|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
| ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
| ±Û¾´ÀÌ |
¸Þ½ÃÁö |
truefeel
Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
|
 ¿Ã·ÁÁü: 2005.11.02 ¼ö, 9:57 pm ÁÖÁ¦: php Ãë¾àÁ¡ (6°¡Áö) |
 |
|
php 4.4.1 ¾÷±×·¹À̵带 Çغôµ¥, ƯÁ¤ ºÎºÐÀÌ Á¦´ë·Î ½ÇÇà¾ÈµÇ´Â °É·Î º¸¿© ´Ù½Ã 4.4.0À¸·Î ´Ù¿î±×·¹À̵带 Çß½À´Ï´Ù.
¾î´À ºÎºÐÀÇ ¹®Á¦ÀÎÁö´Â php ½ºÆ®¸³Æ® ÆÄÀÏÀ» »ìÆìºÁ¾ßÇÒ µí.
Ȥ½Ã ¾÷ÇϽô ºÐÀº ²Ä²ÄÈ÷ Å×½ºÆ® Çغ¸¼¼¿ä.
phpinfoÀÇ XSS Ãë¾àÁ¡Àº ¾ÆÁÖ ¿¹ÀüºÎÅÍ ÀÖ¾ú´Âµ¥, Áö±Ýµµ ±×·± ¹®Á¦°¡ ÀÖ³ªº¸³×¿ä.
-------------------------------------------------------------------------
Ãâó : ¾È·¦ÄÚÄÚ³Ó(http://www.coconut.co.kr/) º¸¾È Ãë¾àÁ¡ ±Ç°í¹® ¸ÞÀÏ
¡Ø ¸ÞÀÏ·Î ¹ÞÀº °Ç pdf ÆÄÀÏÀÌ¾î¼ ´Ù¸£°÷¿¡¼ text¸¦ ã¾Æ ¿Ã·È½À´Ï´Ù.
| Àοë: |
¢ß¾È·¦ÄÚÄÚ³Ó
º¸¾ÈÃë¾àÁ¡ ±Ç°í¹®
2005.11.1
±Ç°í¹®¹øÈ£
CCN-VR-2005-019
Á¦¸ñ
PHPÀÇ ´Ù¾çÇÑ Ãë¾àÁ¡
ÃÖÃÊÀÛ¼ºÀÏ
2005.11.1
Ãâó
The PHP Group
OS
¸ðµç¿î¿µÃ¼Á¦
ÀÀ¿ëÇÁ·Î±×·¥(¹öÀü)
PHP 4.0.x
PHP 4.1.x
PHP 4.2.x
PHP 4.3.x
PHP 4.4.x
PHP 5.0.x
Ãë¾à¼º ºÐ·ù
±¸Çö ¿À·ù
ÀԷ°ª °ËÁõ ¿À·ù
Cross-Site Script
Buffer Overflow
¼ºñ½º°ÅºÎµî
¿ø°Ý°ø°Ý°¡´É¿©ºÎ
°¡´É
Exploit Á¸Àç¿©ºÎ
¾øÀ½
ÀÚµ¿ÈµÈ°ø°Ýµµ±¸Á¸Àç¿©ºÎ
¾øÀ½
º¸¾È¹®Á¦°³¿ä
PHPÀÇ ´Ù¾çÇÑ Ãë¾àÁ¡µéÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù.
°ø°ÝÀÚ´Â ¹ß°ßµÈ Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© º¸¾È¼³Á¤¿ìȸ, XSS (Cross-Site Scripting), ¼ºñ½º°ÅºÎ, Àΰ¡ ¹ÞÁö ¾ÊÀº ½Ã½ºÅÛÁ¢¼Ó°ú °°Àº °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ½À´Ï´Ù.
Ãë¾à¼º »ó¼¼¼³¸í
1) POST ¸Å°³º¯¼öó¸®ÇÔ¼ö¿À·ù¿¡ÀÇÇÑGLOBAL º¯¼öº¯°æÃë¾àÁ¡
"Multipart/form-data" POST ¹æ½ÄÀ¸·Î ÆÄÀϾ÷·Îµå ±â´É ±¸Çö½Ã, Ŭ¶óÀ̾ðÆ®·ÎºÎÅÍ Àü´ÞµÈ º¯¼ö°ªÀ» ó¸®ÇÏ´Â extract(), import_request_varibales() ÇÔ¼ö±¸Çö»óÀÇ ¿À·ù·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ GLOBAL ȯ°æº¯¼ö°ªÀ» º¯°æÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. PHP ȯ°æÀ» Á¤ÀÇÇÏ´Â php.ini ÆÄÀϳ»¿¡¼ ¸Å°³º¯¼ö 󸮼ø¼¸¦ ÁöÁ¤ÇÏ´Â variables_order Áö½ÃÀÚ°ªÀº ±âº»ÀûÀ¸·Î 'EGPCS'(Environment, GET, POST, Cookie, Server)·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸ç, ÀÌ·¯ÇÑ °æ¿ì ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý¿¡ Ãë¾àÇÒ ¼ö ÀÖ½À´Ï´Ù.
2) PHP parse_str() ÇÔ¼ö ¿À·ù¿¡ ÀÇÇÑ register_globals È°¼ºÈÃë¾àÁ¡
ÁÖ¾îÁø ¹®ÀÚ¿À» URLÀ» ÅëÇÑ ÁúÀǹ®ÀÚ¿(Query String)ó·³ ó¸®ÇÏ´Â parse_str() ÇÔ¼öÀÇ ¿À·ù·Î php.ini ÆÄÀϳ»¿¡¼ ȯ°æº¯¼ö/¸Å°³º¯¼öµéÀ» Àü¿ªº¯¼ö·Î µî·ÏÇÒÁö ¼³Á¤ÇÏ´Âregister_globals Áö½ÃÀÚ¸¦ 'on'À¸·Î È°¼ºÈÇÒ ¼ö ÀÖ½À´Ï´Ù. (PHP 4.2.0 ºÎÅÍ´Â php.ini ÆÄÀϳ» register_global Áö½ÃÀÚÀÇ ±âº»°ªÀº off ÀÓ)
3) phpinfo()ÇÔ¼öÀÇCross-Site Scripting Ãë¾àÁ¡
PHPÀÇ ´Ù¾çÇÑ Á¤º¸¸¦ Ãâ·ÂÇØÁÖ´Â phpinfo() ÇÔ¼ö¿¡ ÀԷ°ª°ËÁõ¿À·ù¿¡ ÀÇÇÑ Cross-Site Scripting Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.
°ø°ÝÀÚ°¡ Ãë¾àÇÑ phpinfo() ÇÔ¼ö¸¦ ÀÌ¿ëÇÏ¿© À¥»çÀÌÆ®¸¦ ±¸ÃàÇÑ°æ¿ì, ÇØ´ç À¥»çÀÌÆ®¿¡ ¹æ¹®ÇÑ »ç¿ëÀÚÀÇ À¥ºê¶ó¿ìÀú¿¡¼ ¾ÇÀÇÀûÀÎ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ´Â Cross-Site Scripting °ø°ÝÀÌ °¡´ÉÇÕ´Ï´Ù.
4) PCRE ¶óÀ̺귯¸®Buffer Overflow Ãë¾àÁ¡
Perl ¾ð¾î¿ÍÀÇÁ¤±ÔÇ¥Çö½Ä(regular expression) ȣȯ¼ºÀ»Á¦°øÇÏ´ÂPCRE (Perl Compatible Regular Expression) ¶óÀ̺귯¸®¿¡Buffer Overflow Ãë¾àÁ¡ÀÌÁ¸ÀçÇÕ´Ï´Ù. °ø°ÝÀÚ´ÂÇØ´çÃë¾àÁ¡À»¾Ç¿ëÇÏ¿©Á¶ÀÛµÈÁ¤±ÔÇ¥Çö½ÄÀ»Ã³¸®Åä·ÏÇϹǷμ´ë»ó½Ã½ºÅÛ¿¡¼ÀÓÀÇÀǸí·É¾î¸¦½ÇÇàÇÒ¼öÀÖ½À´Ï´Ù.
5) ext/curl, ext/gd È®Àå¸ðµâ¿À·ù¿¡ÀÇÇѺ¸¾È¼³Á¤¿ìȸÃë¾àÁ¡
PHP È®Àå¸ðµâ Áß À̱âÁ¾°£ÀÇ Åë½ÅÀ» Áö¿øÇÏ´Â curl(Client URL Library) ¸ðµâ°ú ´Ù¾çÇÑ À̹ÌÁö󸮸¦ Áö¿øÇÏ´Â gd(Graphic Design) ¸ðµâÀÇ ±¸Çö»óÀÇ ¿À·ù·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Çã°¡µÇÁö ¾ÊÀº ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.
°ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© php.ini ÆÄÀÏ ¼³Á¤ Áß php ½ºÅ©¸³Æ® ¼ÒÀ¯±Ç°ú ÇØ´ç php ½ºÅ©¸³Æ®°¡ ÂüÁ¶ÇÏ´Â ÆÄÀÏÀÇ ¼ÒÀ¯±ÇÀ» ºñ±³ÇÏ´Â safe_mode Áö½ÃÀÚ¼³Á¤°ú php ½ºÅ©¸³Æ®°¡ ÂüÁ¶ÇÒ ¼ö ÀÖ´Â ÆÄÀÏÀÇ µð·ºÅ丮 À§Ä¡¸¦ Á¦ÇÑÇÏ´Â open_basedir µîÀÇ Áö½ÃÀÚ ¼³Á¤ °ª°ú °ü°è¾øÀÌ ÀÓÀÇÀÇ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ½À´Ï´Ù.
6) Virtual() ÇÔ¼ö¿À·ù¿¡ ÀÇÇÑ º¸¾È¼³Á¤ ¿ìȸ Ãë¾àÁ¡
Apache2 ¿¡¼ ½ÇÇà°¡´ÉÇÑ ½ºÅ©¸³Æ®¸¦ include ÇÏ´Â virtual() ÇÔ¼öÀÇ ±¸Çö»óÀÇ ¿À·ù·ÎÀÎÇØ safe_mode, open_basedir µî°ú °°Àº º¸¾È¼³Á¤À» ¿ìȸÇÏ¿© ÀÓÀÇÀÇ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.
º¸¾È¹®Á¦ÇØ°á¹æ¾È
1) º¥´õ¿¡¼Á¦°øÇÏ´ÂÆÐÄ¡Àû¿ë
http://www.php.net/downloads.php
ÂüÁ¶»çÀÌÆ®
1) PHP 4.4.1. Release Announcement
http://www.php.net/release_4_4_1.php
2) PHP Security Update Fixes Multiple Restriction Bypass Vulnerabilities
http://www.frsirt.com/english/advisories/2005/2254
|
* °ü·Ã ÀÚ·á
- PHP PHPInfo Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/7805/info |
|
| À§·Î |
|
 |
truefeel
Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
|
| ¿Ã·ÁÁü: 2005.11.03 ¸ñ, 1:31 pm ÁÖÁ¦: Re: php Ãë¾àÁ¡ (php 4.4.1¿¡¼ base64_decodingÇÔ¼öÀÇ È£È¯¼º) |
|
|
| truefeel ¾¸: | php 4.4.1 ¾÷±×·¹À̵带 Çغôµ¥, ƯÁ¤ ºÎºÐÀÌ Á¦´ë·Î ½ÇÇà¾ÈµÇ´Â °É·Î º¸¿© ´Ù½Ã 4.4.0À¸·Î ´Ù¿î±×·¹À̵带 Çß½À´Ï´Ù.
¾î´À ºÎºÐÀÇ ¹®Á¦ÀÎÁö´Â php ½ºÆ®¸³Æ® ÆÄÀÏÀ» »ìÆìºÁ¾ßÇÒ µí.
Ȥ½Ã ¾÷ÇϽô ºÐÀº ²Ä²ÄÈ÷ Å×½ºÆ® Çغ¸¼¼¿ä.
|
4.4.1¿¡¼ base64_decode() ÇÔ¼ö»ç¿ëÇÒ ¶§ °ø¹é(" ")¹®ÀÚ°¡ Æ÷ÇÔµÈ °æ¿ì ÀÌÀü ¹öÀü°ú ´Ù¸¥ °á°ú°¡ ³ª¿É´Ï´Ù.
php 4.4.0°ú 4.4.1ÀÇ ¼Ò½º¸¦ »ìÆ캸´Ï
- 4.4.1Àº °ø¹é¹®ÀÚ¸¦ ¹«½ÃÇÏ°í decodingÇÕ´Ï´Ù.
- 4.4.0ÀÌÀüÀº °ø¹éÀ» +·Î º¯È¯ÇÏ¿© decodingÇÕ´Ï´Ù.
base64 encodingÀº a-z, A-Z, 0-9, +, / µî 64°³ÀÇ ¹®ÀÚ¿Í padding ¹®ÀÚÀÎ = ¸¸ »ç¿ëÇÕ´Ï´Ù.
¿©±â¼ '+'ÀÇ ±âÈ£°¡ Æ÷½ºÆÃµÈ ÈÄ¿¡´Â ' 'À¸·Î ¹Ù²ð ¼ö ÀÖÀ¸´Ï ´ÙÀ½°ú °°Àº °æ¿ì¿¡´Â 4.4.1 »ç¿ë½Ã ÁÖÀÇÇؼ »ç¿ëÇϱ⠹ٶø´Ï´Ù.
1) base64_encode()·Î ÀÎÄÚµùµÈ °á°ú°¡ ÀúÀåµÈ ÄíÅ°¸¦ php¿¡¼ decodingÇÒ °æ¿ì
2) base64_encode()·Î ÀÎÄÚµùµÈ °ÍÀ» À¥¿¡¼ PostingÇÏ¿© decodingÇÒ °æ¿ì
(Æ÷½ºÆÃÇϸé + °¡ ' 'À¸·Î º¯°æµÇ¹Ç·Î)
3) ÀÓÀÇ·Î ¸¸µç ¹®ÀÚ¿¿¡ °ø¹éÀÌ Æ÷ÇÔµÈ ¹®ÀÚ¿À» decodingÇÒ °æ¿ì
À§ÀÇ °æ¿ì¿¡´Â 4.4.0ÀÌÀü ¹öÀü°ú decoding ȣȯ¼ºÀ» À§Çؼ
base64_decode() ÇÔ¼ö È£Ãâ Àü¿¡ °ø¹éÀ» + ·Î replace ÇÒ ÇÊ¿ä°¡ ÀÖ½À´Ï´Ù.
´ÙÀ½ ¼Ò½º¸¦ 4.4.1°ú ±× ÀÌÀü ¹öÀü¿¡¼ Å×½ºÆ®Çغ¸¸é È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
| ÄÚµå: |
$szOrig = "coffeenix Ä¿ÇǴнº .....";
$szEnc = base64_encode($szOrig);
$szDec = base64_decode($szEnc);
$szDecSpace = base64_decode("Y29mZmVlbml4IMS/x8e00L26IC 4uLi4u"); // Áß°£¿¡ °ø¹é¹®ÀÚÀÖÀ½
echo "Orig = $szOrig<br>Enc = $szEnc<br>Dec = $szDec<br>º¯ÇüµÈ ¹®ÀÚ¸¦ Dec = $szDecSpace<br>";
|
|
|
| À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
°Ë»ö
¸â¹ö¸®½ºÆ®
»ç¿ëÀÚ ±×·ì
»ç¿ëÀÚ µî·ÏÇϱâ
°³ÀÎ Á¤º¸
ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ
·Î±×ÀÎ
°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
BBS >>
¼³Ä¡, ¿î¿µ Q&A |
³×Æ®¿÷, º¸¾È Q&A |
ÀÏ¹Ý Q&A ||
Á¤º¸¸¶´ç |
AWS ||
ÀÚÀ¯°Ô½ÃÆÇ |
±¸Àα¸Á÷ ||
°øÁö»çÇ× |
ÀÇ°ßÁ¦½Ã
