½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
IT ÀÏÁ¤ New!
ÀÚµ¿È­ ÇÁ·ÎÁ§Æ®




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
8.31(¿ù) Ä¿ÇǴнº À̾߱â (º¸¾È, Mass SQL Injection µî)

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
¿Ã¸®±â¿Ã·ÁÁü: 2009.9.01 È­, 12:37 pm    ÁÖÁ¦: 8.31(¿ù) Ä¿ÇǴнº À̾߱â (º¸¾È, Mass SQL Injection µî) Àοë°ú ÇÔ²² ´äº¯
< º¸¾È >

1. »õ·Î¿î Mass SQL Injection¿¡ ´ëÇÑ Ãß°¡ Á¤º¸


    - IIS + MSSQL ¼­¹ö ¿î¿µÇϽô ºÐµé ÁÖÀÇ ÇÊ¿ä.
    - Áö³­ÁÖ 27(¸ñ) ¾ê±âÇß´ø, Mass SQL injection °ø°Ý Ãß°¡ »çÇ×.

    Mass SQL injection attacks still scaling up
    http://www.scmagazineus.com/Mass-SQL-injection-attacks-still-scaling-up/article/147490/

    - 21¸¸ ÆäÀÌÁö°¡ ´çÇß´Ù°í ³ª¿Í. ±×·±µ¥, Àú ±Û°ú´Â ´Ù¸£°Ô Áö±Ý "script src=http://a0v.org/x.js" ·Î °Ë»öÇÏ¸é ¾à 12¸¸°³°¡ ³ª¿Â´Ù.

    Àοë:
    The mass SQL injection attacks that gained attention earlier this week are continuing, with some 210,000 pages infected so far.

    In this latest wave, we have recorded the attack coming from more than 60 servers based in China, attacking sites around the world, rather than the global network typically seen in such attacks.


    ¡Ø Áö³­ÁÖ 27ÀÏ ¾ê±â¿Í ÇÔ²² º°µµ Á¤¸® ¿¹Á¤.

¡Ø SQL Injection °ü·Ã ±Û (ÃÖÁ¾ ¼öÁ¤ 2010.6)

- Flash 0-day Ãë¾àÁ¡°ú ´ë·® SQL Injection ÁÖÀÇ ( 2010.6.16 )
- MySQL¿¡¼­ º¸¾ÈÀ§ÇØ load_file() °æ·Î Á¦ÇÑÇϱâ ( 2010.5 )
- 12.22~23 Ä¿ÇǴнº À̾߱â (Intel»çÀÌÆ® SQL Injectionµî) ( 2009.12.24 )
- ´ë·® SQL Injection °ø°Ý ÁÖÀÇ ( 2009.12.11 )


2. apache.org »çÀÌÆ® ÇØÅ·´çÇØ



3. Guardian @ JUMPERZ.NET (¿ÀǼҽº L7 ¹æÈ­º®)
    http://guardian.jumperz.net/index.html?i=002

    - ÀÚ¹Ù±â¹Ý, regular expression ·ê¼Â »ç¿ë
    - reverse proxy ¹æ½Ä
    - HTTPS (SSL/TLS) Áö¿ø
    - ·ê¼Â »ùÇà (±âº» ·ê¼Â Á¦°ø)

Àοë:

<rule>
id=GID44
revision=1
name=SQLInjection(GROUP_BY)
type=paramValue
pattern=GROUP\W{1,}BY
condition=match
case_sensitive=no
log=yes
action=none
command=%req%
</rule>


4. ±¸±Û : intitle:"Index of /" site:naver.com

Àοë:

HTTP/1.0 504 Connection Timed Out
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Content-Length: 2816
Via: 1.0 SI3127-67 (Jaguar/3.0-62)


< ±âŸ >

- PC ±¸ÀÔÇÒ¸¸ »çÀÌÆ® : ÄÄÇ»Á¸, ¾ÆÀÌÄÚ´Ù, Á¶ÀÌÁ¨. Á¶ÀÌÁ¨Àº °æÇ°ÀÌ ±¦ÂúÀº Æí.
- kisarbl °ü·Ã

¡Ø Âü¿©ÀÚ : sCag, kaien, bugfree, ¹ü³ÃÀÌ, ¾çµéÀÇħ¹¬, ÁÁÀºÁøÈ£, Ƽ´Ï µî
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group