| Ãë¾àÁ¡ID |
21524 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥ ¼¹ö¿¡´Â µð·ºÅ丮 ¸®½ºÆà Ãë¾àÁ¡¿¡ Ãë¾àÇÑ CGI ÆÄÀÏÀÌ Á¸ÀçÇÑ´Ù. ÇØ´ç CGI´Â CGIÀÇ Æ¯Á¤ Àμö¿¡¼ÀÇ »ç¿ëÀÚ Á¦°ø ÀԷ°ª¿¡ ´ëÇÑ ºÎÀûÀýÇÑ °ËÁõÀ¸·Î ÀÎÇÏ¿© ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ À¥ root ¿ÜºÎÀÇ µð·ºÅ丮µé¿¡ ´ëÇÑ ¸ñ·Ï(listing)µéÀ» º¼ ¼ö ÀÖ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù. ¿µÇâÀ» ¹Þ´Â Àμö¿¡ "dot dot" ½ÃÄö½º(/../, \..\, %2F..%2F, ȤÀº %2F%2E%2E%2F)µéÀ» Æ÷ÇÔÇÏ´Â Àß Á¶ÀÛµÈ URLÀ» º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â µð·ºÅ丮µéÀ» Ž»öÇÏ°í À¥ ¼¹ö »óÀÇ ÀÓÀÇÀÇ µð·ºÅ丮ÀÇ µð·ºÅ丮 ¸ñ·ÏÀ» ¾ò¾î³¾ ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
¸ðµç HTTP ¼¹ö ¸ðµç ¹öÀü
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
¿µÇâÀ» ¹Þ´Â CGIÀÇ Æ¯Á¤ Àμö·Î °Ç³×Áø »ç¿ëÀÚ Á¦°ø ÀԷ°ª¿¡ ´ëÇÑ ÀûÀýÇÑ °ËÁõÀ» ¼öÇàÇϵµ·Ï CGI ½ºÅ©¸³Æ®¸¦ ¼öÁ¤ÇÏ¿©¾ß ÇÑ´Ù. º¸´Ù ´õ ÀÚ¼¼ÇÑ ³»¿ë¿¡ ´ëÇؼ´Â ´ÙÀ½ CERT À¥ »çÀÌÆ®¸¦ ÂüÁ¶ÇÑ´Ù:
http://stuff.mit.edu/afs/athena/astaff/reference/cert/Tips/cgi_metacharacters |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
