| Ãë¾àÁ¡ID |
21726 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â ¹öÀü 4.65 ȤÀº ±× ÀÌÀüÀÇ PBLang BBSÀÇ ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ´Â °ÍÀ¸·Î ³ªÅ¸³´Ù. PBLangÀº PHP·Î Á¦ÀÛµÈ ¹«·á·Î »ç¿ë °¡´ÉÇÑ BBS(bulletin board system)ÀÌ´Ù. PBLang ¹öÀü 4.65¿Í ±× ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÀ½ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù:
1) pmpshow.php ½ºÅ©¸³Æ®¿¡ ÀÖ´Â HTML ÁÖÀÔ Ãë¾àÁ¡
2) search.php ½ºÅ©¸³Æ®¿¡ ÀÖ´Â Cross-Site Scripting Ãë¾àÁ¡
3) ucp.php ½ºÅ©¸³Æ®¿¡ ÀÖ´Â ¿ø°Ý PHP ½ºÅ©¸³Æ® ÁÖÀÔ Ãë¾àÁ¡
4) sendpm.php ½ºÅ©¸³Æ®¿¡ ÀÖ´Â µð·ºÅ丮 Ž»ö Ãë¾àÁ¡
5) delpm.php ½ºÅ©¸³Æ®¿¡ ÀÖ´Â ÀÓÀÇÀÇ °³ÀÎ ¸Þ½ÃÁö »èÁ¦ Ãë¾àÁ¡
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼¹ö »ó¿¡ ¼³Ä¡µÈ PBLang BBSÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù
* Âü°í »çÀÌÆ®:
http://secunia.com/advisories/14379/
http://www.securitytracker.com/alerts/2005/Feb/1013277.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0015.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0019.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Dr. Martinus, PBLang ¹öÀü 4.65¿Í ±× ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
SourceForge.net À¥ »çÀÌÆ®ÀÎ https://sourceforge.net/project/showfiles.php?group_id=62953 ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â PBLangÀÇ °¡Àå ÃֽŠ¹öÀü(4.66t ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2005-0526,CVE-2005-0630,CVE-2005-0631 (CVE) |
| °ü·Ã URL |
12631,12633,12666,12690,12694 (SecurityFocus) |
| °ü·Ã URL |
19451,19544,19552 (ISS) |
|
