¸¶·çÀ¥È£½ºÆà :: À¥È£½ºÆÃ, µµ¸ÞÀÎ µî·Ï, ¼îÇθô È£½ºÆÃ, À̹ÌÁö ¸µÅ©, ¼­¹ö È£½ºÆÃ, ÄÚ·ÎÄÉÀ̼Ç, ¼­¹ö°ü¸®Åø, ¸®¼¿·¯, ȨÆäÀÌÁö Á¦ÀÛ, ¹«·áÈ£½ºÆà Á¦°ø
140-008-011577
 
140-008-011577
ÀÔ±ÝÈ®ÀνÅû ½ÅûÇöȲº¸±â

°í°´Áö¿ø¼¾ÅÍ

1:1 ¹®ÀÇÇϱâ
  • AM 09:00 ~ PM 06:00
  • AM 11:30 ~ PM 01:00

°øÁö»çÇ×



Á¦¸ñ
  Á¦·Îº¸µå ¼Ò½º º¯Á¶¿¡ ´ëÇÑ ¾È³» ¸»¾¸.
À̸§
    ÀÛ¼ºÀÏ : 2010-12-21 11:26:55  Á¶È¸ : 60078 

¾È³çÇϼ¼¿ä. ¸¶·çÀÎÅͳÝÀÔ´Ï´Ù.

12¿ù 18ÀÏ ÀÌÈÄ·Î Á¦·Îº¸µå Ãë¾à¼ºÀ¸·Î ÀÎÇÑ ÆÄÀÏ º¯Á¶°¡ ¹ß»ýÇÏ°í ÀÖ½À´Ï´Ù.

ÇöÀç±îÁö ¹ß»ýÇÑ °æ¿ì¸¦ º¸¸é Á¦·Îº¸µåÀÇ ¹öÀüÀÌ pl8 ÀÌÇÏÀÎ °æ¿ì¿¡
¹ß»ýÇÏ°í ÀÖ½À´Ï´Ù. Á¦·Îº¸µåÀÇ ¹öÀüÀº bbs Æú´õÀÇ lib.php ÆÄÀÏ¿¡¼­
È®ÀÎÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù.
_________________________________________________________________________

¿øÀÎ :  Á¦·Îº¸µå 4 °Ô½ÃÆÇÀÇ Ãë¾à¼ºÀ» ÀÌ¿ëÇÑ ÆÄÀÏ º¯Á¶

Áõ»ó  :   1. bbs/icon Æú´õ¿¡ group_qazwsxedc.jpg ÆÄÀÏ°ú visitLog.php »ý¼º

            2. °èÁ¤³» È®ÀåÀÚ°¡ html, php  ÆÄÀϵ鿡 frame src="¾Ç¼ºÄÚµå ¹èÆ÷Áö URL »ðÀÔ (¿¹: http://h.nexprice.com/css/x.htm)

                * ÁÖ·Î bbs/Æú´õ³»ÀÇ ÆÄÀϵ鿡 ¼Ò½º°¡ »ðÀԵ˴ϴÙ.
                * °èÁ¤³» ÆÄÀϵ鿡 iframe »ðÀÔÀº ¾øÀ» ¼öµµ ÀÖ½À´Ï´Ù.
          
            3. Á¦·Îº¸µå DB¿¡ zetyx_group_table »ý¼ºµÇ°í ÀÌ Å×À̺íÀÇ  header ¶Ç´Â
                header_url ¿¡ À§ 2¹ø°ú µ¿ÀÏÇÑ ¾Ç¼ºÄÚµå ¹èÆ÷Áö URL »ý¼º.

2010³â 12¿ù 22ÀÏ RFI Ãë¾àÁ¡ º¸¾È ÆÐÄ¡

1. bbs/icon Æú´õ¿¡ »ý¼ºµÈ group_qazwsxedc.jpg, visitLog.php ÆÄÀÏ »èÁ¦
2. html, php ÆÄÀÏ¿¡ »ðÀÔµÈ iframe ¼Ò½º »èÁ¦
3. °ü¸®ÀÚ ÆäÀÌÁö¸¦ ÅëÇØ qazwsxedc ±×·ì »èÁ¦
4. Á¦·Îº¸µå¼³Ä¡Æú´õ/_head.php ÆÄÀÏÀÇ 13¹ø° ÁÙ ¼Ò½º º¯°æ(°ø½Ä º¸¾È ÆÐÄ¡ ÆäÀÌÁö Âü°í)
5. Á¦·Îº¸µå¼³Ä¡Æú´õ/skin/zero_vote/ask_password.php / error.php / login.php ÆÄÀÏÀÇ 2¹ø° ÁÙ ¼Ò½º °¢°¢ º¯°æ(°ø½Ä º¸¾È ÆÐÄ¡ ÆäÀÌÁö Âü°í)

¡Ø Á¦·Îº¸µå °ø½Ä º¸¾È ÆÐÄ¡
http://www.xpressengine.com/zb4_security/19346851

Á¦·Îº¸µå4 pl9 ¹öÀü¿¡¼­ RFI (¿ø°ÝÆÄÀÏ ÀÎŬ·çµå) Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù.

Àå°æĨ´Ô²²¼­ Á¦º¸ÇØÁֽŠ³»¿ëÀÔ´Ï´Ù.

_head.php ÆÄÀÏ°ú skin/zero_vote/*.php ÆÄÀÏ¿¡ ´ëÇØ ¾Æ·¡ ³»¿ëÀ¸·Î ÄÚµå ¼öÁ¤À» ÅëÇÑ ÆÐÄ¡¸¦ ±Çµå¸³´Ï´Ù.

_head.php

[¼öÁ¤Àü]

_head.php
view sourceprint?13.if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";

[¼öÁ¤ÈÄ]

_head.php: ¹®ÀÚ°¡ $_zb_path¿¡ Æ÷ÇÔµÇÁö ¾Êµµ·Ï ¼öÁ¤
view sourceprint?13.if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)||eregi(":",$_zb_path)) $_zb_path ="./";


skin/zero_vote/ µð·ºÅ丮ÀÇ ¾Æ·¡¿¡ ÇØ´çµÇ´Â .php ÆÄÀÏ

        - ask_password.php

        - error.php

        - login.php

[¼öÁ¤Àü]

./skin/zero_vote/ask_password.php, error.php, login.php
view sourceprint?2.if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)) $dir ="./";

[¼öÁ¤ÈÄ]

./skin/zero_vote/ask_password.php, error.php, login.php
view sourceprint?2.if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)||eregi(":",$dir)) $dir ="./";

--------------------------------------------------------------------------------------------
  
_
À§ ³»¿ëÀÇ Á¶Ä¡´Â ±Ùº»ÀûÀÎ Á¶Ä¡´Â ¾Æ´Ï¸ç ¾Ç¼ºÄÚµå ¼Ò½º »ðÀÔ¿¡ ´ëÇÑ ´ëÀÀ Á¶Ä¡·Î
Á¦·Îº¸µå Ãë¾à¼ºÀÌ ÇØ°áµÇÁö ¾ÊÀ¸¸é ¹Ýº¹µÉ ¼ö ÀÖ½À´Ï´Ù. ±×·¯³ª Á¦·Îº¸µå4 °Ô½ÃÆÇÀÇ
°æ¿ì¿¡´Â 2009.09.29ÀÚ·Î Á¦·Îº¸µå4 °ø½Ä ¹èÆ÷°¡ ÁßÁöµÇ¾ú±â ¶§¹®¿¡ ÇØ°áÀÌ µÇÁö ¾Ê½À´Ï´Ù.

À§¿Í °°Àº Á¡À» °í·ÁÇÏ¿© Á¦·Îº¸µå4 °Ô½ÃÆÇ »ç¿ëÀÚ²²¼­´Â xe·ÎÀÇ ¾÷±×·¹À̵峪
Áö¼ÓÀûÀ¸·Î º¸¾È ÆÐÄ¡°¡ °¡´ÉÇÑ °Ô½ÃÆÇÀ¸·ÎÀÇ º¯°æÀ» °í·ÁÇϽñ⠹ٶø´Ï´Ù.




Á¦·Îº¸µå4 ¿ø°Ý ½ÇÇà º¸¾È Ãë¾àÁ¡ ÆÐÄ¡ - ½É°¢ÇÑ ¹ö±×
IE10 ¿¡¼­ °áÁ¦°¡ µÇÁö ¾ÊÀº °æ¿ì Á¶Ä¡»çÇ×