u0131yor. G\u00fcvenlik uzmanlar\u0131na g\u00f6re bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m e-ticaret ma\u011fazalar\u0131n\u0131n y\u00f6neticilerinin oturum a\u00e7ma bilgilerini hedef almakta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u015eu an yaln\u0131zca Prestashop uygulamalar\u0131n\u0131 hedef alan bu yeni k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, siber g\u00fcvenlik \u015firketi Sucuri ara\u015ft\u0131rmac\u0131s\u0131 Conrado Torquato taraf\u0131ndan hacklenmi\u015f bir e-ticaret ma\u011fazas\u0131nda bulundu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Torquato sald\u0131rgan\u0131n e-ticaret sitesinin sunucusuna eri\u015fim sa\u011flad\u0131\u011f\u0131n\u0131 ve \u201c.\/controllers\/admin\/AdminLoginController.php\u201d dosyas\u0131n\u0131 de\u011fi\u015ftirerek dosyaya bir keylogger ekledi\u011fini s\u00f6yl\u00fcyor.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-8800 size-medium\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/10\/prestashop-k\u00f6t\u00fc-ama\u00e7l\u0131-yaz\u0131l\u0131m\u0131-300x184.jpg\" alt=\"prestashop k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131\" width=\"300\" height=\"184\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/10\/prestashop-k\u00f6t\u00fc-ama\u00e7l\u0131-yaz\u0131l\u0131m\u0131-300x184.jpg 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/10\/prestashop-k\u00f6t\u00fc-ama\u00e7l\u0131-yaz\u0131l\u0131m\u0131.jpg 769w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><strong><span style=\"font-size: 14pt;\">Prestashop oturum a\u00e7ma sayfas\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 bir PHP kodu eklenmi\u015f<\/span><\/strong><\/p>\n<p><span style=\"font-size: 14pt;\">Bu PHP dosyas\u0131 y\u00f6netici panelinin oturum a\u00e7ma sayfas\u0131n\u0131 y\u00fckl\u00fcyor. Sald\u0131rgan\u0131n dosya i\u00e7erisine ekledi\u011fi ekstra kod y\u00f6neticilerin oturum a\u00e7ma formuna girdikleri metinleri topluyor ve e-posta vas\u0131tas\u0131yla sald\u0131rgan\u0131n posta kutusuna g\u00f6nderiyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Torquato inceleme alt\u0131na ald\u0131\u011f\u0131 e-ticaret sitesinde sald\u0131rgan\u0131n sitenin alan ad\u0131n\u0131, oturum a\u00e7ma sayfas\u0131n\u0131n URL\u2019sini ve y\u00f6neticinin kimlik bilgilerini toplad\u0131\u011f\u0131n\u0131 ifade ediyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u201cBu e-postada sald\u0131rgan\u0131n hacklenmi\u015f Prestashop sitesinde oturum a\u00e7mak i\u00e7in ihtiya\u00e7 duydu\u011fu t\u00fcm bilgiler yer almakta,\u201d diyor Torquato.<\/span><\/p>\n<p><strong><span style=\"font-size: 14pt;\">Sald\u0131rgan sunucuyu hacklemi\u015f olmas\u0131na ra\u011fmen y\u00f6netici kimlik bilgilerini girmi\u015f<\/span><\/strong><\/p>\n<p><span style=\"font-size: 14pt;\">Torquato\u2019nun a\u00e7\u0131klayamad\u0131\u011f\u0131 \u015fey ise sald\u0131rgan\u0131n zaten halihaz\u0131rda siteyi ele ge\u00e7irmi\u015f ve sitenin kaynak kodunu de\u011fi\u015ftirmi\u015fken neden bir de y\u00f6netici oturum a\u00e7ma bilgilerine ihtiya\u00e7 duydu\u011fu. Sald\u0131rgan\u0131n ihtiya\u00e7 duydu\u011fu her \u015feye eri\u015fimi varken ve kendi y\u00f6netici hesab\u0131n\u0131 kolayl\u0131kla olu\u015fturabilecekken neden b\u00f6yle bir y\u00f6nteme ba\u015fvurdu\u011fu merak konusu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bunun muhtemel nedenlerinden birinin baz\u0131 ma\u011fazalar\u0131n daha b\u00fcy\u00fck bir \u015firketin yaln\u0131zca g\u00f6r\u00fcnen y\u00fczleri olmas\u0131 oldu\u011fu dile getiriliyor. Sald\u0131rganlar ma\u011faza sahiplerinin Prestashop oturum a\u00e7ma bilgilerini \u0130ntranetler, i\u00e7erik y\u00f6netim sistemleri, <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\" rel=\"noopener noreferrer\">VDS<\/a> sunucular\u0131, g\u00fcvenlik duvarlar\u0131 gibi di\u011fer dahili sistemlerde kulland\u0131klar\u0131n\u0131 tespit ettiklerinde, \u00e7alabilecekleri di\u011fer hassas bilgilerin sakland\u0131\u011f\u0131 sistemlere eri\u015fim sa\u011flayabiliyorlar. \u00a0<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sucuri ara\u015ft\u0131rmac\u0131s\u0131 Conrado Torquato ara\u015ft\u0131rmay\u0131 yapt\u0131\u011f\u0131 s\u00fcre zarf\u0131nda y\u00f6netici oturum a\u00e7ma bilgilerinin e-posta yoluyla g\u00f6nderildi\u011fi Gmail adresinin silindi\u011fini s\u00f6yl\u00fcyor. Bunu da Google\u2019\u0131n bir suiistimal ihbar\u0131 sonucunda yapm\u0131\u015f olabilece\u011fini s\u00f6zlerine ekliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Online ma\u011fazalarda oturum a\u00e7ma bilgilerinin \u00e7al\u0131nd\u0131\u011f\u0131na pek s\u0131k rastlanmaz. \u00c7o\u011fu durumda g\u00fcvenlik uzmanlar\u0131 bu ma\u011fazalarda kredi kart\u0131 bilgilerini ve \u00f6deme formlar\u0131n\u0131 toplayan k\u00f6t\u00fc ama\u00e7l\u0131 kodlara rastlarlar. Bu nedenle Prestashop olay\u0131 hen\u00fcz gizemini korumakta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>Kaynak:<\/strong> http:\/\/news.softpedia.com\/news\/prestashop-malware-found-logging-admin-credentials-509548.shtml<br \/>\n<\/span><br \/>\n<span style=\"font-size: 14pt;\"><strong>Yazar:<\/strong> https:\/\/blog.sucuri.net\/2016\/10\/credentials-stealer-prestashop.html<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u015eu an ortal\u0131kta Prestashop kullan\u0131c\u0131lar\u0131n\u0131 tehdit eden yeni bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m dolan\u0131yor. G\u00fcvenlik uzmanlar\u0131na g\u00f6re bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m e-ticaret ma\u011fazalar\u0131n\u0131n&hellip;<\/p>\n","protected":false},"author":3,"featured_media":8801,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8799"}],"version-history":[{"count":6,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8799\/revisions"}],"predecessor-version":[{"id":14004,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8799\/revisions\/14004"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/8801"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}