»çźÀÇÀÎÇü      2004/12/28 12:11:31     7610     0   
   Á¦·Îº¸µå º¸¾È ÆÐÄ¡Çϼ¼¿ë..
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030224.html

¿µ¹® ¹®¼­À» ÂüÁ¶Çϼ¼¿ä..

ÇöÁ¦ http://www.nzeo.com/¿¡ ÆÐÄ¡µÈ ÆÄÀÏÀÌ ¿Ã¶ó¿ÍÀÖ½À´Ï´Ù.


--------------------phpschool¿¡ ¿Ã¶ó¿Â ±Û -------------------------------


±Û¾´ÀÌ:ibin Á¦·Îº¸µå 4.1 º¸¾È¹ö±× ÆÐÄ¡½ºÅ©¸³Æ®(¼­¹ö°ü¸®ÀÚ¿ë) Á¶È¸¼ö:2096

ibin
http://www.nzeo.com

ÇöÀç Á¦·Îº¸µåÀÇ ÀϺΠº¸¾È¹ö±×°¡ ¹ßÇ¥µÇ¾ú½À´Ï´Ù.
¹®Á¦´Â include() »ç¿ë½Ã¿¡ ¼±¾ðµÈ º¯¼ö¸¦ GET ¹æ½ÄÀ¸·Î Àü´ÞÀÌ °¡´ÉÇÏ°Ô µÇ¾ú±â ¶§¹®ÀÔ´Ï´Ù.

ÀÌ¹Ì nzeo.com °øÁö¿¡ ¶á ÀÌ»ó ¼ö ¸¹Àº »ç¶÷µéÀÌ ÀÌ ¹®Á¦Á¡À» ¹ß°ßÇßÀ» °ÍÀÌ°í,
¸¶À½¸¸ ¸Ô´Â´Ù¸é Á¦·Îº¸µå°¡ ¼³Ä¡µÈ ȨÆäÀÌÁö¿¡ ´ÙÀ½°ú °°Àº ÀϵéÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù.

1. Á¦·Îº¸µå ÀÚ·á½Ç ÷ºÎÆÄÀÏ ¸ðµÎ »èÁ¦°¡´É(È£½ºÆü­¹öÀÏ °æ¿ì Ÿ°èÁ¤ »ç¿ëÀÚÀÇ ÀÚ·á±îÁö »èÁ¦°¡´É)
2. Á¦·Îº¸µå°¡ ¼³Ä¡µÈ µðºñ³»¿ë ¸ðµÎ »èÁ¦°¡´É.
3. µðºñ°èÁ¤ Á¤º¸ À¯Ãâ(´ëºÎºÐ µðºñ°èÁ¤°ú ÅڳݰèÁ¤À» µ¿ÀÏÇÏ°Ô »ç¿ëÇϽÃÁÒ?)

ÀÌÁ¦ ³²Àº ¹æ¹ýÀº ºü¸¥ ½Ã°£¾È¿¡ ÆÐÄ¡ÇÏ´Â ¹æ¹ý¹Û¿£ ¾ø½À´Ï´Ù.

ÆÐÄ¡¹æ¹ý)
       login.php

       68 line)
              include $file;
       =>
              if($id) include $file;

ÀÌ ÆÐÄ¡´Â °£´ÜÇϹǷΠȣ½ºÆü­¹öó·³ ¿©·¯ »ç¿ëÀÚ°¡ »ç¿ëÇÒ¶§ ´ÙÀ½ ¸í·ÉÀ» ÅëÇØ Çѹø¿¡ ¸ðµÎ ÆÐÄ¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.

¸ÕÀú Á¦·Îº¸µå°¡ ¼³Ä¡µÈ µð·ºÅ丮·Î À̵¿Çϰųª È£½ºÆü­¹ö¶ó¸é root ±ÇÇÑÀ» ¾òÀºµÚ /home (»ç¿ëÀÚ È¨µð·ºÅ丮)·Î À̵¿ÇÕ´Ï´Ù.
       cd /home

´ÙÀ½Àº ¹®Á¦°¡ µÇ´Â ¼Ò½º¸¦ ã¾Æ¼­ Ãâ·ÂÇÏ´Â °ÍÀ¸·Î Á¦·Îº¸µå ÀÌ¿ÜÀÇ ¼Ò½º°¡ ÀÖ´ÂÁö ÆÐÄ¡ÇϱâÀü¿¡ È®ÀÎÇØ¾ß ÇÕ´Ï´Ù.
       grep -r "include \$file;" `find ./ -name login.php`

       ¹®Á¦ÀÇ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php:    include $file;
       ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php:    if($id) include $file;

¸¸¾à, °Ë»ö°á°úÁß Á¦·Îº¸µå ÀÌ¿ÜÀÇ ´Ù¸¥ ¼Ò½º°¡ ÀÖ´Ù¸é ´ÙÀ½ ó·³ ÆÄÀÏÇϳª¾¿ ¼öÀÛ¾÷À¸·Î ÆÐÄ¡ÇØ¾ß ÇÕ´Ï´Ù.
       perl -pi -e 's,\tinclude \$file;,\tif\(\$id) include \$file\;,g' ./XXXXX1/public_html/zboard/login.php

°Ë»ö°á°ú°¡ ¸ðµÎ Á¦·Îº¸µå ¼Ò½º¶ó¸é ´ÙÀ½ ¸í·ÉÀ» ÅëÇØ ÇöÀç µð·ºÅ丮 ÇÏÀ§¿¡ ¼³Ä¡µÈ ¸ðµç ¼Ò½º¸¦ ÀÚµ¿ÆÐÄ¡ÇÏ¸é µË´Ï´Ù.
À̶§, ÀÌ¹Ì ÆÐÄ¡µÈ ¼Ò½º¿Í´Â include ±¸¹®¾Õ¿¡ ÅÇÀÇ À¯¹«·Î ±¸ºÐÇϱ⶧¹®¿¡ µÎ¹ø ÆÐÄ¡µÇ´Â ÀÏÀº ¾ø½À´Ï´Ù.
ÇÏÁö¸¸ »ç¿ëÀÚ°¡ ÀÓÀÇ·Î ¼öÁ¤Çؼ­ ÅÇÀÌ ¾ø¾îÁø °æ¿ì¶ó¸é ¼öÁ¤ÀÌ ¾ÈµÉ°Ì´Ï´Ù.
       grep -rl "include \$file;" `find ./ -name login.php`|xargs -n1 perl -pi -e 's,\tinclude \$file;,\tif\(\$id) include \$file\;,g'

¸¶Áö¸·À¸·Î óÀ½ ½ÇÇàÇß´ø °Ë»ö¸í·ÉÀ» ÅëÇØ ÆÐÄ¡µÈ ³»¿ªÀ» È®ÀÎÇÏ¸é µË´Ï´Ù.
       grep -r "include \$file;" `find ./ -name login.php`

       ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX1/public_html/zboard/login.php:  if($id) include $file;
       ÆÐÄ¡µÈ ¼Ò½º) ./XXXXX2/public_html/bbs/login.php:   if($id) include $file;

Ãß½Å) À§ ½ºÅ©¸³Æ®¸¦ ÅëÇØ º¯È¯ÇßÀ» °æ¿ì ¸¸¾à À߸øµÇ´õ¶óµµ µÇµ¹¸± ¹æ¹ýÀÌ ¾ø½À´Ï´Ù.
µû¶ó¼­ ¹Ì¸® ÆÐÄ¡ÇÒ ÆÄÀÏÀ» ¹é¾÷¹Þ¾Æ³õÀ¸½Ã°Å³ª ÇϳªÀÇ ÆÄÀϸ¸ Å×½ºÆ®Çغ»µÚ »ç¿ëÇϽñ⠹ٶø´Ï´Ù.
Ãß½Å2) ¼­¹ö¿¡ perl ÀÌ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß Çϸç RedHat Linux 7.1, 8.0 ¿¡¼­ Å×½ºÆ®µÇ¾ú½À´Ï´Ù.

-----------------------------------------------------------------------------------

   
ÄÚ¸àÆ®¸¦ ÀÛ¼ºÇϽøé 2 Æ÷ÀÎÆ®°¡ Áö±ÞµË´Ï´Ù.

       

4973 ¹Ì¾ÈÇÏ´Ù... ¸øµè°Ú´Ù.. »çźÀÇÀÎÇü 01/18 6976
4972 ÀúÀ۱ǹý °³Á¤°ú ½ÃÇà¿¡ µû¸¥ ÆÄÀå... [4] 01/11 6262 01/16(13:20)
4971 ¿À´ÃÀÌ~ [4] ½Î·ò 01/09 5806 01/12(20:48)
4970 ³¯¾¾°¡ ¾öû Ãß¹ö¿ä. [2] 01/05 6259 01/06(09:40)
4969 Àá ¾È¿À³×¿ä.. »çźÀÇÀÎÇü 01/05 6346
4968 Ãâ±Ù 2ÀÏ°! [3] ½Î·ò 01/04 6396 01/05(13:02)
4967 ³ª¸¥³ª¸¥ÇÑ ¿ÀÈÄ ÀÔ´Ï´Ù. ;; [2] 01/04 6127 01/05(02:39)
4966 ÁÖ¿Â ¹Ì±¹ÆÇ..grudge º¸±âÀü¿¡ ±Ç°í... [2] »çźÀÇÀÎÇü 01/03 6542 01/04(16:46)
4965 »õÇØ¿£ ´ä±Û ¸¹ÀÌ ¿Ã¸³½Ã´ç.. »çźÀÇÀÎÇü 01/03 6646
4964 7È£¼± ºÒ³µ³ª¸é¿ä.. [1] »çźÀÇÀÎÇü 01/03 6877 01/03(14:50)
4963 »õÇØ º¹ ¸¹ÀÌ ¹ÞÀ¸¼¼¿ä¢½ 01/03 6588
4962 1¿ù 1ÀÏ Ã¹±Û~~~ [1] 01/01 6717 01/03(09:54)
4961 »õÇØ º¹ ¸¹ÀÌ ¹ÞÀ¸¼¼¿ä~~~ 12/30 6522
4959 ÃòÄ«ÇØÁÖ¼¼¿ä>0< [5] ½Î·ò 12/29 6846 12/31(17:23)
>> Á¦·Îº¸µå º¸¾È ÆÐÄ¡Çϼ¼¿ë.. »çźÀÇÀÎÇü 12/28 7610
FIRST576465666768697077LAST