{"id":967,"date":"2023-06-10T19:11:38","date_gmt":"2023-06-10T11:11:38","guid":{"rendered":"http:\/\/www.megalion.net\/?p=967"},"modified":"2023-06-24T12:15:12","modified_gmt":"2023-06-24T04:15:12","slug":"progress-moveit-transfer%e5%ad%98%e5%9c%a8sql%e6%b3%a8%e5%85%a5%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/www.megalion.net\/?p=967","title":{"rendered":"Progress MOVEit Transfer\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

\u96f6\u65e5\u6f0f\u6d1e\u88ab\u5229\u7528\u8fdb\u884c\u6570\u636e\u7a83\u53d6\u653b\u51fb<\/h3>\n\n\n\n

https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023<\/a><\/p>\n\n\n\n

CVEs: CVE-2023-34362<\/p>\n\n\n\n

\u5728MOVEit Transfer\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u53d1\u73b0\u4e86\u4e00\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u8bbf\u95eeMOVEit Transfer\u7684\u6570\u636e\u5e93\u3002\u6839\u636e\u4f9b\u5e94\u5546\u7684\u8bf4\u6cd5\uff0c\u6839\u636e\u4f7f\u7528\u7684\u6570\u636e\u5e93\u5f15\u64ce\uff08MySQL\u3001Microsoft SQL Server\u6216Azure SQL\uff09\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u80fd\u591f\u83b7\u53d6\u6709\u5173\u6570\u636e\u5e93\u7684\u7ed3\u6784\u548c\u5185\u5bb9\u7684\u4fe1\u606f\uff0c\u5e76\u6267\u884c\u53ef\u4ee5\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\u5e93\u5143\u7d20\u7684SQL\u8bed\u53e5\u3002<\/p>\n\n\n\n

\u80cc\u666f<\/h3>\n\n\n\n

MOVEit Transfer\u662f\u7531Progress Software Corporation\u7684\u5b50\u516c\u53f8Ipswitch\u5f00\u53d1\u7684\u6258\u7ba1\u6587\u4ef6\u4f20\u8f93\uff08MFT\uff09\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u5141\u8bb8\u4f01\u4e1a\u4f7f\u7528SFTP\u3001SCP\u548c\u57fa\u4e8eHTTP\u7684\u4e0a\u4f20\u5b89\u5168\u5730\u5728\u4e1a\u52a1\u4f19\u4f34\u548c\u5ba2\u6237\u4e4b\u95f4\u4f20\u8f93\u6587\u4ef6\u3002\u4eca\u5e742\u6708\uff0c\u6211\u4eec\u66fe\u7ecf\u770b\u5230\u53e6\u4e00\u79cdMFT\u89e3\u51b3\u65b9\u6848Fortra GoAnywhere MFT\u88ab\u653b\u51fb\u8005\u7528\u4e8e\u52d2\u7d22\u8f6f\u4ef6\u653b\u51fb\u5404\u79cd\u7ec4\u7ec7\uff0c\u8fd9\u663e\u793a\u6587\u4ef6\u4f20\u8f93\u89e3\u51b3\u65b9\u6848\u4ecd\u7136\u662f\u52d2\u7d22\u8f6f\u4ef6\u653b\u51fb\u7684\u76ee\u6807\u3002\u8981\u9605\u8bfb\u5b8c\u6574\u7684\u75ab\u60c5\u62a5\u544a\uff0c\u8bf7\u8f6c\u5230\u4e0b\u9762\u7684\u9644\u52a0\u8d44\u6e90\u90e8\u5206\u3002<\/p>\n\n\n\n

\u5df2\u5ba3\u5e03
2023\u5e745\u670831\u65e5\uff1aProgress Software Corporation\u5ba3\u5e03\u4e86\u6b64\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u94fe\u63a5\uff1ahttps:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023<\/a><\/p>\n\n\n\n

\u6700\u65b0\u8fdb\u5c55<\/h3>\n\n\n\n

2023\u5e746\u67082\u65e5\uff1aFortiGuard\u5b9e\u9a8c\u5ba4\u53d1\u5e03\u4e86\u5173\u4e8eProgress MOVEit Transfer SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u5a01\u80c1\u4fe1\u53f7\u3002<\/p>\n\n\n\n

https:\/\/www.fortiguard.com\/threat-signal-report\/5174<\/a><\/p>\n\n\n\n

2023\u5e746\u67084\u65e5\uff1a\u5fae\u8f6f\u5c06\u5229\u7528CVE-2023-34362 MOVEit Transfer 0-day\u6f0f\u6d1e\u7684\u653b\u51fb\u4e0eLace Tempest\uff08\u53c8\u540dCl0p\uff09\u52d2\u7d22\u8f6f\u4ef6\u56e2\u4f19\u8054\u7cfb\u8d77\u6765\u3002<\/p>\n\n\n\n

https:\/\/twitter.com\/MsftSecIntel\/status\/1665537730946670595<\/a><\/p>\n\n\n\n

2023\u5e746\u67087\u65e5\uff1aCISA\u53d1\u5e03\u4e86\u4e00\u4efd\u7f51\u7edc\u5b89\u5168\u8b66\u62a5\u3002\u201c\u52d2\u7d22\u8f6f\u4ef6\u56e2\u4f19\u5229\u7528CVE-2023-34362 MOVEit\u6f0f\u6d1e\u201d\u3002<\/p>\n\n\n\n

https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-158a<\/a><\/p>\n\n\n\n

2023\u5e746\u67088\u65e5\uff1aFortiGuard\u5a01\u80c1\u5b9e\u9a8c\u5ba4\u53d1\u5e03\u4e86\u4e00\u7bc7\u5173\u4e8eCVE-2023-34362\u7684\u8be6\u7ec6\u535a\u5ba2\u3002<\/p>\n\n\n\n

https:\/\/www.fortinet.com\/blog\/threat-research\/moveit-transfer-critical-vulnerability-cve-2023-34362-exploited-as-a-0-day<\/a><\/p>\n\n\n\n

\n

\u6587\u7ae0\u5f15\u7528<\/p>\nhttps:\/\/www.fortiguard.com\/outbreak-alert\/progress-moveit-transfer-sql-injection<\/a><\/cite><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

\u96f6\u65e5\u6f0f\u6d1e\u88ab\u5229\u7528\u8fdb\u884c\u6570\u636e\u7a83\u53d6\u653b\u51fb https:\/\/community.progress.com\/s\/articl […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[],"class_list":["post-967","post","type-post","status-publish","format-standard","hentry","category-38"],"_links":{"self":[{"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/posts\/967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.megalion.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=967"}],"version-history":[{"count":3,"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/posts\/967\/revisions"}],"predecessor-version":[{"id":970,"href":"https:\/\/www.megalion.net\/index.php?rest_route=\/wp\/v2\/posts\/967\/revisions\/970"}],"wp:attachment":[{"href":"https:\/\/www.megalion.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.megalion.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.megalion.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}