¸®´ª½º

 3916, 1/196 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   khl0803
   ¸®´ª½º sql¼­¹ö °ü·ÃÁú¹®

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=3894 [º¹»ç]


xxx.xxx.xx.xxx <¼­¹ö³»ÀǾÆÀÌÇÇ º¸¾È»ó Áö¿ü½À´Ï´Ù^^;

--------------------------------------------------------------------------------

Port Scan


80(HTTP)

21(FTP Control)

443(HTTPS)

3306(MYSQL)


--------------------------------------------------------------------------------

CGI Scan


WEB Banner: Apache

WWW Title: APMSETUP 6

CGI Holes

/index.php?file=../../../../../../etc/passwd (HTTP: 200 )

/index.php?file=/etc/passwd (HTTP: 200 )

/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc (HTTP: 200 )

/index.php?page=../../../../etc/passwd (HTTP: 200 )

/index.php/ (HTTP: 200 )

/?S=D (HTTP: 200 )

/?PageServices (HTTP: 200 )

/?wp-html-rend (HTTP: 200 )

/?M=A (HTTP: 200 )



--------------------------------------------------------------------------------

MISC


MySQL Version is:


¼­¹öÃë¾àÁ¡½ºÄµ°á°ú ÀÌ·¸°Ô³ª¿Ô´Â´ë ¹¹°¡¾î¶»°ÔµÈ°ÇÁö ¼³¸íÁ»ÇØÁÖ¼¼¿ä~

´äº¯:

À¸À½... À¥ÅøÀº »ç¿ëÇØ º» ÀûÀÌ ¾ø¾î¼­ ¸ð¸£°ÚÁö¸¸...

´«Ä¡²¯ º¸ÀÚ¸é index.php¿¡ Ãë¾àÁ¡ÀÌ ´Ù¼ö ¹ß°ßµÇ¾ú³×¿ä.
ƯÈ÷ (ÄÄÇ»Å;ÆÀÌÇÇ)/index.php?page=../../../../etc/passwd³ª
/(ÄÄÇ»Å;ÆÀÌÇÇ)index.php?file=../../../../../../etc/passwd ¶ó°í ÁÖ¼Òâ¿¡ ³Ö¾úÀ» °æ¿ì

¸®´ª½ºÀÇ Æнº¿öµå¿¡°ü·ÃµÈ ºÎºÐ¿¡ Á¢±ÙÇÏ¿© Æнº¿öµå¸¦ ¼öÁ¤ÇÒ ¼öµµ ÀÖ´Ù´Â ¼Ò¸®ÀÔ´Ï´Ù.
¾Æ¸¶µµ php¿¡¼­ get¹æ½ÄÀ¸·Î pageÀÇ °ªÀ» ¹Þ´Â °Í °°Àºµ¥¿ä.
http:200¿¡ ÇØ´çÇÏ´Â Ãë¾àÁ¡À» ¹ß°ßÇß´Ù´Â ¶æÀΰŠ°°³×¿ä
http200ÀÌ ¹ºÁö¸¦ ¸ô¶ó¼­ ÀÚ¼¼ÇÑ ¼³¸íÀº ¸øµå¸®°Ú³×¿ä...;; Á¦°¡ À¥ÂÊÀº ¾Æ´ÑÁö¶ó;

ÀÌ·±½ÄÀ¸·Î ´äº¯À̴޷ȽÀ´Ï´Ù
±×·±´ë À§¿¡ ´äº¯´ë·Î Çغô´ë
APM_Setup ÀÌ ¿Ï·áµÇ¾ú½À´Ï´Ù¶ó´Â ÀÌ»óÇÑ⸸¶ß°í ÁøÇàÀ»ÇÒ¼ö°¡¾ø³»¿ä..
  Hit : 3333     Date : 2011/02/15 02:11