1619, 1/81 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   »ç¿ëÁß
   http://www.cyworld.com/csy_lovely
   À¥ ÇØÅ·¿¡´ëÇؼ­ ¾Ë¾Æº¸ÀÚ (8)

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=1835 [º¹»ç]


1) È®ÀåÀÚ ÇÊÅ͸µ web.php(À¥ ¼¿)ÆÄÀÏÀ» ¾÷·Îµå ÇÒ ¼ö ¾ø´Ù.
2) htaccess, web.zip À¥¼¿ ¾÷·Îµå ¼º°ø
3) À¥ ½© ½ÇÇà(web.zip Ŭ¸¯ÇÏ¸é ¹Ù·Î ½ÇÇà)

ÁÖ¿ä ½ÇÇà ¸í·É¾î (À¥ ½© ¸¶´Ù ±â´ÉÀÌ ´Ù¸§)

¸ñ·Ïº¸±â :ls
»óÀ§ ¸ñ·Ï º¸±â : ls ../ ../
ÆÄÀÏ »èÁ¦ : rm -rf[Áö¿ï ÆÄÀϸí]
À¥ ÆäÀÌÁö ´Ù¿î : tar -cvf c.tar

2.File download Vulnerability
´Ù¿î·Îµå ÆÄÀÏÀÇ À§Ä¡¿¡ Á¦ÇÑ Á¶°ÇÀ¸ ¤©ºÎ¿©ÇÏÁö ¾Ê¾Æ ÁöÁ¤µÈ ÆÄÀÏ ÀÌ¿ÜÀÇ À§Ä¡¿¡ ÀÖ´Â ÆÄÀϵ鿡 Á¢±ÙÇϰųª ´Ù¿î·Îµå ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡À» ¸»ÇÑ´Ù. °Ô½ÃÆÇ µî¿¡ ÀúÀåµÈ ÀÚ·á¿¡ ´ëÇØ ´Ù¿î·Îµå ½ºÅ©¸³Æ®¸¦ ÀÌ¿ëÇÏ¿© ´Ù¿î·Îµå ±â´ÉÀ» Á¦°øÇϸ鼭, ´ë»ó ÀÚ·á ÆÄÀÏÀÇ À§Ä¡ ÁöÁ¤¿¡ Á¦ÇÑ Á¶°ÇÀ» ºÎ¿©ÇÏÁö ¾Ê¾ÒÀ» °æ¿ì URL°£ÀÇ ´Ù¿î·Îµå ½ºÅ©¸³Æ®ÀÇ Àμö°ª¿¡ '../' ¹®ÀÚ¿­ µîÀ» ÀÔ·ÂÇÏ¿© ½Ã½ºÅÛ µð·ºÅ丮 µî¿¡ ÀÖ´Â /etc/passwd ¿Í °°Àº ºñ°ø°³ ÀÚ·áµéÀÌ À¯ÃâµÉ ¼ö ÀÖ´Ù.
ƯÈ÷, ¸®´ª½º ¹× À¯´Ð½º °è¿­ÀÇ À¥ ¼­¹ö¿¡ °¢º°È÷ ÁÖÀÇ°¡ ÇÊ¿äÇÏ´Ù. ¿¹¸¦ µé¾î ÆÄÀÏ ´Ù¿î·Îµå ½Ã ÁÖ¼Ò Ã¢¿¡ ¡é¿Í °°ÀÌ ÀÔ·Â
http://servername.com/data/download.php?path=upfiles&filename=½Åû¼­.doc
Æнº¿öµå(password) ÆÄÀÏÀÇ ÇØÅ·À» ½ÃµµÇÑ´Ù.
http://servername.com/date/download.php?path../../../../../../../../../../../etc&filename=passwd
(download.php cgiÀÇ path º¯¼ö¿¡ À§Ä¡¸¦ ÁöÁ¤ÇÏ°í filename º¯¼ö¸¦ ÀÌ¿ëÇØ passwd ÆÄÀÏ ´Ù¿î·Îµå)
http://servername.com/data/download.php?path=upfiles&filename=../../../../../../../../../../../etc/passwd
(download.php cgi ÀÇ filenameº¯¼ö¿¡¼­ °æ·Î¸¦ µû¶ó µé¾î°¡ passwd ÆÄÀÏÀ» ´Ù¿î·Îµå ¹ÞÀ½)
  Hit : 10237     Date : 2011/08/03 02:12


    
ghj4890 ÁÁ³×¿©
À¯ÀÍÇÔ		 2011/08/04  
»ç¿ëÁß °¨»çÇÕ´Ï´Ù~ 2011/08/06  
salis °¨»çÇÕ´Ï´Ù. 2011/08/18  
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 22005
1618   realip_finder(asm ver)     ÇØÅ·ÀßÇÏ°í½Í´Ù
 02/05 668
1617   realip_finder     ÇØÅ·ÀßÇÏ°í½Í´Ù
 02/05 668
1616   ¸®´ª½º Ä¿³Î&¿î¿µÃ¼Á¦ °³·Ð (1)     ÇØÅ·ÀßÇÏ°í½Í´Ù
 11/02 1026
1615   stack overflow »çÀÌÆ® ¹ø¿ª     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/09 1426
1614   [L.O.B ¿øÁ¤´ë] - troll     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/08 1763
1613   [L.O.B ¿øÁ¤´ë] - orge     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/07 1714
1612   [L.O.B ¿øÁ¤´ë] - darkelf     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/07 1651
1611   [L.O.B ¿øÁ¤´ë] - wolfman     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/03 1659
1610   [L.O.B ¿øÁ¤´ë] - orc     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/03 1488
1609   [L.O.B ¿øÁ¤´ë] - goblin     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1689
1608   [L.O.B ¿øÁ¤´ë] - cobolt     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1895
1607   [L.O.B ¿øÁ¤´ë] - gremlin     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1594
1606   [L.O.B ¿øÁ¤´ë] - gate     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/02 1468
1605   ARP ½ºÇªÇÎ - Part.1 -     ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1932
1604   http ½º´ÏÆÛ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1672
1603   pcapÀ¸·Î ÆÐŶ ½º´ÏÆÛ ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
 04/20 1516
1602   ÇØÄ¿½ºÄ𠸸ȭÀÇ ÀÚµ¿À¸·Î ½ºÄµÇÏ´Â ÇÁ·Î±×·¥     ÇØÅ·ÀßÇÏ°í½Í´Ù
 02/18 1894
1601   ½Ã½ºÅÛ ÄÝ ÃßÀû È®ÀåÆÇ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/19 2042
1600   °£´ÜÇÑ ½Ã½ºÅÛ ÄÝ ÃßÀû ÇÁ·Î±×·¥ ¸¸µé±â     ÇØÅ·ÀßÇÏ°í½Í´Ù
 01/18 2042
1 [2][3][4][5][6][7][8][9][10]..[81]

Copyright 1999-2026 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org