°ø°³°Ô½ÃÆÇ °ü·Ã           2015/12/08 (17:32:30)     9231     0   
   Á¦·Îº¸µå4 º¸¾ÈÆÐÄ¡ ¸ðÀ½
Á¦·Îº¸µå4 º¸¾ÈÆÐÄ¡ ¸ðÀ½



1. ±âº»ÀûÀ¸·Î ȸ¿ø°¡ÀÔÈÄ ±Û¾²±â °¡´ÉÇϵµ·Ï ¼³Á¤
2. ȸ¿ø°¡ÀԽà ĸí¼Ò½º Àû¿ëÇÏ¿© º¿ÀÌ È¸¿ø°¡ÀÔ ¸øÇϵµ·Ï ¼³Á¤
3. ¸ðµç °Ô½ÃÆÇÀº ºñȸ¿ø ±Û¾²±â ¹æÁö ¼³Á¤
4. º¸¾ÈÆÐÄ¡µÈ Á¦·Îº¸µå4 ¾÷·ÎµåÈÄ µ¤¾î¾²±â

5. °³º°ÀûÀÎ ¼öµ¿ º¸¾ÈÆÐÄ¡ Àû¿ë

  1) Á¦·Îº¸µå º¸¾ÈÆÐÄ¡ 2009³â 9¿ù 22ÀÏÀÚ

    1. ´ë»ó ÆÄÀÏ
      1. _head.php
      2. skin/zero_vote/ask_password.php
      3. skin/zero_vote/error.php
      4. skin/zero_vote/login.php
      5. skin/zero_vote/setup.php

    2. ¼öÁ¤ ³»¿ë
      1. _head.php
        [¼öÁ¤Àü]
        if(eregi("://",$_zb_path)||eregi("..",$_zb_path)) $_zb_path ="./"; 
        [¼öÁ¤ÈÄ]
        if(eregi("://",$_zb_path)||eregi("..",$_zb_path)||eregi("^/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";

      2. skin/zero_vote/ ÆÄÀϵé(°¡±ÞÀû Çش罺Ų »èÁ¦ ±Ç°í)
        [¼öÁ¤Àü]
        if(eregi("://",$dir)||eregi("..",$dir)) $dir ="./";
        [¼öÁ¤ÈÄ]
        if(eregi("://",$dir)||eregi("..",$dir)||eregi("^/",$dir)||eregi("data:;",$dir)) $dir ="./";



 
  2) Á¦·Îº¸µå4¿¡ ´ëÇÑ CSRF °ü·Ã º¸¾È Ãë¾àÁ¡ ÆÐÄ¡ 2010³â 2¿ù 19ÀÏÀÚ

    1. [Á¦·Îº¸µå¼³Ä¡°æ·Î]/admin/admin_exec_member.php 
    admin_exec_member.php ÆÄÀÏÀÇ 106¹ø° ÁÙ¿¡ ´ÙÀ½ ¾Æ·¡¿Í °°ÀÌ Ãß°¡ 

    if($_SERVER['REQUEST_METHOD']!='POST') die("ºñÁ¤»óÀûÀÎ Á¢±ÙÀ̶ó Â÷´ÜµË´Ï´Ù");



  3) Á¦·Îº¸µå4 XSS/CSRF °ü·Ã º¸¾È Ãë¾àÁ¡ ÆÐÄ¡

    include/list_check.php ÆÄÀÏÀÇ 116, 117 ¹ø¿¡¼­ $file_name1, $file_name2 º¯¼ö¿¡ °ªÀ» ´ëÀÔÇÒ ¶§, del_html() ÇÔ¼ö¸¦ »ç¿ëÇÑ´Ù.

      [¼öÁ¤Àü] 
      116 ¶óÀÎ  $file_name1=$data[s_file_name1];
      117 ¶óÀÎ  $file_name2=$data[s_file_name2];

      [¼öÁ¤ÈÄ]
      116 ¶óÀÎ  $file_name1=del_html($data[s_file_name1]);
      117 ¶óÀÎ  $file_name2=del_html($data[s_file_name2]);

  4) Á¦·Îº¸µå4 write_ok.php ¿¡¼­ .htaccess ÆÄÀÏ ¾÷·Îµå¸¦ ÅëÇÑ º¸¾È¹ö±× ÆÐÄ¡


    === write_ok.php ===

    211 ¶óÀÎ
    if(substr($s_file_name1,0,1)=='.'||eregi(".inc",$s_file_name1)||eregi(".phtm",$s_file_name1)||eregi(".htm",$s_file_name1)||eregi(".shtm",$s_file_name1)||eregi(".ztx",$s_file_name1)||eregi(".php",$s_file_name1)||eregi(".dot",$s_file_name1)||eregi(".asp",$s_file_name1)||eregi(".cgi",$s_file_name1)||eregi(".pl",$s_file_name1)) Error("Html, PHP °ü·ÃÆÄÀÏÀº ¾÷·ÎµåÇÒ¼ö ¾ø½À´Ï´Ù");

    252 ¶óÀÎ
    if(substr($s_file_name2,0,1)=='.'||eregi(".inc",$s_file_name2)||eregi(".pht",$s_file_name2)||eregi(".htm",$s_file_name2)||eregi(".shtml",$s_file_name2)||eregi(".ztx",$s_file_name2)||eregi(".php",$s_file_name2)||eregi(".dot",$s_file_name1)||eregi(".asp",$s_file_name2)||eregi(".cgi",$s_file_name2)||eregi(".pl",$s_file_name2)) Error("Html, PHP °ü·ÃÆÄÀÏÀº ¾÷·ÎµåÇÒ¼ö ¾ø½À´Ï´Ù");



º¸´Ù ÀÚ¼¼ÇÑ ³»¿ëÀº °í°´¼¾ÅÍ Áú¹®/´äº¯°Ô½ÃÆÇ ¶Ç´Â ÀüÈ­¹®ÀÇ ÁÖ½Ã¸é »ó¼¼È÷ ¼­Æ÷Æ®ÇØ µå¸®µµ·Ï ÇÏ°Ú½À´Ï´Ù.
°¨»çÇÕ´Ï´Ù. 
writer ip : 61.34.198.26    

       

°ø°³°Ô½ÃÆÇ °ü·Ã Á¦·Îº¸µå4 º¸¾ÈÆÐÄ¡ ¸ðÀ½
µµ¸ÞÀÎ °ü·Ã ³×À̹ö ºí·Î±×¿¡ µµ¸ÞÀÎ ¿¬°áÇϱâ
¸ÞÀÏ °ü·Ã À¥¼­¹ö¿¡¼­ ¸ÞÀϼ­¹ö Á¢¼ÓÈÄ ¸ÞÀϹ߼ÛÇÏ´Â ½ºÅ©¸³...
µµ¸ÞÀÎ °ü·Ã µµ¸ÞÀÎ ¸íÀÇ º¯°æ ½Åû¼­
µµ¸ÞÀÎ °ü·Ã ¼­ºêµµ¸ÞÀÎ(2Â÷µµ¸ÞÀÎ) ¼ÂÆùæ¹ý
µµ¸ÞÀÎ °ü·Ã ´ÙÁßµµ¸ÞÀÎ ¼ÂÆùæ¹ý
1