Similar documents
10.ppt

Microsoft PowerPoint - GUI _DB연동.ppt [호환 모드]

PHP & ASP

PowerPoint 프레젠테이션

Connection 8 22 UniSQLConnection / / 9 3 UniSQL OID SET

Ext JS À¥¾ÖÇø®ÄÉÀ̼ǰ³¹ß-³¹Àå.PDF

하둡을이용한파일분산시스템 보안관리체제구현

歯JavaExceptionHandling.PDF

쉽게 풀어쓴 C 프로그래밍

SK Telecom Platform NATE

3장

Overall Process

쉽게 풀어쓴 C 프로그래밊

Javascript.pages

Eclipse 와 Firefox 를이용한 Javascript 개발 발표자 : 문경대 11 년 10 월 26 일수요일

rmi_박준용_final.PDF

J2EE Concepts

PowerPoint Template

자바-11장N'1-502

14-Servlet

- 다음은 Statement 객체를사용해서삽입 (insert) 작업의예 String sql = "insert into member(code, name, id, pwd, age) values ("; int id = 10; sql = sql + id +, ;// 항목사이에

개발문서 Oracle - Clob

12-file.key

JSP 의내장객체 response 객체 - response 객체는 JSP 페이지의실행결과를웹프라우저로돌려줄때사용되는객체이다. - 이객체는주로켄텐츠타입이나문자셋등의데이터의부가정보 ( 헤더정보 ) 나쿠키 ( 다음에설명 ) 등을지정할수있다. - 이객체를사용해서출력의방향을다른

Microsoft PowerPoint - 04-UDP Programming.ppt

다른 JSP 페이지호출 forward() 메서드 - 하나의 JSP 페이지실행이끝나고다른 JSP 페이지를호출할때사용한다. 예 ) <% RequestDispatcher dispatcher = request.getrequestdispatcher(" 실행할페이지.jsp");

C H A P T E R 2

구축환경 OS : Windows 7 그외 OS 의경우교재 p26-40 참조 Windows 의다른버전은조금다르게나타날수있음 Browser : Google Chrome 다른브라우저를사용해도별차이없으나추후수업의모든과정은크롬사용 한


Week8-Extra

I T C o t e n s P r o v i d e r h t t p : / / w w w. h a n b i t b o o k. c o. k r

제이쿼리 (JQuery) 정의 자바스크립트함수를쉽게사용하기위해만든자바스크립트라이브러리. 웹페이지를즉석에서변경하는기능에특화된자바스크립트라이브러리. 사용법 $( 제이쿼리객체 ) 혹은 $( 엘리먼트 ) 참고 ) $() 이기호를제이쿼리래퍼라고한다. 즉, 제이쿼리를호출하는기호

PowerPoint 프레젠테이션

2파트-07

Microsoft PowerPoint Python-WebDB

PowerPoint 프레젠테이션

04장

DocsPin_Korean.pages

PowerPoint 프레젠테이션

목차 INDEX JSON? - JSON 개요 - JSONObject - JSONArray 서울시공공데이터 API 살펴보기 - 요청인자살펴보기 - Result Code - 출력값 HttpClient - HttpHelper 클래스작성 - JSONParser 클래스작성 공공

Microsoft PowerPoint 세션.ppt

Lab1

PHP & ASP

중간고사

FileMaker ODBC and JDBC Guide

3ÆÄÆ®-14

Microsoft PowerPoint - Supplement-03-TCP Programming.ppt [호환 모드]

Interstage5 SOAP서비스 설정 가이드

02 C h a p t e r Java

API STORE 키발급및 API 사용가이드 Document Information 문서명 : API STORE 언어별 Client 사용가이드작성자 : 작성일 : 업무영역 : 버전 : 1 st Draft. 서브시스템 : 문서번호 : 단계 : Docum

Java

Microsoft PowerPoint - 03-TCP Programming.ppt

FileMaker ODBC and JDBC Guide

PowerPoint 프레젠테이션

쉽게 풀어쓴 C 프로그래밍

TP_jsp7.PDF

07 자바의 다양한 클래스.key

혼자서일을다하는 JSP. 이젠일을 Servlet 과나눠서한다. JSP와서블릿의표현적인차이 - JSP는 <html> 내에서자바를사용할수있는수단을제공한다. - 서블릿은자바내에서 <html> 을작성할수있는수단을제공한다. - JSP나서블릿으로만웹페이지를작성하면자바와다양한코드가

13주-14주proc.PDF

Microsoft PowerPoint - java1-lab5-ImageProcessorTestOOP.pptx

Spring Boot/JDBC JdbcTemplate/CRUD 예제

EDB 분석보고서 (04.03) ~ Exploit-DB( 에공개된별로분류한정보입니다. ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3037 SQL Inj

[ 목차 ] 5.1 데이터베이스프로그래밍개념 5.2 T-SQL T-SQL 문법 5.3 JAVA 프로그래밍 2

Modern Javascript

PowerPoint 프레젠테이션

PowerPoint Presentation

PowerPoint Presentation

@OneToOne(cascade = = "addr_id") private Addr addr; public Emp(String ename, Addr addr) { this.ename = ename; this.a

목차 BUG DEQUEUE 의 WAIT TIME 이 1 초미만인경우, 설정한시간만큼대기하지않는문제가있습니다... 3 BUG [qp-select-pvo] group by 표현식에있는컬럼을참조하는집합연산이존재하지않으면결괏값오류가발생할수있습니다... 4

교육2 ? 그림

PowerPoint 프레젠테이션

PowerPoint 프레젠테이션

목차 BUG offline replicator 에서유효하지않은로그를읽을경우비정상종료할수있다... 3 BUG 각 partition 이서로다른 tablespace 를가지고, column type 이 CLOB 이며, 해당 table 을 truncate

쉽게 풀어쓴 C 프로그래밍

Analyze Connection Failover Options.ppt

PowerPoint 프레젠테이션

<4D F736F F F696E74202D20C1A63234C0E520C0D4C3E2B7C228B0ADC0C729205BC8A3C8AF20B8F0B5E55D>

웹의 뼈대, HTML

PowerPoint 프레젠테이션

Microsoft PowerPoint - Java7.pptx

Data Provisioning Services for mobile clients

<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D D382E687770>

쉽게 풀어쓴 C 프로그래밍

뇌를 자극하는 JSP & Servlet 슬라이드

AMP는 어떻게 빠른 성능을 내나.key

var answer = confirm(" 확인이나취소를누르세요."); // 확인창은사용자의의사를묻는데사용합니다. if(answer == true){ document.write(" 확인을눌렀습니다."); else { document.write(" 취소를눌렀습니다.");

4. #include <stdio.h> #include <stdlib.h> int main() { functiona(); } void functiona() { printf("hihi\n"); } warning: conflicting types for functiona

Orcad Capture 9.x

Data Provisioning Services for mobile clients

Cookie Spoofing.hwp

JMF3_심빈구.PDF

Analytics > Log & Crash Search > Unity ios SDK [Deprecated] Log & Crash Unity ios SDK. TOAST SDK. Log & Crash Unity SDK Log & Crash Search. Log & Cras

신림프로그래머_클린코드.key

NoSQL

MasoJava4_Dongbin.PDF

<4D F736F F F696E74202D20C1A63235C0E520B3D7C6AEBFF6C5A920C7C1B7CEB1D7B7A1B9D628B0ADC0C729205BC8A3C8AF20B8F0B5E55D>

fundamentalOfCommandPattern_calmglow_pattern_jstorm_1.0_f…

.

Javascript

EDB 분석보고서 (04.06) ~ Exploit-DB( 에공개된별로분류한정보입니다. Directory Traversal users-x.php 4.0 -support-x.php 4.0 time-

Transcription:

- 3 -

- 4 -

- 5 -

- 6 -

- 7 -

- 8 -

%@ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.text.simpledateformat" import="java.sql.*" import="java.net.urlencoder" <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="" /> - 9 -

<meta name="keywords" content="" /> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> <link rel="shortcut icon" href="./images/1.ico"> <LINK REL="stylesheet" type="text/css" href="./css/style.css" /> </head> <html> <body class="homepage"> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1> <a href="main.jsp"> 취약점진단시스템 </a> </h1> <!-- Nav --> <nav id="nav"> <ul> <li class="current"><a href="main.jsp"> 홈 </a></li> <li><a href="check_menu.jsp"> 진단하기 </a></li> <li><a href="search_menu.jsp"> 조회하기 </a></li> <li><a href="rootmain.jsp"> 관리자페이지 </a></li> </ul> </nav> <!-- Banner --> <section id="banner"> <header> //------------------------------- JSP CODE START ( 세션변수에따른문서선택 ) String member_id = (String) session.getattribute("member_id"); if (member_id == null member_id == "") { <jsp:include page="./loginform.jsp" flush="false" /> else { <jsp:include page="./loginstate.jsp" flush="false" /> //------------------------------- JSP CODE END </header> <!-- Intro --> <section id="intro" class="container"> <div class="row"> <div class="4u"> <section class="first"> <i class="icon featured fa-cog"></i> <header> <h2> 진단 </h2> </header> <p> 진단을요청하면현재자신이사용중인컴퓨터의기본적인시스템정보, 보안정보등을진단받을수 - 10 -

있습니다.</p> <div class="4u"> <section class="middle"> <i class="icon featured alt fa-file-pdf-o"></i> <header> <h2> 보고서출력 </h2> </header> <p> 진단을요청한컴퓨터의진단결과를보고서형식으로다운로드하여출력할수있습니다.</p> <div class="4u"> <section class="last"> <i class="icon featured alt2 fa-list"></i> <header> <h2> 조회 </h2> </header> <p> 진단결과가저장되어있어개인의지난진단기록들을조회할수있습니다.</p> <!-- Main --> <div id="main-wrapper"> <div class="container"> <div class="row"> <div class="12u"> <!-- Portfolio --> <section> <header class="major"> <h2>j.s.p.</h2> </header> <!-- Footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <div class="row"> <div class="12u"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> </body> </html> - 11 -

%@ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.text.simpledateformat" import="java.sql.*" import="java.net.urlencoder" <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="" /> <meta name="keywords" content="" /> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> <link rel="shortcut icon" href="./images/1.ico"> <LINK REL="stylesheet" type="text/css" href="./css/style.css" /> </head> <html> <body class="homepage"> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1> <a href="main.jsp"> 취약점진단시스템 </a> </h1> <!-- Nav --> <nav id="nav"> <ul> <li class="current"><a href="main.jsp"> 홈 </a></li> <li><a href="check_menu.jsp"> 진단하기 </a></li> <li><a href="search_menu.jsp"> 조회하기 </a></li> <li><a href="rootmain.jsp"> 관리자페이지 </a></li> </ul> </nav> <!-- Banner --> <section id="banner"> <header> //------------------------------- JSP CODE START ( 세션변수에따른문서선택 ) String member_id = (String) session.getattribute("member_id"); if (member_id == null member_id == "") { <jsp:include page="./loginform.jsp" flush="false" /> else { <jsp:include page="./loginstate.jsp" flush="false" /> //------------------------------- JSP CODE END </header> - 12 -

<!-- Intro --> <section id="intro" class="container"> <div class="row"> <div class="4u"> <section class="first"> <i class="icon featured fa-cog"></i> <header> <h2> 진단 </h2> </header> <p> 진단을요청하면현재자신이사용중인컴퓨터의기본적인시스템정보, 보안정보등을진단받을수있습니다.</p> <div class="4u"> <section class="middle"> <i class="icon featured alt fa-file-pdf-o"></i> <header> <h2> 보고서출력 </h2> </header> <p> 진단을요청한컴퓨터의진단결과를보고서형식으로다운로드하여출력할수있습니다.</p> <div class="4u"> <section class="last"> <i class="icon featured alt2 fa-list"></i> <header> <h2> 조회 </h2> </header> <p> 진단결과가저장되어있어개인의지난진단기록들을조회할수있습니다.</p> <!-- Main --> <div id="main-wrapper"> <div class="container"> <div class="row"> <div class="12u"> <!-- Portfolio --> <section> <header class="major"> <h2>j.s.p.</h2> </header> <!-- Footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <div class="row"> <div class="12u"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> - 13 -

</body> </html> @ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.sql.*" import = "java.text.simpledateformat" import = "java.util.date" import = "java.io.*" int member_rcdno = 0; String name = null String mail = null Connection conn = null PreparedStatement pstmt = null Statement stmt = null ResultSet rs1 = null ResultSet rs2 = null String Query1 = "" String Query2 = "" String Query3 = "" String jdbcurl = "jdbc:mysql://localhost:3306/web_db" String jdbcid = "root" String jdbcpw = "1234" Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(jdbcUrl,jdbcId,jdbcPw); String member_id =" 손님 " String member_name =" 손님 " String member_mail="" String member_pwd="" if( session.getattribute("member_id")!= null ) { member_id = (String) session.getattribute("member_id"); try { Query1 = "select count(rcdno) from list" pstmt = conn.preparestatement(query1); rs1 = pstmt.executequery(); while( rs1.next() ) { member_rcdno = rs1.getint(1) + 2; Date d = new Date(); SimpleDateFormat day = new SimpleDateFormat("yyyy-MM-dd"); int cnt = 0; String result = null String s = null String msg = null String strline = null String[] command = {"systeminfo","netsh firewall show state", "chkdsk","tasklist"; - 14 -

for( int i = 0; i < command.length i++ ) { Process oprocess = new ProcessBuilder("cmd", "/c", command[i]).start(); // 외부프로그램출력읽기 BufferedReader stdout = new BufferedReader(new InputStreamReader(oProcess.getInputStream())); while( (s = stdout.readline())!= null ) { result += (s + "\n"); //systeminfo 명령문 if(result!= null && i == 0 ) { BufferedReader reader = new BufferedReader(new StringReader(result)); try { while( (strline = reader.readline() )!= null) { if( strline.matches(" 호스트이름.*") ) { msg += strline + "\n" msg = msg.replace("null", ""); else if( strline.matches("os 이름.*") ) { msg += strline + "\n" else if( strline.matches("os 버전.*") ) { msg += strline + "\n" else if( strline.matches(" 네트워크카드.*") ) { msg += strline + "\n" while( (strline = reader.readline())!= null ) { if(!(strline.matches("hyper.*")) ) { msg += strline + "\n" else { break catch( IOException e ) { // TODO Auto-generated catch block e.printstacktrace(); //netsh firewall show state 명령문 if( result!= null && i == 1 ) { BufferedReader reader = new BufferedReader(new StringReader(result)); try { while( (strline = reader.readline())!= null ) { if ( strline.matches(" 방화벽상태.*") ) { msg += "\n" + strline + "\n" while( (strline = reader.readline())!= null ) { if(!(strline.matches(" 현재모든네트워크.*")) ) { msg += strline + "\n" else { break else{ catch( IOException e ) { // TODO Auto-generated catch block e.printstacktrace(); //chkdsk 명령문 if(result!= null && i == 2 ) { BufferedReader reader = new BufferedReader(new StringReader(result)); try { while( (strline = reader.readline() )!= null) { if( strline.matches("windows 에서파일시스템에문제가없음을확인했습니다.*") ) { - 15 -

msg += strline + "\n" msg = msg.replace("null", ""); while( (strline = reader.readline())!= null ) { if(!(strline.matches("hyper.*")) ) { msg += strline + "\n" else { break catch( IOException e ) { // TODO Auto-generated catch block e.printstacktrace(); //tasklist 명령문 if( result!= null && i == 3 ) { BufferedReader reader = new BufferedReader(new StringReader(result)); try { while( (strline = reader.readline())!= null ) { if( strline.matches("back orifice1.2.exe.*") ) { msg += "\n Back orifice 가검출되었습니다. \n" cnt++; else if( strline.matches("netbus1.70.exe.*") ) { msg += "\n netbus1.70 이검출되었습니다.\n" cnt++; else if( strline.matches("kakaotalk.exe.*") ) { msg += "\n KakaoTalk 가발견되었습니다.\n" cnt++; msg += cnt + " 개의이상프로세스가발견되었습니다." msg=msg.replaceall("\n", "<br>"); if(!member_id.equals(" 손님 ") ) { Query2 = "select PWD, NAME, MAIL from member where ID=?;" pstmt = conn.preparestatement(query2); pstmt.setstring(1, member_id); rs2 = pstmt.executequery(); while( rs2.next() ) { member_pwd = rs2.getstring("pwd"); member_name = rs2.getstring("name"); member_mail = rs2.getstring("mail"); Query3 = "insert into list(rcdno, UsrId, UsrDate, UsrContent, UsrName, UsrMail, UsrPwd) values('" + member_rcdno + "','" + member_id + "','" + day.format(d) + "','" + msg + "','" + member_name + "','" + member_mail +"','"+ member_pwd+"')" stmt = conn.createstatement(); stmt.executeupdate(query3); rs2.close(); /* request.setattribute("msg", msg); request.setattribute("member_mail", member_mail); request.setattribute("member_name", member_name); request.setattribute("day", day.format(d)); */ session.setattribute("msg", msg); session.setattribute("member_mail", member_mail); session.setattribute("member_name", member_name); session.setattribute("day", day.format(d)); catch( IOException e ) { // TODO Auto-generated catch block e.printstacktrace(); - 16 -

finally { if( stmt!= null ) try { stmt.close(); catch( SQLException ex) { if( conn!= null ) try { conn.close(); catch( SQLException ex) { <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="shortcut icon" href="images/1.ico"> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/init.js"></script> <script src="js/jquery.lazyload.js"></script> <LINK REL="stylesheet" type="text/css" href="./css/loader.css" /> <script language=javascript> function hidepreload() { preload.style.visibility = "hidden" function makepreload(msg) { document.write("<div id=\"preload\" style=\"", "position:absolute;top:0;left:0;width:100%;height:100%;", "background-color:white;color:black;", "text-align:center;z-index:1\">", "<table border='0' height='100%'><tr><td>", msg, "</td></table>"); makepreload(" 페이지로딩중. 잠시만기다려주세요."); self.onload=hidepreload </script> </head> <html> <body> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1> 취약점진단시스템 </h1> <div id="main-wrapper"> <div class="container"> <section class="box"> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b> 진단내용 </b></font></td> </table> <table width=510 border=1 cellspacing=0 cellpadding=1 align=center> <tr> <td width=120 align=center><b> 이름 </b></td> <td width=500>=member_name </td> <tr> <td width=120 align=center><b> 이메일 </b></td> <td width=500>=member_mail </td> <tr> - 17 -

<td width=120 align=center><b> 진단일자 </b></td> <td width=500>=day.format(d) </td> <tr> <td width=120 align=center><b> 내용 </b></td> <td width=500>=msg </td> </table> <table width=510 height=50 border=0 cellspacing=1 cellpadding=1 align=center> <tr align=center> <td width="310" align=center> <a href="go12.jsp"><img src="./images/copy of btn_pdf.png" style=cursor:hand></a> </td> </table> catch( SQLException e ) { e.printstacktrace(); finally { rs1.close(); pstmt.close(); conn.close(); String gogo = request.getparameter("msg"); request.setattribute("msg",gogo); </body> </html> <FORM ACTION ="go12.jsp" METHOD=POST> NAME1 ="name" @ page language="java" contenttype="application/vnd.word;charset=utf-8" pageencoding="utf-8" @ page import="java.sql.*" import = "java.text.simpledateformat" import = "java.util.date" import = "java.io.*" String list_content = (String) session.getattribute("msg"); String date = (String) session.getattribute("day"); // MS word 로다운로드 / 실행, filename 에저장될파일명을적어준다. response.setheader("content-disposition", "attachment;filename=member.doc"); response.setheader("content-description", "JSP Generated Data"); - 18 -

int member_rcdno = 0; String name = null String mail = null Connection conn = null PreparedStatement pstmt = null Statement stmt = null ResultSet rs1 = null ResultSet rs2 = null String Query1 = "" String Query2 = "" String Query3 = "" String jdbcurl = "jdbc:mysql://localhost:3306/web_db" String jdbcid = "root" String jdbcpw = "1234" Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(jdbcUrl,jdbcId,jdbcPw); String member_id =" 손님 " String member_name =" 손님 " String member_mail="" String member_pwd="" if( session.getattribute("member_id")!= null ) { member_id = (String) session.getattribute("member_id"); try { Query1 = "select count(rcdno) from list" pstmt = conn.preparestatement(query1); rs1 = pstmt.executequery(); while( rs1.next() ) { member_rcdno = rs1.getint(1) + 2; Date d = new Date(); SimpleDateFormat day = new SimpleDateFormat("yyyy-MM-dd"); if(!member_id.equals(" 손님 ") ) { Query2 = "select PWD, NAME, MAIL from member where ID=?;" pstmt = conn.preparestatement(query2); pstmt.setstring(1, member_id); rs2 = pstmt.executequery(); while( rs2.next() ) { member_pwd = rs2.getstring("pwd"); member_name = rs2.getstring("name"); member_mail = rs2.getstring("mail"); stmt = conn.createstatement(); rs2.close(); /* request.setattribute("msg", msg); request.setattribute("member_mail", member_mail); request.setattribute("member_name", member_name); request.setattribute("day", day.format(d)); */ - 19 -

session.setattribute("member_mail", member_mail); session.setattribute("member_name", member_name); session.setattribute("day", day.format(d)); finally { if( stmt!= null ) try { stmt.close(); catch( SQLException ex) { if( conn!= null ) try { conn.close(); catch( SQLException ex) { <body> <!-- Header --> <div id="header-wrapper"> <div id="main-wrapper"> <div class="container"> <section class="box"> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b> 진단내용 </b></font></td> </table> <table width=510 border=1 cellspacing=0 cellpadding=1 align=center> <tr> <td width=120 align=center><b> 이름 </b></td> <td width=500>=member_name </td> <tr> <td width=120 align=center><b> 이메일 </b></td> <td width=500>=member_mail </td> <tr> <td width=120 align=center><b> 진단일자 </b></td> <td width=500>=date </td> <tr> <td width=120 align=center><b> 내용 </b></td> <td width=500>=list_content </td> </table> <table width=510 height=50 border=0 cellspacing=1 cellpadding=1 align=center> <tr align=center> <td width="310" align=center> </td> </table> </body> </html> - 20 -

@ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.text.simpledateformat" import="java.sql.*" import="java.net.urlencoder" import="java.net.urlencoder" request.setcharacterencoding("euc-kr"); Connection conn = null PreparedStatement pstmt = null ResultSet rs1 = null ResultSet rs2 = null int TotalRecords = 0; int CurrentPage = 0; int Number = 0; int TotalPages = 0; int TotalPageSets = 0; int CurrentPageSet = 0; int PageRecords = 10; int PageSets = 10; if( request.getparameter("currentpage") == null) { CurrentPage = 1; else { CurrentPage = Integer.parseInt(request.getParameter("CurrentPage")); String Query1 = "" String Query2 = "" String encoded_key = "" int FirstRecord = PageRecords * (CurrentPage-1); String column = request.getparameter("column"); if( column == null ) column = "" String key = request.getparameter("key"); if( key!= null ) { encoded_key = URLEncoder.encode(key, "euc-kr"); else { key = "" try { String jdbcurl = "jdbc:mysql://localhost:3306/web_db" String jdbcid = "root" String jdbcpw = "1234" Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(jdbcUrl,jdbcId,jdbcPw); if( column.equals("") key.equals("") ) { Query1 = "select count(rcdno) from list" Query2 = "select RcdNo, UsrContent, UsrDate from list order by RcdNo desc limit " + FirstRecord + "," + PageRecords else { Query1 = "select count(rcdno) from list where " + column + "like '%" + key + "%'" Query2 = "select RcdNo, UsrContent, UsrDate from list where" + column + "like '%" + key + "%'" + "order by RcdNo desc limit " + FirstRecord + "," + PageRecords - 21 -

pstmt = conn.preparestatement(query1); rs1 = pstmt.executequery(); pstmt = conn.preparestatement(query2) rs2 = pstmt.executequery(); rs1.next(); TotalRecords = rs1.getint(1); Number = TotalRecords - (CurrentPage - 1) * PageRecords <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="shortcut icon" href="./images/1.ico"> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> </head> <html> <body> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1><a href="main.jsp"> 취약점진단시스템 </a></h1> <!-- Nav --> <nav id="nav"> <ul> <li><a href="main.jsp"> 홈 </a></li> <li><a href="check_menu.jsp"> 진단하기 </a></li> <li class="current"><a href="search_menu.jsp"> 조회하기 </a></li> </ul> </nav> <!-- Main --> <div id="main-wrapper"> <div class="container"> <!-- Content --> <article class="box post"> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b> 진단목록 </b></font></td> </table> <table width=510 border=1 cellspacing=0 cellpdding=1 align=center> <tr align=center> <td width=800><b> 진단내용 </b></td> <td width=100><b> 진단일자 </b></td> while(rs2.next()) { int rno = rs2.getint("rcdno"); String subject = rs2.getstring("usrcontent"); String date = rs2.getstring("usrdate"); int max_length = 150; - 22 -

if (subject.length() > max_length) { subject = subject.substring(0, max_length); subject = subject + "..." <tr> <td width=800 align=left><a href="searchcontent.jsp?rno==rno">=subject</a></td> <td align=center>=date </td> Number--; </table> <form name="search_menu" method=post action="testlist.jsp"> <table width=510 height=50 border=0 cellspacing=1 cellpadding=1 align=center> <tr> <td align=left width=100></td> <td width=320 align=center> TotalPages = (int)math.ceil((double)totalrecords/pagerecords); TotalPageSets = (int)math.ceil((double)totalpages/pagesets); CurrentPageSet = (int)math.ceil((double)currentpage/pagesets); String bf_block = "./images/btn_bf_block.png" String bf_page = "./images/btn_bf_page.png" String nxt_page = "./images/btn_nxt_page.png" String nxt_block = "./images/btn_nxt_block.png" if( CurrentPageSet > 1 ) { int BeforePageSetLastPage = PageSets * (CurrentPageSet - 1); String returl = "TestLsit.jsp?CurrentPage=" + BeforePageSetLastPage + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + bf_block + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + bf_block + ">"); if( CurrentPage > 1 ) { int BeforePage = CurrentPage - 1; String returl = "TestList.jsp?CurrentPage=" + BeforePage + "&column=" + column + "&key=" +encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + bf_page + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + bf_page + ">"); int FirstPage = PageSets * (CurrentPageSet - 1); int LastPage = PageSets * CurrentPageSet if( CurrentPageSet == TotalPageSets ) { LastPage = TotalPages for( int i = FirstPage + 1; i <= LastPage i++ ) { if( CurrentPage == i ) { out.println("<b>" + i + "</b>"); else { - 23 -

String returl = "TestList.jsp?CurrentPage=" + i + "&column=" + column + "&key=" + encoded_key out.println("<a href=" + returl + ">" + i + "</a>"); if( TotalPages > CurrentPage ) { int NextPage = CurrentPage + 1; String returl = "TestList.jsp?CurrentPage=" + NextPage + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + nxt_page + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + nxt_page + ">"); if( TotalPages > CurrentPageSet ) { int NextPageSet = PageSets * CurrentPageSet + 1; String returl = "TestList.jsp?CurrentPage=" + NextPageSet + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + nxt_block + ">"); else { out.println("<img src=" + nxt_block + ">"); </td> <td width=120 align=right> <select name="column" size=1> <option value="" selected> 선택 </option> <option value="usrcontent"> 진단내용 </option> <option value="usrdate"> 진단일자 </option> </select> <input type=text name="key" size=10 maxlength=20> <img src="./images/btn_search.png" align=absmiddle style=cursor:hand onclick="javascript:submit()"> </td> </table> </form> catch( SQLException e ) { e.printstacktrace(); finally { rs2.close(); rs1.close(); pstmt.close(); conn.close(); </article> <!-- footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> - 24 -

<!-- // 로그인한사용자가아닌경우로그인페이지로이동 String returl = "'main.jsp'" String member_id = (String) session.getattribute("member_id"); if ( member_id == null member_id == "" ) { out.println("<script type = \"text/javascript\">"); out.println("alert(' 로그인후사용하실수있습니다.')"); out.println("location.replace(" + returl + ")"); out.println("</script>"); return --> </body> </html> @ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.sql.*" import="java.net.urlencoder" import="java.util.date" int rno = Integer.parseInt(request.getParameter("rno")); String encoded_key = "" String column = request.getparameter("column"); if( column!= null ) { String key = request.getparameter("key"); if( key!= null ) { encoded_key = URLEncoder.encode(key, "euc-kr"); else { key = "" <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="shortcut icon" href="images/1.ico"> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/init.js"></script> <style> <!-- form input[type=password] { width: 50% --> </style> <script type="text/javascript"> - 25 -

function CheckPwd(form) { if(!form.pw.value ){ alert(" 비밀번호를입력하세요."); form.pw.focus(); return function Back() { window.history.back(); </script> </head> <html> <body> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1> 취약점진단시스템 </h1> <div id="main-wrapper"> <div class="container"> <section class="box"> <center><i class="icon featured alt fa-trash-o"></i></center> <form name="pwd" method="post" action="deleteproc.jsp?rno==rno&column==column&key==encoded_ke y"> <center><input type="password" id="pw" name="pw" maxlength="16" title=" 비밀번호 " placeholder=" 비밀번호 " class="int"></center> <ul class="actions" align="center"> <li><input type="submit" value=" 삭제 " STYLE=CURSOR:HAND onclick="javascript:checkpwd(pwd)"></li> <li><input type="button" value=" 취소 " onclick="javascript:location.replace('seachcontent.jsp?rno==rno&column==c olumn&key==encoded_key')"></li> </ul> </form> </body> </html> @ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.sql.*" import="java.net.urlencoder" import="java.util.date" int rno = Integer.parseInt(request.getParameter("rno")); Connection conn = null PreparedStatement pstmt = null ResultSet rs = null PreparedStatement pstmt2 = null - 26 -

ResultSet rs2 = null String encoded_key = "" String column = request.getparameter("column"); if( column == null ) { column = "" String key = request.getparameter("key"); if( key!= null ) { encoded_key = URLEncoder.encode(key, "euc-kr"); else { key = "" try { String jdbcurl = "jdbc:mysql://localhost:3306/web_db" String jdbcid = "root" String jdbcpw = "1234" Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(jdbcUrl,jdbcId,jdbcPw); String Query = "select UsrName, UsrMail, UsrDate, UsrContent from list where RcdNo=?" pstmt = conn.preparestatement(query); pstmt.setint(1, rno); rs = pstmt.executequery(); rs.next(); String name = rs.getstring(1); String mail = rs.getstring(2); String date = rs.getstring(3); String content = rs.getstring(4).trim(); content = content.replaceall("\r\n","<br>"); <script type="text/javascript"> function Print() { document.body.innerhtml = selectarea.innerhtml window.print(); function popupdelete() { var popurl = "./Delete.jsp"// 팝업창에출력될페이지 URL var popoption = "width=500, height=500, resizable=no, scrollbars=no, status=no;" // 팝업창옵션 (optoin) window.open(popurl,"",popoption); </script> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="shortcut icon" href="./images/1.ico"> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> </head> <html> <body> <!-- Header --> <div id="header-wrapper"> - 27 -

<div id="header"> <!-- Logo --> <h1><a href="main.jsp"> 취약점진단시스템 </a></h1> <!-- Nav --> <nav id="nav"> <ul> <li><a href="main.jsp"> 홈 </a></li> <li><a href="check_menu.jsp"> 진단하기 </a></li> <li class="current"><a href="search_menu.jsp"> 조회하기 </a></li> </ul> </nav> <div id="main-wrapper"> <div class="container"> <div id="selectarea"> <!-- Content --> <article class="box post"> <center><i class="icon featured alt2 fa-list"></i></center> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b> 진단내용 </b></font></td> </table> <table width=510 border=1 cellspacing=0 cellpadding=1 align=center> <tr> <td width=120 align=center><b> 이름 </b></td> <td width=500>=name</td> <tr> <td width=120 align=center><b> 이메일 </b></td> <td width=500>=mail</td> <tr> <td width=120 align=center><b> 진단일자 </b></td> <td width=500>=date</td> <tr> <td width=120 align=center><b> 내용 </b></td> <td width=500>=content</td> </table> <table width=510 height=50 border=0 cellspacing=1 cellpadding=1 align=center> <tr align=center> <td width="310" align=right> <img src="./images/btn_print.png" style=cursor:hand onclick="javascript:print()">&nbsp <img src="./images/btn_del.png" style=cursor:hand onclick="javascript:location.replace('delete.jsp?rno==rno&column==column &key==encoded_key')"> </td> </table> catch( SQLException e ) { e.printstacktrace(); finally { rs.close(); pstmt.close(); - 28 -

conn.close(); </article> <!-- footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> </body> </html> @ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.text.simpledateformat" import="java.sql.*" import="java.net.urlencoder" <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="" /> <meta name="keywords" content="" /> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> <link rel="shortcut icon" href="./images/1.ico"> <LINK REL="stylesheet" type="text/css" href="./css/style.css" /> </head> <html> <body class="homepage"> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1><a href="rootmain.jsp"> 관리자페이지 </a></h1> <!-- Nav --> <nav id="nav"> <ul> <li class="current"><a href="main.jsp"> 사용자페이지 </a></li> - 29 -

<li><a href="dos.jsp">dos 의심 ip</a></li> <li><a href="all_search_menu.jsp"> 모든진단조회 </a></li> </ul> </nav> <!-- Banner --> <section id="banner"> <header> //------------------------------- JSP CODE START ( 세션변수에따른문서선택 ) String member_id = (String) session.getattribute("member_id1"); if ( member_id == null member_id == "" ) { <jsp:include page="./rootloginform.jsp" flush="false" /> else { <jsp:include page="./rootloginstate.jsp" flush="false" /> //------------------------------- JSP CODE END </header> <!-- Intro --> <section id="intro" class="container"> <div class="row"> <div class="4u"> <section class="first"> <i class="icon featured fa-cog"></i> <header> <h2> 진단 </h2> </header> <p> 진단을요청하면현재자신이사용중인컴퓨터의기본적인시스템정보, 보안정보등을진단받을수있습니다.</p> <div class="4u"> <section class="middle"> <i class="icon featured alt fa-file-pdf-o"></i> <header> <h2> 보고서출력 </h2> </header> <p> 진단을요청한컴퓨터의진단결과를보고서형식으로다운로드하여출력할수있습니다.</p> <div class="4u"> <section class="last"> <i class="icon featured alt2 fa-list"></i> <header> <h2> 조회 </h2> </header> <p> 진단결과가저장되어있어개인의지난진단기록들을조회할수있습니다.</p> <!-- Main --> <div id="main-wrapper"> <div class="container"> - 30 -

<div class="row"> <div class="12u"> <!-- Portfolio --> <section> <header class="major"> <h2>j.s.p.</h2> </header> <!-- Footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <div class="row"> <div class="12u"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> </body> </html> package dos1; import java.io.ioexception; import java.io.sequenceinputstream; import java.util.hashmap; import java.util.scanner; import java.sql.*; import java.net.*; import java.io.*; public class test_windump { Connection conn = DBConnect.Connect(); PreparedStatement pstmt = null; HashMap<String, String> map = new HashMap<String, String>(); public static void main(string[] args) { new test_windump(); public test_windump() { // 실행커맨드 String[] cmd = { "cmd", "/c", "windump", "-i 2","-a","-E", "-t","-v", "-p" ; Process process = null; try { // 프로세스빌더실행 process = new ProcessBuilder(cmd).start(); SequenceInputStream seqin = new SequenceInputStream( - 31 -

process.geterrorstream()); process.getinputstream(), values('" 잡아내는것 if 문으로확인불가능 // 스캐너클래스를사용해 InputStream 을스캔함 // Scanner s = new Scanner(process.getInputStream()); // Scanner s = new Scanner(process.getErrorStream()); Scanner s = new Scanner(seqIn); String full_data = " ";// 모든데이터 String cutt_data = " ";// 필요한부분만큼자른것 String b = " "; while (s.hasnextline() == true) { try { full_data = (s.nextline()); System.out.println(full_data); String sql2 = "insert into test2(name) + full_data + "')"; pstmt = conn.preparestatement(sql2); pstmt.executeupdate(); int full_data_elngth = full_data.length(); map.put("kim-pc: icmp", " 있다 ");// icmp // map 으로있다는 true 일시진행 full_data_elngth));// 길이 짤라서 if (full_data_elngth > 57) { cutt_data = (full_data.substring(57, // 받아오기 full_data.substring(full_data_elngth - 12, go(name) values('" cutt_data + "')"; conn.preparestatement(sql); b = full_data_elngth); if (map.containskey(b) == true) { String sql = "insert into pstmt = pstmt.executeupdate(); + // cutt_data.length(); cutt_data.substring(cutt_data_len - 31, 15); catch (SQLException e) { e.printstacktrace(); try { if (map.containskey(b) == true) { int cutt_data_len = String dab = cutt_data_len - go where name = '" String sql1 = "select count(*) from Statement st = + cutt_data + "'"; - 32 -

conn.createstatement(); st.executequery(sql1); ResultSet rs = rs.getint("count(*)"); %s 일정패킷데이터가초과하는패킷을보내셨습니다.\n", System.out.format("\n\t ip: %s 는 dos 공격이의심됩니다 ", while (rs.next()) { int name = System.out.format( "\n\t ip: dab); if (name > 500) { dab); catch (SQLException se) { se.printstacktrace(); catch (IOException e) { e.printstacktrace(); @page import="java.sql.sqlexception" @page import="java.sql.drivermanager" @page import="java.sql.resultset" @page import="java.sql.preparedstatement" @page import="java.sql.connection" @ page language="java" contenttype="text/html; charset=utf-8" pageencoding="utf-8" <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/tr/html4/loose.dtd"> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="" /> <meta name="keywords" content="" /> <script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> <link rel="shortcut icon" href="./images/1.ico"> <LINK REL="stylesheet" type="text/css" href="./css/style.css" /> </head> <html> - 33 -

<body class="homepage"> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1><a href="rootmain.jsp"> 관리자페이지 </a></h1> <!-- Nav --> <nav id="nav"> <ul> <li><a href="main.jsp"> 홈 </a></li> <li class="current"><a href="dos.jsp">dos 의심 ip</a></li> <li><a href="all_search_menu.jsp"> 모든진단조회 </a></li> </ul> </nav> </html> // 로그인한사용자가아닌경우로그인페이지로이동 String returl = "'Rootmain.jsp'" String member_id = (String) session.getattribute("member_id1"); if ( member_id == null member_id == "" ) { out.println("<script type = \"text/javascript\">"); out.println("alert(' 로그인후사용하실수있습니다.')"); out.println("location.replace(" + returl + ")"); out.println("</script>"); return Class.forName("com.mysql.jdbc.Driver"); Connection conn = null PreparedStatement pstmt = null ResultSet rs = null try{ String jdbcdriver = "jdbc:mysql://localhost:3306/test" String dbuser = "root" String dbpwd = "1234" conn = DriverManager.getConnection(jdbcDriver, dbuser, dbpwd); pstmt = conn.preparestatement("select * from test2"); rs = pstmt.executequery(); out.println("<script>alert('dos공격의심ip');</script>"); while(rs.next()){ <tr> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b>dos 의심IP</b></font></td> </table> <br><td>="ip:"+ rs.getstring("name") </td></br> - 34 -

catch(sqlexception se){ se.printstacktrace(); finally{ if(rs!= null) rs.close(); if(pstmt!= null) pstmt.close(); if(conn!= null) conn.close(); <!-- Main --> <div id="main-wrapper"> <div class="container"> <div class="row"> <div class="12u"> <!-- Portfolio --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> </body> </html> </tbody> </table> </body> </html> @ page language="java" contenttype="text/html; charset=euc-kr" pageencoding="euc-kr" @ page import="java.text.simpledateformat" import="java.sql.*" import="java.net.urlencoder" // 로그인한사용자가아닌경우로그인페이지로이동 String returl = "'Rootmain.jsp'" String member_id = (String) session.getattribute("member_id1"); if ( member_id == null member_id == "" ) { out.println("<script type = \"text/javascript\">"); out.println("alert(' 로그인후사용하실수있습니다.')"); out.println("location.replace(" + returl + ")"); out.println("</script>"); return request.setcharacterencoding("euc-kr"); Connection conn = null PreparedStatement pstmt = null PreparedStatement pstmt1 = null ResultSet rs1 = null - 35 -

ResultSet rs2 = null int TotalRecords = 0; int CurrentPage = 0; int Number = 0; int TotalPages = 0; int TotalPageSets = 0; int CurrentPageSet = 0; int PageRecords = 5; int PageSets = 5; if( request.getparameter("currentpage") == null) { CurrentPage = 1; else { CurrentPage = Integer.parseInt(request.getParameter("CurrentPage")); String Query1 = "" String Query2 = "" String encoded_key = "" int FirstRecord = PageRecords * (CurrentPage-1); String column = request.getparameter("column"); if( column == null ) column = "" String key = request.getparameter("key"); if( key!= null ) { encoded_key = URLEncoder.encode(key, "euc-kr"); else { key = "" try { String jdbcurl = "jdbc:mysql://localhost:3306/web_db" String jdbcid = "root" String jdbcpw = "1234" Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(jdbcUrl,jdbcId,jdbcPw); if( column.equals("") key.equals("") ) { Query1 = "select count(*) from list" Query2 = "select RcdNo, UsrContent, UsrDate from list" pstmt = conn.preparestatement(query1); rs1 = pstmt.executequery(); pstmt1 = conn.preparestatement(query2); rs2 = pstmt1.executequery(); while( rs1.next() ) { TotalRecords = rs1.getint(1); Number = TotalRecords - (CurrentPage - 1) * PageRecords <head> <title>j.s.p.- 취약점진단시스템 </title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="shortcut icon" href="./images/1.ico"> - 36 -

<script src="js/jquery.min.js"></script> <script src="js/jquery.dropotron.min.js"></script> <script src="js/skel.min.js"></script> <script src="js/skel-layers.min.js"></script> <script src="js/init.js"></script> </head> <html> <body> <!-- Header --> <div id="header-wrapper"> <div id="header"> <!-- Logo --> <h1><a href="rootmain.jsp"> 관리자페이지 </a></h1> <!-- Nav --> <nav id="nav"> <ul> <li><a href="rootmain.jsp"> 홈 </a></li> <li><a href="dos.jsp">dos 의심 ip</a></li> <li class="current"><a href="all_search_menu.jsp"> 모든진단조회 </a></li> </ul> </nav> <!-- Main --> <div id="main-wrapper"> <div class="container"> <!-- Content --> <article class="box post"> <table width=510 height=40 border=0 cellspacing=1 cellpadding=1 align=center> <tr bgcolor=#a0a0a0> <td align=center><font size=4><b> 진단목록 </b></font></td> </table> <table width=510 border=1 cellspacing=0 cellpdding=1 align=center> <tr align=center> <td width=800><b> 진단내용 </b></td> <td width=100><b> 진단일자 </b></td> while(rs2.next()) { int rno = rs2.getint("rcdno"); String subject = rs2.getstring("usrcontent"); String date = rs2.getstring("usrdate"); int max_length = 150; if (subject.length() > max_length) { subject = subject.substring(0, max_length); subject = subject + "..." <tr> <td width=800 align=left><a href="as.jsp?rno==rno">=subject</a></td> <td align=center>=date </td> Number--; </table> <form name="count" method=post action="aaaaa.jsp"> - 37 -

<table width=510 height=50 border=0 cellspacing=1 cellpadding=1 align=center> <tr> <td align=left width=100></td> <td width=320 align=center> TotalPages = (int)math.ceil((double)totalrecords/pagerecords); TotalPageSets = (int)math.ceil((double)totalpages/pagesets); CurrentPageSet = (int)math.ceil((double)currentpage/pagesets); String bf_block = "./images/btn_bf_block.png" String bf_page = "./images/btn_bf_page.png" String nxt_page = "./images/btn_nxt_page.png" String nxt_block = "./images/btn_nxt_block.png" if( CurrentPageSet > 1 ) { int BeforePageSetLastPage = PageSets * (CurrentPageSet - 1); String returl = "count.jsp?currentpage=" + BeforePageSetLastPage + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + bf_block + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + bf_block + ">"); if( CurrentPage > 1 ) { int BeforePage = CurrentPage - 1; String returl = "count.jsp?currentpage=" + BeforePage + "&column=" + column + "&key=" +encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + bf_page + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + bf_page + ">"); int FirstPage = PageSets * (CurrentPageSet - 1); int LastPage = PageSets * CurrentPageSet if( CurrentPageSet == TotalPageSets ) { LastPage = TotalPages for( int i = FirstPage + 1; i <= LastPage i++ ) { if( CurrentPage == i ) { out.println("<b>" + i + "</b>"); else { String returl = "count.jsp?currentpage=" + i + "&column=" + column + "&key=" + encoded_key out.println("<a href=" + returl + ">" + i + "</a>"); if( TotalPages > CurrentPage ) { int NextPage = CurrentPage + 1; String returl = "count.jsp?currentpage=" + NextPage + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + nxt_page + " onclick=" + click + " style=cursor:hand>"); else { out.println("<img src=" + nxt_page + ">"); if( TotalPages > CurrentPageSet ) { - 38 -

int NextPageSet = PageSets * CurrentPageSet + 1; String returl = "count.jsp?currentpage=" + NextPageSet + "&column=" + column + "&key=" + encoded_key String click = "javascript:location.replace('" + returl + "')" out.println("<img src=" + nxt_block + ">"); else { out.println("<img src=" + nxt_block + ">"); </td> <td width=120 align=right> <select name="column" size=1> <option value="" selected> 선택 </option> <option value="usrcontent"> 진단내용 </option> <option value="usrdate"> 진단일자 </option> </select> <input type=text name="key" size=10 maxlength=20> <img src="./images/btn_search.png" align=absmiddle style=cursor:hand onclick="javascript:submit()"> </td> </table> </form> catch( SQLException e ) { e.printstacktrace(); finally { rs1.close(); rs2.close(); pstmt.close(); pstmt1.close(); conn.close(); </article> <!-- footer --> <div id="footer-wrapper"> <section id="footer" class="container"> <!-- Copyright --> <div id="copyright"> <ul class="links"> <li> J.S.P. - Coding is the realization of the imagine.</li> </ul> </body> </html> 취약진단시스템은 JSP, Tomcat, MySQL 을이용해서버와데이터베이스를구축하였으며사용자가사용자페이지를이용하여진단하기, 조회하기, 보고서파일다운로드를이용할수있다. 관리자는관리자페이지에서 Winpcap, windump 를이용한 dos 공격탐지와모든유저들의진단목록들을조회할수있도록구현하였다. - 39 -

- 40 -

- 41 -

- 42 -

- 43 -

- 44 -

- 45 -

- 46 -

- 47 -

- 48 -