|
http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=1830 [º¹»ç]
Brute Force Attracts
·Î±×Àο¡ ÇÊ¿äÇÑ ID ¹× Passward¸¦ ÃßÃøÇÏ´Â ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¿© ÀÚµ¿ÀûÀ¸·Î ´ëÀÔÇÏ¿© ·Î±×ÀÎÀÌ µÇµµ·Ï ½ÇÇàÇÏ¿© ±ÇÇÑÀ» ʼnµæÇÔ (ÇöÀç °ÅÀÇ ÅëÇÏÁö ¾Ê´Â °ø°Ý - Æнº¿öµå 3ȸ ¿¬¼Ó ½ÇÆнà 5ºÐ°£ Á¢¼Ó ºÒ°¡¶ó°í Á¤ÀÇÇصθé?)
User CGI Upload
°Ô½ÃÆÇ¿¡¼ ÆÄÀÏÀ» ÷ºÎÇÏ´Â ±â´ÉÀ» ÀÌ¿ëÇÏ¿© PHP, JSP, ASP, CGIµîÀÇ ÆÄÀÏÀ» ¾÷·ÎµåÇÏ¿© ÷ºÎµÈ ÆÄÀÏÀ» Ŭ¸¯½Ã ½ÇÇàµÇµµ·Ï ÇÏ¿© À¥ ¼¹ö ¶Ç´Â À¥ ¾ÖÇø®ÄÉÀÌ¼Ç Á¤º¸¸¦ ȹµæÇÔ
Forceful Browsing
Çã°¡µÇÁö ¾ÊÀº ÆÄÀÏ (·Î±× ÆÄÀÏ, ¼Ò½º ÄÚµå ÆÄÀÏ µî)¿¡ Á¢±ÙÇϵµ·Ï ÇÏ¿© ¼¹ö ¶Ç´Â À¥ ¾ÖÇø®ÄÉÀÌ¼Ç Á¤º¸¸¦ ȹµæ
Directory/Path Traversal
QueryString ¶Ç´Â URL¿¡ µð·ºÅ丮 À̵¿À» Ç¥ÇöÇϴ ƯÁ¤ ¹®ÀÚµéÀ» ÀÔ·ÂÇÏ¿© À¥ ¼¹ö¿¡¼ Á¢±ÙÇÒ ¼ö ¾øµµ·Ï µÇ¾îÀÖ´Â µð·ºÅ丮¿¡ Á¢±ÙÇÏ¿© ¿øÇÏ´Â ÆÄÀÏÀ» ȹµæÇÔ
Http Response Splitting
Http ResponseÀÇ Header¿¡ µé¾î°¥ Ç׸ñÀ» Request Querystring¿¡ Æ÷ÇÔ½ÃÅ´À¸·Î½á Http ResponseÀÇ ½ÇÁ¦ Header Data°¡ Response Body¿¡ Àü½ÃµÇµµ·Ï ÇÏ¿© ¼¹öÀÇ Á¤º¸¸¦ ȹµæÇÔ |
Hit : 8454 Date : 2011/08/03 01:18
|
1603, 
77/81 
