| Ãë¾àÁ¡ID |
21402 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Invision Power Board¿¡´Â 'POST' Action °ü·Ã SQL Injection Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
Invision Power Board ´Â Invision Power Services »ç¿¡¼ ¹èÆ÷ÇÏ´Â PHP ±â¹ÝÀÇ À¥ Æ÷·³(forum) ¼ÒÇÁÆ®¿þ¾î ÆÐÅ°ÁöÀÌ´Ù. ÀϺΠInvision Power Board ¹öÀüÀº SQL Injection °ø°Ý¿¡ ¿µÇâÀ» ¹ÞÀ» ¼ö ÀÖ´Ù. ÀÌ´Â ¾ÖÇø®ÄÉÀ̼ÇÀÌ SQL Äõ¸®¹®¿¡ »ç¿ëµÇ´Â »ç¿ëÀÚ ÀÔ·Â µ¥ÀÌÅ͸¦ ÀûÀýÈ÷ °Ë»çÇÏÁö ¸øÇÏ´Â µ¥ ±× ¿øÀÎÀÌ ÀÖ´Ù. ¿ø°ÝÁö °ø°ÝÀÚµéÀº ¾ÇÀÇÀûÀÎ SQL ¸í·ÉÀ» 'post.php' ½ºÅ©¸³Æ®¿¡ ³Ñ±â´Â ¹æ¹ýÀ¸·Î, ÈÄÀ§ µ¥ÀÌÅͺ£À̽º »óÀÇ µ¥ÀÌÅ͸¦ Ãß°¡, »èÁ¦, ¼öÁ¤ÇÏ´Â ÇàÀ§¸¦ Æ÷ÇÔÇؼ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/archive/1/381503
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Invision Power Board 2.0.0
Invision Power Board 2.0.1
Invision Power Board 2.0.2
¸ðµç ¿î¿µÃ¼Á¦ÀÇ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
´ÙÀ½ Invision Power ¼ºñ½º ¾÷µ¥ÀÌÆ®·ÎºÎÅÍ 2004³â 11¿ù 12ÀÏ 9:56¿¡ °Ô½ÃµÈ ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ ¾÷µ¥ÀÌÆ®¸¦ ±¸ÇÏ¿© Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://forums.invisionpower.com/index.php?showtopic=154916 |
| °ü·Ã URL |
CVE-2004-1531 (CVE) |
| °ü·Ã URL |
11703 (SecurityFocus) |
| °ü·Ã URL |
18164 (ISS) |
|
