 |
|
|
|
|
Á¦·Îº¸µå º¸¾È ÆÐÄ¡Çϼ¼¿ë.. |
|
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030224.html
¿µ¹® ¹®¼À» ÂüÁ¶Çϼ¼¿ä..
ÇöÁ¦ http://www.nzeo.com/¿¡ ÆÐÄ¡µÈ ÆÄÀÏÀÌ ¿Ã¶ó¿ÍÀÖ½À´Ï´Ù.
--------------------phpschool¿¡ ¿Ã¶ó¿Â ±Û -------------------------------
±Û¾´ÀÌ:ibin Á¦·Îº¸µå 4.1 º¸¾È¹ö±× ÆÐÄ¡½ºÅ©¸³Æ®(¼¹ö°ü¸®ÀÚ¿ë) Á¶È¸¼ö:2096
ibin
http://www.nzeo.com
ÇöÀç Á¦·Îº¸µåÀÇ ÀϺΠº¸¾È¹ö±×°¡ ¹ßÇ¥µÇ¾ú½À´Ï´Ù.
¹®Á¦´Â include() »ç¿ë½Ã¿¡ ¼±¾ðµÈ º¯¼ö¸¦ GET ¹æ½ÄÀ¸·Î Àü´ÞÀÌ °¡´ÉÇÏ°Ô µÇ¾ú±â ¶§¹®ÀÔ´Ï´Ù.
ÀÌ¹Ì nzeo.com °øÁö¿¡ ¶á ÀÌ»ó ¼ö ¸¹Àº »ç¶÷µéÀÌ ÀÌ ¹®Á¦Á¡À» ¹ß°ßÇßÀ» °ÍÀÌ°í,
¸¶À½¸¸ ¸Ô´Â´Ù¸é Á¦·Îº¸µå°¡ ¼³Ä¡µÈ ȨÆäÀÌÁö¿¡ ´ÙÀ½°ú °°Àº ÀϵéÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù.
1. Á¦·Îº¸µå ÀÚ·á½Ç ÷ºÎÆÄÀÏ ¸ðµÎ »èÁ¦°¡´É(È£½ºÆü¹öÀÏ °æ¿ì Ÿ°èÁ¤ »ç¿ëÀÚÀÇ ÀÚ·á±îÁö »èÁ¦°¡´É)
2. Á¦·Îº¸µå°¡ ¼³Ä¡µÈ µðºñ³»¿ë ¸ðµÎ »èÁ¦°¡´É.
3. µðºñ°èÁ¤ Á¤º¸ À¯Ãâ(´ëºÎºÐ µðºñ°èÁ¤°ú ÅڳݰèÁ¤À» µ¿ÀÏÇÏ°Ô »ç¿ëÇϽÃÁÒ?)
ÀÌÁ¦ ³²Àº ¹æ¹ýÀº ºü¸¥ ½Ã°£¾È¿¡ ÆÐÄ¡ÇÏ´Â ¹æ¹ý¹Û¿£ ¾ø½À´Ï´Ù.
ÆÐÄ¡¹æ¹ý)
login.php
68 line)
include $file;
=>
if($id) include $file;
ÀÌ ÆÐÄ¡´Â °£´ÜÇϹǷΠȣ½ºÆü¹öó·³ ¿©·¯ »ç¿ëÀÚ°¡ »ç¿ëÇÒ¶§ ´ÙÀ½ ¸í·ÉÀ» ÅëÇØ Çѹø¿¡ ¸ðµÎ ÆÐÄ¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.
¸ÕÀú Á¦·Îº¸µå°¡ ¼³Ä¡µÈ µð·ºÅ丮·Î À̵¿Çϰųª È£½ºÆü¹ö¶ó¸é root ±ÇÇÑÀ» ¾òÀºµÚ /home (»ç¿ëÀÚ È¨µð·ºÅ丮)·Î À̵¿ÇÕ´Ï´Ù.
cd /home
´ÙÀ½Àº ¹®Á¦°¡ µÇ´Â ¼Ò½º¸¦ ã¾Æ¼ Ãâ·ÂÇÏ´Â °ÍÀ¸·Î Á¦·Îº¸µå ÀÌ¿ÜÀÇ ¼Ò½º°¡ ÀÖ´ÂÁö ÆÐÄ¡ÇϱâÀü¿¡ È®ÀÎÇØ¾ß ÇÕ´Ï´Ù.
grep -r "include \$file;" `find ./ -name login.php`
¹®Á¦ÀÇ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php: include $file;
ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php: if($id) include $file;
¸¸¾à, °Ë»ö°á°úÁß Á¦·Îº¸µå ÀÌ¿ÜÀÇ ´Ù¸¥ ¼Ò½º°¡ ÀÖ´Ù¸é ´ÙÀ½ ó·³ ÆÄÀÏÇϳª¾¿ ¼öÀÛ¾÷À¸·Î ÆÐÄ¡ÇØ¾ß ÇÕ´Ï´Ù.
perl -pi -e 's,\tinclude \$file;,\tif\(\$id) include \$file\;,g' ./XXXXX1/public_html/zboard/login.php
°Ë»ö°á°ú°¡ ¸ðµÎ Á¦·Îº¸µå ¼Ò½º¶ó¸é ´ÙÀ½ ¸í·ÉÀ» ÅëÇØ ÇöÀç µð·ºÅ丮 ÇÏÀ§¿¡ ¼³Ä¡µÈ ¸ðµç ¼Ò½º¸¦ ÀÚµ¿ÆÐÄ¡ÇÏ¸é µË´Ï´Ù.
À̶§, ÀÌ¹Ì ÆÐÄ¡µÈ ¼Ò½º¿Í´Â include ±¸¹®¾Õ¿¡ ÅÇÀÇ À¯¹«·Î ±¸ºÐÇϱ⶧¹®¿¡ µÎ¹ø ÆÐÄ¡µÇ´Â ÀÏÀº ¾ø½À´Ï´Ù.
ÇÏÁö¸¸ »ç¿ëÀÚ°¡ ÀÓÀÇ·Î ¼öÁ¤Çؼ ÅÇÀÌ ¾ø¾îÁø °æ¿ì¶ó¸é ¼öÁ¤ÀÌ ¾ÈµÉ°Ì´Ï´Ù.
grep -rl "include \$file;" `find ./ -name login.php`|xargs -n1 perl -pi -e 's,\tinclude \$file;,\tif\(\$id) include \$file\;,g'
¸¶Áö¸·À¸·Î óÀ½ ½ÇÇàÇß´ø °Ë»ö¸í·ÉÀ» ÅëÇØ ÆÐÄ¡µÈ ³»¿ªÀ» È®ÀÎÇÏ¸é µË´Ï´Ù.
grep -r "include \$file;" `find ./ -name login.php`
ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php: if($id) include $file;
ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX2/public_html/bbs/login.php: if($id) include $file;
Ãß½Å) À§ ½ºÅ©¸³Æ®¸¦ ÅëÇØ º¯È¯ÇßÀ» °æ¿ì ¸¸¾à À߸øµÇ´õ¶óµµ µÇµ¹¸± ¹æ¹ýÀÌ ¾ø½À´Ï´Ù.
µû¶ó¼ ¹Ì¸® ÆÐÄ¡ÇÒ ÆÄÀÏÀ» ¹é¾÷¹Þ¾Æ³õÀ¸½Ã°Å³ª ÇϳªÀÇ ÆÄÀϸ¸ Å×½ºÆ®Çغ»µÚ »ç¿ëÇϽñ⠹ٶø´Ï´Ù.
Ãß½Å2) ¼¹ö¿¡ perl ÀÌ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß Çϸç RedHat Linux 7.1, 8.0 ¿¡¼ Å×½ºÆ®µÇ¾ú½À´Ï´Ù.
-----------------------------------------------------------------------------------
|
|
|
|
|
ÄÚ¸àÆ®¸¦ ÀÛ¼ºÇϽøé 2 Æ÷ÀÎÆ®°¡ Áö±ÞµË´Ï´Ù.
|
|
|
|
 |
|
|
 |
 |
 |
 |
 |
ÄÄÇ»Áî´åÄÄ(´ëÇ¥ ÀåÁ¤ÁÖ) ÀÎõ±¤¿ª½Ã µ¿±¸ ¹æÃà·Î83¹ø±æ 23, 24µ¿ 333È£
»ç¾÷ÀÚµî·Ï¹øÈ£ 137-05-83351, Åë½ÅÆǸŠÀÎõ µ¿±¸ 03-78È£, °³ÀÎÁ¤º¸Ã¥ÀÓÀÚ ÀåÁ¤ÁÖ
|
 |
|
2004/12/28 12:11:31
7555
0
