1588, 10/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   x90c
   OpenVMS ¿î¿µÃ¼Á¦ÀÇ WASD À¥¼­¹ö ¿©·¯ Ãë¾à¼ºÀÇ ÀÌÇØ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=486 [º¹»ç]


=------------------------------------------------------------------------------=

             OpenVMS ¿î¿µÃ¼Á¦ÀÇ WASD À¥¼­¹ö ¿©·¯ Ãë¾à¼ºÀÇ ÀÌÇØ
         "Multiple vulnerabilities in WASD http server for OpenVMS"

   ÀÛ¼ºÀÚ       : x90c ( geinblues@gmail.com )
   ȨÆäÀÌÁö     : http://www.chollian.net/~jyj9782/
   ¹®¼­À§Ä¡     : http://gailly.net/security/wasd-vuln-2002-09.txt
  
   % °³ÀÎÀûÀ¸·Î ÀÌ ¹®¼­¸¦ ¸ÕÀú º¸½Ã°í º¸±â ½±°Ô Á¤¸®Çϴµ¥ µµ¿òÀ» ÁÖ½Å
   % Prosper (http://www.lastlog.com) ´Ô²² °¨»çµå¸³´Ï´Ù.

=------------------------------------------------------------------------------=

ÀÌ ¹®¼­´Â Áö³­ 2002³â 9¿ù¿¡ °ø°³µÈ WASD À¥¼­¹öÀÇ Ãë¾à¼º º¸°í¼­¸¦ ±â¹ÝÀ¸·Î
VMS ½Ã½ºÅÛ °æÇèÀÌ ¾ø´Â ºÐµéÀÌ ÀÌÇØÇϱ⠽±µµ·Ï ¼³¸íÇϱâ À§ÇØ ÀÛ¼º µÇ¾ú½À´Ï´Ù.


[Index]
1. WASD http°³¿ä
2. ¾î¶² ¹®Á¦°¡ ¹ß»ýÇÒ¼ö Àִ°¡?
3. À§Çè ºÐ·ù
4. Ãë¾àÇÑ ¹öÀü
5. ¹®Á¦ ¿øÀÎ
6. °ø°Ý ÆÐÅÏ
7. °á·Ð





OpenVMS ´Â Çѱ¹¿¡¼­ ±×·¸°Ô ´ëÁßÀûÀÎ ¿î¿µÃ¼Á¦´Â ¾Æ´Õ´Ï´Ù.
ÀÌ VMS ¿î¿µÃ¼Á¦´Â óÀ½ ¹Ì±¹ÀÇ DEC »ç¿¡¼­ ¸¸µé¾îÁ³´Ù°¡ ÇöÀç IBM »ç¿¡¼­ OpenVMS¸¦ ÆǸÅ
À¯Áöº¸¼öÇÏ°í ÀÖ¾î¿ä. ÀÌ ¹®¼­ÀÇ ¿ø¹®Àº 2002³â ÈĹݿ¡ ³ª¿Â ¹ö±×¸®Æ÷Æà ¹®¼­Àε¥ Çѱ¹¿¡
°è½Å ¸¹Àº ÇØÄ¿ºÐµéÀÇ ÁÖ¸ñÀ» ¹ÞÁö´Â ¸øÇß´ø°Å °°½À´Ï´Ù. °³ÀÎÀûÀ¸·Î´Â OpenVMS »ç¿ëÀÚ
À̱⠶§¹®¿¡ OpenVMS ¿î¿µÃ¼Á¦¸¦ ÀÌÇØÇÏ°í ¶Ç ÇØÅ·°ú °ü·ÃÇؼ­ ¿¬°üÁö¾î°¡´Âµ¥ ÇϳªÀÇ
¸ðÅä°¡ µÉ¼ö ÀÖµµ·Ï ÀçÁ¶¸íÇØ º¸°íÀÚ ÀÌ ¹®¼­¸¦ ÀÛ¼ºÇÏ°Ô µÇ¾ú½À´Ï´Ù.

±×·³ ºÎÁ·Çϳª¸¶ ÀÌ ¹®¼­¸¦ Á¢ÇϽðí VMS ¶ó´Â ¿î¿µÃ¼Á¦ ´ëÇØ °ü½ÉÀ» °¡Áú¼ö ÀÖ´Â °è±â°¡
µÇ¾úÀ¸¸é ÇÏ´Â ¹Ù¶÷À» °¡Á®º¾´Ï´Ù.


P.S: ÀÌ ¹®¼­°¡ ¼³¸íÇÏ´Â Ãë¾à¼ºµéÀº ±× ¹ß»ý Ư¼º»ó ¸î°¡Áö °æ¿ì¸¦ º¸¿©ÁÙ»ÓÀÔ´Ï´Ù. Áï
ÀÀ¿ëµÇ¸é »ý°¢Ä¡ ¸øÇÑ ¹®Á¦Á¡ÀÌ µå·¯³¯¼öµµ ÀÖ½À´Ï´Ù. ( ´ë°Ô À¥Ãë¾à¼ºÀÌ ±×·¸µíÀÌ.. )

=------------------------------------------------------------------------------=

1. WASD http °³¿ä

WASD À¥¼­¹ö´Â OpenVMS ¶ó´Â ¿î¿µÃ¼Á¦¿¡¼­ »ç¿ëµÇ´Â http ¼­¹ö ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
GNU ÀÇ GPL ¶óÀ̼¾½º¸¦ µû¸¨´Ï´Ù.

WASD ȨÆäÀÌÁö : http://wasd.vsm.com.au/WASD/


2. ¾î¶² ¹®Á¦°¡ ¹ß»ýÇÒ¼ö Àִ°¡?

´ÙÀ½ÀÇ ¹®Á¦µéÀ» ³»Æ÷ÇÏ°í ÀÖÀ¸¸ç, ¿ø¹®¿¡ ³ª¿ÍÀÖ´Â ¹®Á¦¸¦ ³ª¿­ÇÏ¿´½À´Ï´Ù.
ÀÀ¿ëµÉ ¼ö ÀÖ´Â ¸î°¡Áö »ç·Ê¶ó°í º¼ ¼ö ÀÖÀ»°Í °°½À´Ï´Ù.

        - ±¤¹üÀ§ÇÑ µð·ºÅ丮 ³ëÃâ
        - À¥¼­¹ö Àüü µð·ºÅ丮¿¡ ´ëÇÑ ÀÓÀÇÁ¢±Ù
        - Á¢±ÙÁ¦¾î ±ÔÄ¢ÀÇ °£´ÜÇÑ ¿ìȸ
        - document ÃÖ»óÀ§ µð·ºÅ丮 À§Ä¡ ÆľÇ
        - À¥¼­¹ö ¼³Á¤ Àüü¿¡ ´ëÇÑ Àбâ±ÇÇÑ
        - ¸ðµç À¥¼­¹ö ·Î±×¿¡ ´ëÇÑ Àбâ±ÇÇÑ
        - ¼û°ÜÁ®¾ß ÇÒ µð·ºÅ丮ÀÇ ³ëÃâ
        - ¸ðµç cgi ½ºÅ©¸³Æ® ÆÄÀÏ ¸ñ·Ï ÆľÇ
        - ¸ðµç cgi ½ºÅ©¸³Æ® ÆÄÀÏÀÇ ¼Ò½ºÄÚµå ÆľÇ
        - »ç¿ëÀÚÀÇ È¨ µð·ºÅ丮ÀÇ Àбâ±ÇÇÑ
        - ±âº» ¼³Ä¡µÈ ƯÁ¤ cgi ½ºÅ©¸³Æ®ÀÇ È°¼ºÈ­¿¡ µû¸¥ Áß¿äÇÑ °áÇÔ
        - ±×¿Ü ´Ù¸¥ ±âº»À¸·Î ¼³Ä¡µÈ cgi ½ºÅ©¸³Æ®µé¿¡ ´ëÇÑ ¹®Á¦µé


3. À§Çè ºÐ·ù : ¸Å¿ì À§Çè ( Critical )


4. ¹öÀü Á¤º¸

        # Ãë¾à¹öÀü
        - WASD 7.1
        - WASD 7.2
        - WASD 7.2.3
        - WASD 8.0

        # ¾ÈÁ¤¹öÀü
        - WASD 8.0.1        ( ¾÷µ¥ÀÌÆ® ¹öÀü )
        - WASD 7.2.4        ( ¾÷µ¥ÀÌÆ® ¹öÀü )
        - WASD 8.1        ( »õ·Î ¸±¸®ÁîµÈ ¹öÀü )




5. ¹®Á¦ ¿øÀÎ

ÀÎÅÍ³Ý »ç¿ëÀÚÀÇ Çã°¡µÇÁö ¾ÊÀº Á¢±ÙÀ» Çã¿ëÇϱ⠶§¹®¿¡ ¹ß»ýÇÏ´Â ¹®Á¦ÀÔ´Ï´Ù.
WASDÀÇ ¼³Á¤ÀÌ ½Ã½ºÅÛ ÀÚ¿ø¿¡ Á¢±ÙÇÏ´Â °ÍÀ» ±âº»ÀûÀ¸·Î Çã¿ëÇϱ⠶§¹®¿¡ ÀÌ·¯ÇÑ ¹®Á¦°¡ ¹ß»ýÇÕ´Ï´Ù.




6. °ø°Ý ÆÐÅÏ

*OpenVMSÀÇ ¾Ë°í ÀÖ¾î¾ß ÇÒ »çÇ×

-                 : À¯´Ð½º½Ã½ºÅÛÀÇ .. ¿Í °°Àº Àǹ̷Π../../ ´Â -- ·Î ´ëÄ¡µÉ¼ö ÀÖ½À´Ï´Ù.

.com                 : .com ÆÄÀÏÀº MS-DOS ÀÇ ÆÄÀÏÆ÷¸ËÀ» ÀǹÌÇÏ´Â°Ô ¾Æ´Ï¶ó,
                  OpenVMS ÀÇ ½©½ºÅ©¸³Æ® Á¤µµ·Î »ý°¢ÇÒ¼ö ÀÖ½À´Ï´Ù.

*.*                : VMS ´Â MS-DOS ó·³ "ÆÄÀϸí.È®ÀåÀÚ;¹öÀü¹øÈ£" ¶ó´Â ÆÄÀϸí¸í±ÔÄ¢À»
                  »ç¿ëÇϴµ¥, *.* (´õºí¿ÍÀϵåÄ«µå) °¡ ÀǹÌÇϴ°ÍÀº "¸ðµçÆÄÀÏ.¸ðµçÈ®ÀåÀÚ" ÀÔ´Ï´Ù.

...                : ¸ðµçµð·ºÅ丮

http$map.conf        : ÀÌ ÆÄÀÏÀº À¥¼­¹öÀÇ ¼³Á¤ÆÄÀÏ·Î À¥»óÀ¸·Î Á¢±Ù°¡´ÉÇÑ ÀÚ¿ø°ú Á¢±ÙÀÌ ºÒ°¡´É
                  ÇÑ ÀÚ¿øÀ» ºÐ·ùÇÏ¿© Å°¿öµå·Î ¼³Á¤ÇÒ¼ö ÀÖ½À´Ï´Ù. °£´ÜÈ÷ ¾Æ·¡ ¿¹Á¦¸¦ »ìÆì
                  º¸¸é pass Å°¿öµå°¡ ºÙÀº°ÍÀº Åë°úÀÇ Àǹ̷ΠÀ¥»ó¿¡¼­ ¿äûÀÌ Çã¿ëµÇ¸ç
                  fail ÀÌ ºÙÀº°ÍÀº ½ÇÆÐÀÇ Àǹ̷Π¿äûÀÌ °ÅºÎµË´Ï´Ù.

¿¹) http$map.conf
  --bof-
        pass /ht_root/wwwroot*
        fail /ht_root/*
  --eof--

*.°ø°Ý ÆĶó¸ÞŸÀÇ ÀÌÇØ(wov)

wov-1: http://webserver/tree/

        ±âº»ÀûÀ¸·Î À¥¼­¹ö»óÀÇ Àüü µð·ºÅ丮´Â ³»ÀåµÈ tree ½ºÅ©¸³Æ®
        ¸¦ ÅëÇؼ­ ¿­¶÷ÀÌ °¡´ÉÇÕ´Ï´Ù. ÀÌ ½ºÅ©¸³Æ®¿¡ ´ëÇÑ Á¢±ÙÀº À§
        ÆĶó¸ÞŸó·³ /tree/ µð·ºÅ丮·Î Á¢±ÙÇÏ¸é °¡´ÉÇÕ´Ï´Ù.

        Âü°í : http://wasd.vsm.com.au/ht_root/doc/env/env_0400.html#43
        
wov-2: http://webserver/dirname/*.*

        Æ¯Á¤ÇÑ µð·ºÅ丮 Æ®¸®ÀÇ ¸ñ·ÏÀ» ³ëÃâ½ÃÅ°·Á¸é /*.* ¸¦ ÀÌ¿ëÇغ¸¼¼¿ä

        http://webserver/member/*.*
        À¥¼­¹ö»óÀÇ member ¶ó´Â µð·ºÅ丮ÀÇ ¸ñ·ÏÀ» È®ÀÎ ÇÒ ¼ö ÀÖ½À´Ï´Ù.

        Âü°í : http://wasd.vsm.com.au/ht_root/doc/env/env_0400.html

wov-3:        http://webserver/upd/dirname/
                
        tree ¿Ü¿¡ ¶Ç ´Ù¸¥ ³»ÀåÇü ½ºÅ©¸³Æ®·Î upd °¡ ÀÖ½À´Ï´Ù.
        upd ´Â µð·ºÅ丮        ¸ñ·ÏÀ» È®ÀÎÇϱâ À§ÇÑ ±×·¡ÇÈ ÀÎÅÍÆäÀ̽ºÀÔ´Ï´Ù.
        ¿­¶÷ÇÏ±æ ¿øÇÏ´Â µð·ºÅ丮°¡ /backup/ À̶ó°í °¡Á¤ÇÒ¶§
        ¾Æ·¡¿Í °°Àº ÆĶó¸ÞŸ¸¦ ±¸¼ºÇÒ¼ö ÀÖ½À´Ï´Ù.

        http://webserver/upd/backup/

        Âü°í : http://wasd.vsm.com.au/ht_root/doc/env/env_0700.html#97

wov-4:        http://webserver/ht_root/wwwroot/-/*.*
        
        http$map.conf ¼³Á¤ÀÌ ¾Æ·¡¿Í °°´Ù¸é ÀÌ wov-4 ¸¦ ÅëÇؼ­ ¿ìȸ°¡ °¡´ÉÇÕ´Ï´Ù.
                
        pass /ht_root/wwwroot*
        fail /ht_root/*
        fail /-/*        
                        
        ht_root/wwwroot/-/*.* ¶ó´Â°ÍÀº ½ÇÁ¦ ht_root/*.* ¸¦ ÀǹÌÇϹǷÎ
        À¥¼­¹öÀÇ »óÀ§µð·ºÅ丮¸¦ °¡¸®Åµ´Ï´Ù.
        À§ÀÇ Á¢±ÙÁ¦¾î ·ê¿¡´Â ù¹ø° Çã¿ë±ÔÄ¢¿¡ ÀÇ°ÅÇؼ­ Åë°úµÇ°í
        µÎ¹ø° ¼¼¹ø° ½ÇÆбÔÄ¢¿¡ ÀÇÇؼ­µµ ¹®Á¦°¡ µÇÁö ¾Ê½À´Ï´Ù.                

wov-5:        http://webserver/ht_root/-/local/httpd$map.conf

        À¥¼­¹öÀÇ ¼³Á¤ÆÄÀÏÀÎ http$map.conf Àº À¥¼­¹ö Ãë»óÀ§ µð·ºÅ丮ÇÏÀÇ
        /local/httpd$map.conf ¿¡ À§Ä¡ÇÕ´Ï´Ù. ÇÏÁö¸¸ ¾Æ·¡¿Í °°Àº ½ÇÆбÔÄ¢
        ÀÌ Àû¿ëµÇ¾î ÀÖ¾î ´ë°Ô ¿­¶÷ÀÌ ºÒ°¡´ÉÇÕ´Ï´Ù.

        fail /ht_root/local/*

        wov-4 ¿Í ¸¶Âù°¡Áö·Î - ´Â ¸Å¿ì À¯¿ëÇÏ°ÚÁÒ?
        wov-5 ´Â /ht_root/-/local/httpd$map.conf ¿Í °°ÀÌ ±¸¼ºÇÔÀ¸·Î½á ¿ìȸ°¡
        ½±°Ô ÀÌ·ç¾îÁú¼ö ÀÖ½À´Ï´Ù. °á±¹ ÀÌ°ÍÀº ½ÇÆбÔÄ¢¿¡ °É¸®Áö ¾ÊÀ¸¸ç °°Àº
        ¼³Á¤ÆÄÀÏÀÇ ÀǹÌÇϱ⠶§¹®ÀÔ´Ï´Ù.

        ·Î±×ÆÄÀÏ¿¡ ´ëÇؼ­µµ ¶È°°ÀÌ Àû¿ëµË´Ï´Ù.

        fail /ht_root/log/* ´Â /ht_root/src/-/log/ ¿Í °°ÀÌ src ¿Í °°Àº ÀÓÀÇ
        µð·ºÅ丮¸íÀ» ÅëÇؼ­ ÆĶó¸ÞŸ¸¦ ±¸¼ºÇÒ¼ö ÀÖ½À´Ï´Ù.


wov-6:        http://webserver/tree/ht_root/

        /ht_root ¿Í °°Àº µð·ºÅ丮´Â ºÐ¸í ¼û°ÜÁ®¾ßÇÏÁö¸¸ wov-1 ¿¡¼­ »ç¿ëÇغ»
        tree ½ºÅ©¸³Æ®´Â ÀÌ ¼û°ÜÁ®¾ßÇÒ µð·ºÅ丮¸¦ ³ëÃâ½Ãŵ´Ï´Ù.


wov-7:        http://webserver/.../*.com?search=$

        http://webserver/ht_root/script_local/ Àº ºÐ¸í Á¸ÀçÇÏÁö¸¸ Àß º¸È£µÇ
        ¾î À־ /script_local/*.* ³ª tree ½ºÅ©¸³Æ®¸¦ ÅëÇؼ­ ¿­¶÷ÀÌ µÇÁö ¾ÊÀ»
        ¼ö ÀÖ½À´Ï´Ù. ÀÌ·²¶§´Â Ž»ö±â´ÉÀ» ÀÌ¿ëÇÒ¼ö ÀÖ½À´Ï´Ù.

        wov-7 °¡ ÀǹÌÇϴ°ÍÀº ...(¸ðµçµð·ºÅ丮)¿¡¼­ .com È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏÀ»
        Å½»öÇØ´Þ¶ó´Â ¿äûÀÔ´Ï´Ù.

wov-8:        http://webserver/cgi-bin/glist/ht_root/?list=now

        wov-7 ±âº» Ž»ö±â´ÉÀÌ Á¦ÇѵǾî ÀÖÀ»¶© glist ¶ó´Â ´Ù¸¥ ½ºÅ©¸³Æ®¸¦ »ç¿ëÇϸé
        Å½»öÀÌ °¡´ÉÇÕ´Ï´Ù. ÀÌ°ÍÀº ÁÖ¾îÁø µð·ºÅ丮ÀÇ ¸ñ·Ï¸¸ Ç¥½ÃÇÕ´Ï´Ù.
        Áï ÇÏÀ§µð·ºÅ丮¿¡ ´ëÇؼ­´Â ¿­¶÷ÇØÁÖÁö ¾Ê´Â´Ù´Â ¶æÀÔ´Ï´Ù.

        ¿¹¸¦ µé¾î /ht_root/hack/ À̶ó´Â µð·ºÅ丮ÀÇ ¸ñ·ÏÀ» ¿­¶÷ÇÏ°í ½Í´Ù¸é..
        http://webserver/cgi-bin/glist/ht_root/hack/?list=now
                
wov-9:        http://webserver/ht_root/wwwroot/-/script_local/*.*
                
        cgi ½ºÅ©¸³Æ®µéÀº ´ë°Ô /cgi-bin ¿¡ À§Ä¡Çϴµ¥ ÀÌ °÷ÀÌ ¸·ÇôÀÖ´Ù¸é ´Ù¸¥ °÷¿¡
        ÀÖ´Â ½ºÅ©¸³Æ®¸¦ È®ÀÎÇغ¼¼ö ÀÖ½À´Ï´Ù. Áö±Ý±îÁö ¼³¸íÇÑ Å×Å©´ÐÀ» ÀÌ¿ëÇؼ­ ¸»ÀÌÁÒ.
        
wov-10: http://webserver/~username/xxx/-/cgi-bin/*.*

        http://webserver/~username/cgi-bin/*.*
        ÀÌ ±¸¹®Àº fail ¿¡ ÀÇÇØ ¸·ÇôÁ® ÀÖÀ» °Í ÀÔ´Ï´Ù.
        - ¸¦ óÀ½À¸·Î Á¸ÀçÇÏÁö ¾Ê´Â µð·ºÅ丮 xxx ¸¦ ¾Õ¿¡ »õ¿ì°í        
        - ¸¦ ÀÌ¿ëÇØ ¿ìȸ ÇÒ¼ö ÀÖ½À´Ï´Ù.
        ±×·¸Áö¸¸ ÀÌ°Í ¿ª½Ã ¸·Çô ÀÖ´Ù¸é ´Ù¸¥ ¿ìȸ ¹æ¹ýÀ» »ý°¢ÇØ º¼¼ö ÀÖ½À´Ï´Ù.

wov-11: http://webserver/~username/.../*.com?search=$

        wov-11 ¿¡¼­ ¸·ÇôÁø ±â´ÉÀº ¿ª½Ã ÀÌÀü¿¡ »ìÆ캻 ³»Àå Ž»ö±â´ÉÀ» ÀÌ¿ëÇÑ´Ù¸é
        ¶ÇÇÑ ¿ìȸ°¡ °¡´ÉÇÕ´Ï´Ù.
        
wov-13: http://webserver/ht_root/wwwroot/-/script_local/scriptname

        wov-13 ÀÇ scriptname ¿¡´Â ¿­¶÷ÇÏ°íÀÚ ¿øÇÏ´Â ½ºÅ©¸³Æ® ÆÄÀϸíÀ» »ç¿ëÇϸé
        À¥ºê¶ó¿ìÀú»ó¿¡¼­ ÇØ´ç ½ºÅ©¸³Æ®ÀÇ ¼Ò½ºÄڵ带 ¿­¶÷ÇÒ¼ö ÀÖ½À´Ï´Ù.
                
wov-14: http://webserver/ht_root/wwwroot/-/script_local/scriptname.com?highlight=$

        wov-13 ÀÌ °ÅºÎµÈ´Ù¸é ¿ª½Ã Ž»ö±â´ÉÀ» ÀÌ¿ëÇϸ鼭 ½ºÅ©¸³Æ®ÆÄÀϸíÀ» ¸í½ÃÇϸé
        ¼Ò½ºÄڵ带 ¿­¶÷ÇÒ¼ö ÀÖ½À´Ï´Ù.

wov-15: http://webserver/~username/x/--/*.*
        
        http://webserver/~username/-/*.* ¿Í °°ÀÌ È¨µð·ºÅ丮¸¦ ¿­¶÷ÇÏ·Á´Â ½Ãµµ´Â ¾Æ·¡¿Í
        °°Àº ±ÔÄ¢¿¡ ÀÇÇØ °¡·Î¸·È÷Áö¸¸ À§¿¡¼­ »ìÆìºÃµíÀÌ Á¸ÀçÇÏÁö ¾Ê´Â µð·ºÅ丮 x ¿Í
        µÎ´Ü°è »óÀ§µð·ºÅ丮·Î À̵¿À» ÀǹÌÇÏ´Â --(../../) ¸¦ ÀÌ¿ëÇÏ¸é ¿ìȸ°¡ °¡´É ÇÏ´Ù.

        pass /*/-/* ht_root/runtime/*/*

wov-16: http://webserver/cgi-bin/cgi-process

        cgi-process´Â Á÷Á¢ÀûÀÌÁø ¾ÊÁö¸¸ ÇØÄ¿µéÀÌ ½Ã½ºÅÛ¿¡ ħÀÔÇϴµ¥
        À¯¿ëÇÑ Á¤º¸¸¦ Á¦°øÇÏ¿© ÁÝ´Ï´Ù.
        ÀÌ°ÍÀº À¯´Ð½ºÀÇ setuid ó·³ ÀÛµ¿ÇϹǷΠ°ø°ÝÀÇ ½Ç¸¶¸®¸¦ Á¦°øÇÏ°Ô µË´Ï´Ù.

wov-17: http://webserver/plrte/PerlRTE_example1/%25x%25x%25x

        Æ÷¸Ë½ºÆ®¸µ ¹ö±×ÀÔ´Ï´Ù.
        ÀͽºÇ÷ÎÀÕ(Exploits)Çϴ°ÍÀº ºÒ°¡´ÉÇÏÁö¸¸ À¯¿ëÇÑ Á¤º¸¸¦ º¸¿©ÁÝ´Ï´Ù.

        %25x = /x

ÀÌ ¿Ü¿¡µµ where query extract µîÀÇ ½ºÅ©¸³Æ®µéÀÌ ºñ½ÁÇÑ ±â´ÉÀ» Çϵµ·Ï Á¸ÀçÇÕ´Ï´Ù.




6. °á ·Ð

ÀÌ º¸¾Èº¸°í¼­¿¡¼­ ¾ð±ÞµÈ ¹®Á¦µéÀº ÀûÀýÇÑ ¼³Á¤À» ÅëÇؼ­ ¹æ¾îÇÒ¼ö ÀÖ½À´Ï´Ù.
ÇÏÁö¸¸ cgi ½ºÅ©¸³Æ®ÀÇ ¾î¶² ±â´ÉÀÌ ¹®Á¦°¡ µÉÁö´Â ¹ÌÁö¼öÀ̱⠶§¹®¿¡ ¿ÏÀüÇÑ ÇØ°áÃ¥Àº ¾Æ´Õ´Ï´Ù.

¹æ¾î 1. À¥°ü·Ã ÆÄÀϵ鿡 ´ëÇÑ ·ÎÄà Á¢±ÙÁ¦¾î¸¦ ¸íÈ®È÷ ÇÑ´Ù.
¹æ¾î 2. ¶ÇÇÑ ÀϹÝÀûÀÎ ½ºÅ©¸³Æ® ±â´ÉÀÇ »ç¿ëÀ» ¸·±âÀ§Çؼ­ ¾Æ·¡¿Í °°ÀÌ ½ÇÆбÔÄ¢À» Ãß°¡ÇÒ¼ö ÇÑ´Ù.

exec /~*/cgi-bin/* /user_disk/*/cgi-bin/*
fail /tree/
fail /tree/*
fail /upd/*
fail /where/*
fail /query/*
fail /extract/*

¹æ¾î 3. cgi ½ºÅ©¸³Æ®¸¦ ÅëÇÑ ¸ðµç ·ÎÄûç¿ëÀÚ¿¡ ´ëÇÑ Á¢±ÙÀ» ¸·´Â´Ù.

¸¶Áö¸·À¸·Î µ¡ºÙÀÌÀÚ¸é VMS ´Â ´ë°Ô ´ÜÀÏ»çÀÌÆ® ¼­¹ö·Î Á¸ÀçÇÏÁö ¾ÊÀ»¼ö ÀÖ½À´Ï´Ù.
¿©·¯ »çÀÌÆ®°¡ ¿¬°áµÈ ÇüÅ·Π±¸¼º µÇ¾úÀ»¶§´Â »çÀÌÆ® »çÀÌ¿¡¼­ ¹ß»ýÇÏ´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÇÒ ¼ö
µµ ÀÖ½À´Ï´Ù.









  Hit : 10207     Date : 2006/02/18 02:25



    
1408   ³×À̹öÁö½ÄÀÎ [Æß]xp ¿ì¸®°¡¸ð¸£´Â°Íµé 3[2]     jbp1858
02/16 8908
1407   ³×À̹öÁö½ÄÀÎ [Æß]xp ¿ì¸®°¡¸ð¸£´Â°Íµé 4 [¸¶Áö¸·][9]     jbp1858
02/16 10832
1406   ¾Ë±â ¾î·Æ°Ô ¼³¸íÇÑ Buffer Overflow[4]     blackcoder
02/17 13502
  OpenVMS ¿î¿µÃ¼Á¦ÀÇ WASD À¥¼­¹ö ¿©·¯ Ãë¾à¼ºÀÇ ÀÌÇØ     x90c
02/18 10206
1404   ÀͽºÇ÷η¯ â ŸÀÌƲ¹Ù¿¡ ±Û¾¾ ³Ö±â~[4]     kgt2001sus
02/21 8991
1403   NT±â¹ÝÀ©µµ¿ì ·Î±×¿Â½Ã ºñ¹Ð¹øÈ£ ¹¯Áö ¾Ê±â![2]     kgt2001sus
02/21 8835
1402   OpenVMS Tutorial[4]     x90c
02/23 18747
1401   À©µµ¿ìÁî XP SP1 WFP (Windows File Protection) ²ô±â[1]     x90c
03/05 12334
1400   ¸®´ª½º ·Î±×Á¤¸® µµ±¸ - nabi2.c[7]     x90c
03/07 11783
1399   bof & fsb ¿¡ À¯¿ëÇÑ ÆÞ ½ºÅ©¸³Æ®[5]     awsedr45
03/11 12133
1398   c¾ð¾î¿ä..ÃâÀú´Â2004½ºÅ͵ðc/c++ÀÔ´Ï´Ù[7]     ¹é·æÃâÇØ
03/17 10421
1397   ¿Ø¸¸ÇÑ»ç¶÷µéÀº´Ù¾ËÁöµµ¸ð¸£°ÚÁö¸¸[6]     ¹é·æÃâÇØ
03/17 12747
1396   À¥ °Ô½ÃÆǵéÀÇ À¥½ÇÇàÆÄÀÏ ¾÷·Îµå Ãë¾àÁ¡(ÆÄÀϸí ÇÊÅ͸µ ¿ìȸ)[19]     dual5651
03/28 25598
1395   ÇÁ¶óÀ̹ö½Ã Á¤Ã¥ È°¿ëÇÑ¡¸µ¥ÀÌÅÍ ¼öÁý¡¹     nonamePIG
04/04 7856
1394   [ÄÄÇ»ÅÍ Â¯µÇ´Â 100°¡Áö ÆÁ] ³×À̹ö¿¡¼­ ÆÛ¿È!![2]     turtle0216
04/12 12331
1393   À¯¿ëÇÑ ÄÄÇ»ÅÍ ÆÁ4°¡Áö ³×À̹ö Áö½Ä...     turtle0216
04/12 9502
1392   [¿Õ¹æ]³×Æ®¿öÅ© ±âÃÊÀÌ·Ð(3-1)[3]     heart153
04/16 9007
1391   À¯´Ð½º ¸í·É¾î[1]     vvÈ«½ÃÁöÁ¸vv
04/19 10094
1390   cisco ios ¼ÒÇÁÆ®¿þ¾î cli [1] ÀÌ±Û ¿Ã·ÁµÎµÇ³ª...???     ij·²¸°
04/27 9656
1389   À¯´Ð½º Æнº¿öµå °æ·Î...     mkim2
05/18 7862
[1][2][3][4][5][6][7][8][9] 10 ..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org