¡Ø ºü¸¥ 󸮸¦ À§Çؼ µµ¸ÞÀÎ ¶Ç´Â FTP ¾ÆÀ̵𠸦 Àû¾î ÁÖ½Ã±æ ¹Ù¶ø´Ï´Ù.
¡Ø ºü¸¥ 󸮸¦ À§Çؼ µµ¸ÞÀÎ ¶Ç´Â FTP ¾ÆÀ̵𠸦 Àû¾î ÁÖ½Ã±æ ¹Ù¶ø´Ï´Ù.
¾È³çÇϼ¼¿ä. ¸¶·çÀÎÅͳÝÀÔ´Ï´Ù.
12¿ù 18ÀÏ ÀÌÈÄ·Î Á¦·Îº¸µå Ãë¾à¼ºÀ¸·Î ÀÎÇÑ ÆÄÀÏ º¯Á¶°¡ ¹ß»ýÇÏ°í ÀÖ½À´Ï´Ù.
ÇöÀç±îÁö ¹ß»ýÇÑ °æ¿ì¸¦ º¸¸é Á¦·Îº¸µåÀÇ ¹öÀüÀÌ pl8 ÀÌÇÏÀÎ °æ¿ì¿¡
¹ß»ýÇÏ°í ÀÖ½À´Ï´Ù. Á¦·Îº¸µåÀÇ ¹öÀüÀº bbs Æú´õÀÇ lib.php ÆÄÀÏ¿¡¼
È®ÀÎÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù.
_________________________________________________________________________
¿øÀÎ : Á¦·Îº¸µå 4 °Ô½ÃÆÇÀÇ Ãë¾à¼ºÀ» ÀÌ¿ëÇÑ ÆÄÀÏ º¯Á¶
Áõ»ó : 1. bbs/icon Æú´õ¿¡ group_qazwsxedc.jpg ÆÄÀÏ°ú visitLog.php »ý¼º
2. °èÁ¤³» È®ÀåÀÚ°¡ html, php ÆÄÀϵ鿡 frame src="¾Ç¼ºÄÚµå ¹èÆ÷Áö URL »ðÀÔ (¿¹: http://h.nexprice.com/css/x.htm)
* ÁÖ·Î bbs/Æú´õ³»ÀÇ ÆÄÀϵ鿡 ¼Ò½º°¡ »ðÀԵ˴ϴÙ.
* °èÁ¤³» ÆÄÀϵ鿡 iframe »ðÀÔÀº ¾øÀ» ¼öµµ ÀÖ½À´Ï´Ù.
3. Á¦·Îº¸µå DB¿¡ zetyx_group_table »ý¼ºµÇ°í ÀÌ Å×À̺íÀÇ header ¶Ç´Â
header_url ¿¡ À§ 2¹ø°ú µ¿ÀÏÇÑ ¾Ç¼ºÄÚµå ¹èÆ÷Áö URL »ý¼º.
2010³â 12¿ù 22ÀÏ RFI Ãë¾àÁ¡ º¸¾È ÆÐÄ¡
1. bbs/icon Æú´õ¿¡ »ý¼ºµÈ group_qazwsxedc.jpg, visitLog.php ÆÄÀÏ »èÁ¦
2. html, php ÆÄÀÏ¿¡ »ðÀÔµÈ iframe ¼Ò½º »èÁ¦
3. °ü¸®ÀÚ ÆäÀÌÁö¸¦ ÅëÇØ qazwsxedc ±×·ì »èÁ¦
4. Á¦·Îº¸µå¼³Ä¡Æú´õ/_head.php ÆÄÀÏÀÇ 13¹ø° ÁÙ ¼Ò½º º¯°æ(°ø½Ä º¸¾È ÆÐÄ¡ ÆäÀÌÁö Âü°í)
5. Á¦·Îº¸µå¼³Ä¡Æú´õ/skin/zero_vote/ask_password.php / error.php / login.php ÆÄÀÏÀÇ 2¹ø° ÁÙ ¼Ò½º °¢°¢ º¯°æ(°ø½Ä º¸¾È ÆÐÄ¡ ÆäÀÌÁö Âü°í)
¡Ø Á¦·Îº¸µå °ø½Ä º¸¾È ÆÐÄ¡
http://www.xpressengine.com/zb4_security/19346851
Á¦·Îº¸µå4 pl9 ¹öÀü¿¡¼ RFI (¿ø°ÝÆÄÀÏ ÀÎŬ·çµå) Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù.
Àå°æĨ´Ô²²¼ Á¦º¸ÇØÁֽŠ³»¿ëÀÔ´Ï´Ù.
_head.php ÆÄÀÏ°ú skin/zero_vote/*.php ÆÄÀÏ¿¡ ´ëÇØ ¾Æ·¡ ³»¿ëÀ¸·Î ÄÚµå ¼öÁ¤À» ÅëÇÑ ÆÐÄ¡¸¦ ±Çµå¸³´Ï´Ù.
_head.php
[¼öÁ¤Àü]
_head.php
view sourceprint?13.if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";
[¼öÁ¤ÈÄ]
_head.php: ¹®ÀÚ°¡ $_zb_path¿¡ Æ÷ÇÔµÇÁö ¾Êµµ·Ï ¼öÁ¤
view sourceprint?13.if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)||eregi(":",$_zb_path)) $_zb_path ="./";
skin/zero_vote/ µð·ºÅ丮ÀÇ ¾Æ·¡¿¡ ÇØ´çµÇ´Â .php ÆÄÀÏ
- ask_password.php
- error.php
- login.php
[¼öÁ¤Àü]
./skin/zero_vote/ask_password.php, error.php, login.php
view sourceprint?2.if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)) $dir ="./";
[¼öÁ¤ÈÄ]
./skin/zero_vote/ask_password.php, error.php, login.php
view sourceprint?2.if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)||eregi(":",$dir)) $dir ="./";
--------------------------------------------------------------------------------------------
_
À§ ³»¿ëÀÇ Á¶Ä¡´Â ±Ùº»ÀûÀÎ Á¶Ä¡´Â ¾Æ´Ï¸ç ¾Ç¼ºÄÚµå ¼Ò½º »ðÀÔ¿¡ ´ëÇÑ ´ëÀÀ Á¶Ä¡·Î
Á¦·Îº¸µå Ãë¾à¼ºÀÌ ÇØ°áµÇÁö ¾ÊÀ¸¸é ¹Ýº¹µÉ ¼ö ÀÖ½À´Ï´Ù. ±×·¯³ª Á¦·Îº¸µå4 °Ô½ÃÆÇÀÇ
°æ¿ì¿¡´Â 2009.09.29ÀÚ·Î Á¦·Îº¸µå4 °ø½Ä ¹èÆ÷°¡ ÁßÁöµÇ¾ú±â ¶§¹®¿¡ ÇØ°áÀÌ µÇÁö ¾Ê½À´Ï´Ù.
À§¿Í °°Àº Á¡À» °í·ÁÇÏ¿© Á¦·Îº¸µå4 °Ô½ÃÆÇ »ç¿ëÀÚ²²¼´Â xe·ÎÀÇ ¾÷±×·¹À̵峪
Áö¼ÓÀûÀ¸·Î º¸¾È ÆÐÄ¡°¡ °¡´ÉÇÑ °Ô½ÃÆÇÀ¸·ÎÀÇ º¯°æÀ» °í·ÁÇϽñ⠹ٶø´Ï´Ù.
|
|