ÇÁ·Î±×·¡¹Ö

 3198, 1/160 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   bigshott
   php Ãë¾àÇÑ ¼Ò½º Áú¹® µå¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=3067 [º¹»ç]


¾È³çÇϼ¼¿ä~

³¯¾¾µµ ´õ¿öÁö´Âµ¥ ´Ùµé Àß °è½Ã´ÂÁö¿ä ^^

´Ù¸§ÀÌ ¾Æ´Ï¶ó php °£´ÜÇÑ ¼Ò½ºÀä~

¿Ü±¹»çÀÌÆ® ´Ù´Ï´Ù°¡ º¸´Ï Ãë¾àÇÏ´Ù°í ³ª¿Í À־ ±Ã±ÝÇØ¼­ Áú¹®µå¸³´Ï´Ù.

system("echo 'hello $var'");

¹Ù·Î À§ ¼Ò½ºÀä~

$var ¾È¿¡ ¾î¶² ¹®ÀÚ¸¦ ³Ö´Â´Ù°í ÇØµµ °á°ú´Â ±×³É echo¿¡ ÀÇÇØ È­¸é¿¡ Ãâ·Â µÇ¾î ¹ö¸®±¸¿ä~

system ¸í·ÉÀº ½ÇÇàÀÌ µÇÁö ¾Ê½À´Ï´Ù.

¸Õ°¡ Ãë¾àÇÑ°Í °°±â´Â ÇÑ´ë¿ä~

°í¼ö´Ôµé º¸½Ã°í ÂüÁ¶ ÇÒ¸¸ÇÑ ÆäÀÌÁö³ª  Á¶¾ð Á» ºÎʵ右´Ï´Ù. ^^

¼ö°íÇϼ¼¿ä~!


  Hit : 3607     Date : 2011/06/17 10:46



    
nsh009 º¯¼ö 2011/06/17  
kjwon15 $var="some text ; cat /etc/passwd >> /var/www/passwd.txt";

ÀÌ·±½ÄÀ¸·Î ÇÑ´Ù¸é ¹®Á¦°¡ ¹ß»ýÇÏÁÒ
2011/06/17  
´¾´¾ var°¡ »ç¿ëÀÚ ÀÔ·ÂÀ» ¹Þ´Âº¯¼ö°¡ ¾Æ´Ï¶ó¸é¾ß
;cat /etc/passwd >> /var/www/passwd.txt
°°Àº°ÍÀÌ ¹¹ ÅëÇϸ®¶ó°í´Â »ý°¢µÇÁö¾Ê´Âµ¥
hello $var ·Î ºÁ¼­´Â »ç¿ëÀÚÀÇ À̸§À» ÀԷ¹ްí hello À̸§
ÀÌ·±½ÄÀ¸·Î ÇÏ½Ç °Í°°³×¿ä ±×·±°æ¿ì¿¡´Â kjwon15´ÔÀÌ ¸»¾¸ÇϽŰͰú °°Àº Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù
À̸§¿¡´Â Ư¼ö¹®ÀÚ°¡ µé¾î°¥ È®·üÀÌ °ÅÀÇ ¾øÀ¸¹Ç·Î (Áß±¹¿¡¼­ ¿¹Àü¿¡ À̸§À» @ ·Î ÁöÀº»ç·ÊÀÖÀ½)
addslashes ÇÔ¼ö·Î ´ëºñÇØ³õÀ¸½Ã¸é µÉµí½Í½À´Ï´Ù
2011/06/17  
bigshott ±×·¸°Ô´Â ÇØºÃÁö¸¸ ¾ÈµË´Ï´Ù. kjwon15´Ô ó·³ ³Ö´Â´Ù°í ÇØµµ
system("echo 'hello some text ; cat /etc/passwd >> /var/www/passwd.txt'");

ÀÌ·±½ÄÀ¸·Î ' ' ¾È¿¡ µé¾î°¡±â ¶§¹®¿¡ ±×´ë·Î È­¸é¿¡

hello some text ; cat /etc/passwd >> /var/www/passwd.txt
ÀÌ·¸°Ô ÂïÇô¼­ ³ª¿À°Ô µË´Ï´Ù.

Ãë¾àÁ¡ÀÌ ¾ø´Â°Å °°±âµµ ÇÑ´ë¿ä~ ±¸±Û¸µ ¸îÀϰ Çϰí À־ ´äÀÌ ¾È³ª¿À³×¿ä ¤Ì¤Ð

¹Ù»Ú½Åµ¥ ´äº¯ Áּż­ Á¤¸» °¨»çµå¸³´Ï´Ù.
ÁÁÀº ÇÏ·ç µÇ¼¼¿ä~
2011/06/21