๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

๋ถ„๋ฅ˜ ์ „์ฒด๋ณด๊ธฐ50

06. SSI ์ธ์ ์…˜ ์ทจ์•ฝ์  ์†Œ๊ฐœ๋™์  ์ฝ˜ํ…์ธ ๊ฐ€ ํฌํ•จ๋œ html ํŽ˜์ด์ง€๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋ฐ ํŒŒ์ผ์„ ํฌํ•จ์‹œ์ผœ CGI ํ™˜๊ฒฝ๋ณ€์ˆ˜ ์„ค์ • ๋ฐ ์ถœ๋ ฅ, ์‹œ์Šคํ…œ ๋ช…๋ น์–ด ์‹คํ–‰ ๊ฐ€๋Šฅ ์ทจ์•ฝ์ ((.shtml)html ๋ฌธ์„œ ๋‚ด ์ž…๋ ฅ ๋ฐ›์€ ๊ฐ’์„ ์„œ๋ฒ„์ธก์—์„œ ์ฒ˜๋ฆฌํ•  ๋•Œ ์™ธ๋ถ€ ํŒŒ์ผ์€ ํฌํ•จ์‹œ์ผœ ๋ช…๋ น์–ด ์‹คํ–‰ํ•˜์—ฌ ๋™์ž‘๋˜๋Š” ์ทจ์•ฝ์ ) ํŒ๋‹จ ๊ธฐ์ค€์™ธ๋ถ€ ํŒŒ์ผ์„ Include ํ•  ์ˆ˜ ์žˆ๋Š” ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰๋˜์–ด ๋™์ž‘๋˜๋Š” ๊ฒฝ์šฐ ์ ๊ฒ€ ์‚ฌ๋ก€- ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ์‚ฝ์ž…ํ•˜์—ฌ ์ „์†ก ํ›„ ๋ฐ˜ํ™˜๋˜๋Š” ํŽ˜์ด์ง€์— ์‚ฌ์ดํŠธ์˜ ํ™ˆ ๋””๋ ‰ํ„ฐ๋ฆฌ๊ฐ€ ํ‘œ์‹œ๋˜๋Š”์ง€ ํ™•์ธ (php ํ™˜๊ฒฝ๋ณ€์ˆ˜: ํ˜„์žฌ ํŒŒ์ผ์ด ์‹คํ–‰์ค‘์ธ ๋””๋ ‰ํ„ฐ๋ฆฌ(์›น ์ ‘์† ๋ฃจํŠธ))- ํ™˜๊ฒฝ์— ๋งž์ถฐ ์š”์ฒญ ํ—ค๋”์— ๋ช…๋ น ์‹คํ–‰GET / HTP/1.0Refere: User-Agent:  ๋ณด์•ˆ ์„ค์ •- ์‚ฌ์šฉ์ž ์ž…๋ ฅ์œผ๋กœ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•œ ๋ฌธ์ž๋‚˜ ๋ฌธ์ž์—ด์„ ์ง€์ •(ํ™”์ดํŠธ ๋ฆฌ์ŠคํŠธ ๋ฐฉ์‹)- GET ์งˆ.. 2024. 5. 12.
04. ์šด์˜์ฒด์ œ ๋ช…๋ น ์‹คํ–‰ ์ทจ์•ฝ์  ์†Œ๊ฐœํŠน์ • ์›น์—์„œ ์‚ฌ์šฉ๋˜๋Š” ์„œ๋ฒ„ ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰๋˜๋Š” ์ทจ์•ฝ์  ํŒ๋‹จ ๊ธฐ์ค€์„œ๋ฒ„ ๋ช…๋ น์–ด ์ž…๋ ฅ ์‹œ ๋ช…๋ น์–ด๊ฐ€ ์‹คํ–‰๋˜๋Š” ๊ฒฝ์šฐ ์ ๊ฒ€ ์‚ฌ๋ก€- ์—๋Ÿฌ ํŽ˜์ด์ง€ ๋˜๋Š” HTTP ํ—ค๋”์— ๋…ธ์ถœ๋˜๋Š” ์„œ๋ฒ„ ๋ฒ„์ „ ์ •๋ณด๋ฅผ ์ˆ˜์ง‘ํ•˜์—ฌ ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ์šด์˜์ฒด์ œ ๋ช…๋ น ์‹คํ–‰ ์ทจ์•ฝ์ ์„ ์‹œ๋„ ๋ณด์•ˆ ์„ค์ •- ์›น ๋ฐฉํ™”๋ฒฝ์— ์‚ฌ์šฉ์ž ์ž…๋ ฅ ๊ฐ’ ํŠน์ˆ˜ ๋ฌธ์ž, ๋ฌธ์ž์—ด์„ Server Side ๋‹จ์—์„œ ํ•„ํ„ฐ๋ง ์ ์šฉ- ๋ฐ์ดํ„ฐ๊ฐ€ OS ํ•ด์„๊ธฐ์— ์ „๋‹ฌ๋˜๊ธฐ ์ „์— ์ž…๋ ฅ ๊ฐ’ ๊ฒ€์ฆ๋˜๋„๋ก ๋กœ์ง ๊ตฌํ˜„- ... 2024. 5. 12.
03. LDAP ์ธ์ ์…˜ ์ทจ์•ฝ์  ์†Œ๊ฐœLDAP ์ฟผ๋ฆฌ ์ž…๋ ฅ์œผ๋กœ ๋ณ€์กฐ๋œ ์ฟผ๋ฆฌ๊ฐ€ ์‹คํ–‰๋˜๋Š” ์ทจ์•ฝ์ * LDAP;Lightweight Diredtory Access Protocol : ์ธํ„ฐ์—ฃ ํ”„๋กœํ† ์ฝœ ์ค‘ ํ•˜๋‚˜(์ •๋ณด ์ €์žฅ ๋ฐ ๊ตํ™˜ ๋””๋ ‰ํ„ฐ๋ฆฌ ์„œ๋น„์Šค) : ์ด๋ฉ”์ผ ์ฃผ์†Œ, ์ „ํ™”๋ฒˆํ˜ธ, ..., ํŒ๋‹จ ๊ธฐ์ค€LDAP ์ฟผ๋ฆฌ๋ฌธ ์‹คํ–‰ ๋™์ž‘ ์—ฌ๋ถ€ ์ ๊ฒ€ ์‚ฌ๋ก€- ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ๋ณ€์กฐ๋œ LDAP ์ฟผ๋ฆฌ ์‚ฝ์ž… ํ›„ ์‹คํ–‰๋˜๋Š”์ง€ ํ™•์ธ ๋ณด์•ˆ ์„ค์ •- ์‚ฌ์šฉ์ž ์ž…๋ ฅ ๊ฐ’ (๊ฐ€๋Šฅํ•˜๋ฉด)ํ™”์ดํŠธ๋ฆฌ์ŠคํŠธ๋กœ ์ง€์ •ํ•˜์—ฌ ํ•„์š” ํŠน์ˆ˜ ๋ฌธ์ž, ๋ฌธ์ž๋งŒ ํ—ˆ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก Server Side ๋‹จ์— ์ ์šฉ- ํŠน์ˆ˜๋ฌธ์ž๋Š” ์‹คํ–‰ ๋ช…๋ น์ด ์•„๋‹Œ ์ผ๋ฐ˜ ๋ฌธ์ž๋กœ ์ธ์‹๋˜๋„๋ก ์ฒ˜๋ฆฌ- ์›น ๋ฐฉํ™”๋ฒฝ์— LDAP ๊ฐ„๋ จ ํŠน์ˆ˜๋ฌธ์ž ๋ฃฐ์…‹ ์ ์šฉ(  '()((&))'  ) 2024. 5. 12.
02. ํฌ๋งท์ŠคํŠธ๋ง ์ทจ์•ฝ์  ์†Œ๊ฐœํ”„๋กœ๊ทธ๋žจ์— ์ž…๋ ฅ๋œ ํฌ๋งท ์ŠคํŠธ๋ง์˜ ๋ฌธ์ž์—ด ๋ฐ์ดํ„ฐ๊ฐ€ ๋‹ค๋ฅธ ๋ช…๋ น์œผ๋กœ ํ•ด์„๋  ๋•Œ ๋ฐœ์ƒํ•˜๋Š” ์ทจ์•ฝ์  ํŒ๋‹จ ๊ธฐ์ค€ํฌ๋งท ์ŠคํŠธ๋ง ๋ฒ„๊ทธ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ค๋Š” ๋ฌธ์ž์—ด ์ž…๋ ฅ ์‹œ ๊ฒ€์ฆ ๋กœ์ง์ด ๋ฏธํกํ•˜์—ฌ ์˜ค๋ฅ˜๊ฐ€ ๋ฐœ์ƒํ•˜๋Š” ๊ฒฝ์šฐ(C์–ธ์–ด, ๋ฉ”๋ชจ๋ฆฌ ์ฃผ์†Œ ๋ณ€์กฐ, ์ผ๋ถ€ ๋ฉ”๋ชจ๋ฆฌ ์ฝ๊ธฐ-์“ฐ๊ธฐ, ๊ด€๋ฆฌ์ž ๊ถŒํ•œ ํš๋“, ...) ์ ๊ฒ€ ์‚ฌ๋ก€- ์›น ์‚ฌ์ดํŠธ์—์„œ ํŒŒ๋ผ๋ฏธํ„ฐ ๊ฐ’์— ํฌ๋งท์ŠคํŠธ๋ง ๋ฌธ์ž์—ด ์ž…๋ ฅ ํ›„ ๋ฐ˜์‘ ํ™•์ธ(%n%n%n...)(%s%s%s....)(%1!n%2!n%3!n...)(%1!s%2!s%3!s...) ๋ณด์•ˆ ์„ค์ •- ๋ฌธ์ž์—ด ํฌ๋งท ์ŠคํŠธ๋ง ๊ฒ€์ฆ ํ›„ ์†Œ์Šค์ฝ”๋“œ์— ์ ์šฉ(์ปดํŒŒ์ผ ๊ณผ์ •์—์„œ ๊ฒ€์ฆ ๋ฐ ๋Ÿฐํƒ€์ž„ ์ƒํ™ฉ์—์„œ Fuzz testing ์ด์šฉํ•ด ํฌ๋งท ์ŠคํŠธ๋ง ๋ฒ„๊ทธ ์กด์žฌํ•˜๋Š”์ง€ ๊ฒ€์ฆ)- ... 2024. 5. 12.
๋ฐ˜์‘ํ˜•