| Ãë¾àÁ¡ID |
21209 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
Marcus S. Xenakis¿¡ ÀÇÇØ °³¹ßµÈ directory.php ½ºÅ©¸³Æ®´Â °ø°ÝÀڵ鿡°Ô ¿ø°Ý ¸í·É ½ÇÇàÀ» Çã¿ëÇÑ´Ù.
Directory.php ½ºÅ©¸³Æ®´Â 'ls' ¸í·É°ú °°Àº µð·ºÅ丮 ¸®½ºÆÃÀ» À§ÇÑ À¥ ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇÑ´Ù. ÀÌ ½ºÅ©¸³Æ®¿¡ Á¸ÀçÇÏ´Â ¹®Á¦Á¡Àº ¿ø°ÝÁöÀÇ »ç¿ëÀÚ°¡ ÀÓÀÇÀÇ šv ¸í·ÉµéÀ» ¼öÇàÇÒ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. ÀÌ°ÍÀº ½ºÅ©¸³Æ®ÀÇ ÀÔ·ÂÀ¸·Î ; ȤÀº | ¿Í °°Àº Meta ¹®ÀÚµéÀ» Æ÷ÇÔÇÔÀ¸·Î½á °¡´ÉÇÏ´Ù. ½© ¸í·ÉµéÀº ÀϹÝÀûÀÎ ½ºÅ©¸³Æ® ÇÁ·Î¼¼½ºÀÇ ±ÇÇÑ, Áï ºñƯ±Ç »ç¿ëÀÚÀÎ 'nobody' ±ÇÇÑÀ¸·Î ½ÇÇàµÈ´Ù.
ÀÌ ¹®Á¦Á¡À» Å×½ºÆ®Çϱâ À§Çؼ´Â À¥ ºê¶ó¿ìÁ ÀÌ¿ëÇÏ¿© ´ÙÀ½°ú °°Àº ¿äûÀ» ÁÖ¸é µÈ´Ù:
http://www.vulnerableserver.com/directory.php?dir=%3Bmore%20/etc/passwd
Àº Æнº¿öµå ÆÄÀÏÀ» º¸¿©ÁÙ °ÍÀÌ´Ù.
http://www.vulnerableserver.com/directory.php?dir=%3Bps+-aux
Àº °¡µ¿µÇ°í ÀÖ´Â ¸ðµç ÇÁ·Î¼¼½ºµéÀ» º¸¿©ÁÙ °ÍÀÌ´Ù.
* Âü°í »çÀÌÆ®:
http://online.securityfocus.com/bid/4278
http://www.iss.net/security_center/static/8440.php
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
2014³â 6¿ù ÇöÀç ÇØ°áÃ¥Àº ³ª¿Í ÀÖÁö ¾Ê´Ù. Fix°¡ Á¦°øµÉ ¶§±îÁö 'directory.php' ½ºÅ©¸³Æ®¸¦ »ç¿ëÁßÁö ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2002-0434 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
