truefeel
Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
|
 ¿Ã·ÁÁü: 2004.2.07 Åä, 11:27 pm ÁÖÁ¦: À¥ ¾îÇø®ÄÉÀÌ¼Ç 92% ÀÌ»ó Ãë¾à |
 |
|
»çÀÌÆ®¸¦ µ¹¾Æ´Ù´Ï´Ùº¸¸é
- URL¿¡¼ ÁöÁ¤ÇÑ ÆÄÀÏÀ» includeÇÒ ¼öµµ ÀÖ´Â °÷ÀÌ Àִ°¡ Çϸé
- ID/PW ÀԷ¿¡¼ SQL InjectionÀ» ÅëÇØ È¨ÆäÀÌÁö ¿î¿µÀÚ ±ÇÇÑÀ» °®´Â °æ¿ìµµ Á¾Á¾ º¾´Ï´Ù.
- ½ÉÁö¾î´Â ¼Ò½º(php, PL/SQL µî)¸¦ º¼ ¼ö ÀÖ´Â °æ¿ìµµ ÀÖ±¸¿ä.
'À¥ ÇØÅ·¿¡ ´ëÇÑ ºÐ¼®°ú ´ëÀÀ¹æ¹ý (ÇÑ±Û 19p, ±Û KISA À±ÁØ)'À» Àо¸é XSS, SQL injection µîÀÇ À¥ÇØÅ·¿¡ ´ëÇØ ÀÌÇØÇÒ ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù.
http://www.kisa.or.kr/Critical_Information_Infrastructure/data/m_01_04_tech_data_20030705_YJ_web_hacking.pdf
---------------------------------------------------------------------------------------
Ãâó : ÇØÄ¿½º·¦, http://www.hackerslab.org/korg/view.fhz?menu=news&no=1837
| Àοë: |
[Anonymous´Ô èØ] º¸¾Èȸ»ç WebCohort¿¡ ÀÇÇϸé 250°³ÀÇ ÀüÀÚ-»ó°Å·¡, ¿Â¶óÀÎ ¹ðÅ·, ±â¾÷ µîÀÇ À¥»çÀÌÆ®¸¦ ´ë»óÀ¸·Î Á¶»çÇÑ °á°ú, ÃÖ¼ÒÇÑ 92%ÀÇ À¥ ¾îÇø®ÄÉÀ̼ÇÀÌ °ø°Ý¿¡ Ãë¾àÇßÀ¸¸ç, °¡Àå ³Î¸® »ç¿ëµÇ´Â Ãë¾àÁ¡Àº Å©·Î½º-»çÀÌÆ® ½ºÅ©¸³ÆÃ, SQL injection, parameter tampering ¼ø¼·Î ³ªÅ¸³µ´Ù´Â ±â»ç°¡ VNUNet¿¡ ½Ç·È±º¿ä. ÀÌ¹Ì ³Î¸® ¾Ë·ÁÁø Ãë¾àÁ¡µéÀÌÁö¸¸ ´ëºÎºÐÀÇ ±â¾÷Àº À¥»çÀÌÆ®¿Í ¾îÇø®ÄÉÀ̼Ç, ¼¹ö¿¡ ¾ÈÀüÁ¶Ä¡¸¦ ÇÏÁö ¾Ê¾Ò´Ù°í¿ä... °ø°Ý À¯Çü°ú Ãë¾àÁ¡ ºÐÆ÷µµ´Â ´ÙÀ½°ú °°½À´Ï´Ù:
Å©·Î½º-»çÀÌÆ® ½ºÅ©¸³ÆÃ(Cross-site scripting, XSS): 80%
SQL injection : 62%
Parameter tampering : 60%
Cookie poisoning : 37%
µ¥ÀÌÅͺ£À̽º ¼¹ö : 33%
À¥¼¹ö : 23%
¹öÆÛ ¿À¹öÇ÷οì 19%
http://www.vnunet.com/News/1152521 (Web applications wide open to hackers)
|
|
|
FAQ
°Ë»ö
¸â¹ö¸®½ºÆ®
»ç¿ëÀÚ ±×·ì
»ç¿ëÀÚ µî·ÏÇϱâ
°³ÀÎ Á¤º¸
ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ
·Î±×ÀÎ
°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
BBS >>
¼³Ä¡, ¿î¿µ Q&A |
³×Æ®¿÷, º¸¾È Q&A |
ÀÏ¹Ý Q&A ||
Á¤º¸¸¶´ç |
AWS ||
ÀÚÀ¯°Ô½ÃÆÇ |
±¸Àα¸Á÷ ||
°øÁö»çÇ× |
ÀÇ°ßÁ¦½Ã
