¾È³çÇϼ¼¿ä. ³Ø½ºÆ®¶óÀÎ ±â¼úºÎÀÔ´Ï´Ù. 2008³â 10.30ÀÏÀÚ·Î À¥³ªÀÌÆ® »ùÇ÷ÑÀÌ ¾÷µ¥ÀÌÆ® µÇ¾ú½À´Ï´Ù.
À̹ø ¾÷µ¥ÀÌÆ®´Â ÃÖ±Ù ±ÞÁõÇÏ°í ÀÖ´Â ´ë·® ¾Ç¼ºÄÚµå »ðÀÔ°ø°Ý(Mass SQL Injection)¿¡ ÀÇÇØ WebKnight¸¦ ¼³Ä¡ÇÏ¿´À½¿¡µµ °ø°ÝÀÌ Çã¿ëµÇ´Â °æ¿ì°¡ ºó¹øÈ÷ ¹ß»ýÇÏ¿© ÃÖ¼ÒÇÑÀÇ ´ëÀÀÀ» ÇϱâÀ§ÇÑ ¾÷µ¥ÀÌÆ®ÀÔ´Ï´Ù. ½ÇÁ¦ WebKnight¸¦ ¼³Ä¡ÇÏ´Â °æ¿ì IIS ¹öÀü¿¡ µû¶ó ÇÊÅ͸µ¿¡ Á¦ÇÑÀÌ ¹ß»ýÇÕ´Ï´Ù. IIS 6 ÀÌ»ó ¹öÀü¿¡¼ Global Filter ·Î ¼³Ä¡Çϱâ À§Çؼ´Â 'Is Installed as global filter' ¿É¼ÇÀ» üũÇÏÁö ¸øÇÏ°Ô µÇ¾î POST ÇÊÅ͸µÀÌ ºÒ°¡ÇØÁý´Ï´Ù.. -IIS 5.0 °Ý¸®¸ðµå·Î ÀüȯÇØ¾ß °¡´ÉÇÔ.
½ÇÁ¦ °ø°ÝÀÌ ÁÖ·Î µé¾î¿À´Â Injection Æ÷ÀÎÆ®´Â Cookie, POST ÀÔ´Ï´Ù. Header, Cookie ¿¡ ´ëÇÑ SQL Injection ¿É¼ÇÀ» È°¼ºÈÇÏ¿© »ç¿ëÇÏ½Ã±æ ±ÇÀåÇÕ´Ï´Ù. POST ÇÊÅ͸µ¿¡ ´ëÇÑ ºÎºÐÀº ÇöÀç Á¦ÀÛ»ç AQTRONIX¿¡ ¹®ÀÇÁßÀÔ´Ï´Ù. ±×¸®°í WebKnight°¡ ½ÇÁ¦ ÇÊÅ͸µÀÌ µ¿ÀÛÇÏ¿© Â÷´ÜµÇ¾úÀ»¶§ ±âº» °æ°íÆäÀÌÁö¸¦ ¼öÁ¤ÇÏÁö ¾Ê°í º¸¿©ÁÖ´Ùº¸´Ï °ø°ÝÀÚ°¡ WebKnight ¼³Ä¡¿©ºÎ¸¦ ÆÇ´ÜÇÏ¿© À̸¦ ¿ìȸÇÏ´Â ±â¹ýµéµµ µîÀåÇÏ°í ÀÖ½À´Ï´Ù. »ùÇà ¿¡·¯ÆäÀÌÁö¸¦ Ãß°¡·Î ¾÷µ¥ÀÌÆ® ÇÏ¿´À¸´Ï Àû¿ë ÈÄ¿¡ ¸ð´ÏÅ͸µÀ» Çغ¸½Ã±â ¹Ù¶ø´Ï´Ù.
¾Æ¿ï·¯ À¥³ªÀÌÆ® 2.1 ¹öÀü°ú 2.2 ¹öÀüÀº ȣȯµÇÁö ¾ÊÀ¸´Ï ¸¹Àº ÁÖÀÇ ¹Ù¶ø´Ï´Ù. À¥³ªÀÌÆ® 2.2 ¹öÀüÀ» »õ·Î ¼³Ä¡ÇϽŠµÚ 2.2¹öÀü¿ë »ùÇ÷êÀ» »ç¿ëÇÏÁö ¾Ê°í ÀÌÀü¿¡ »ç¿ëÇϽôø ±¸ »ùÇ÷ê ÆÄÀÏÀ» Àû¿ëÇÏ½Ç °æ¿ì ¾Æ·¡¿Í °°Àº ¹®Á¦°¡ ¹ß»ýÇÕ´Ï´Ù.
"'C:\Program Files\AQTRONIX Webknight\WebKnight.dll' ÇÊÅ͸¦ ·ÎµåÇÏ·Á°í ½ÃµµÇßÁö¸¸ ¿©±â¿¡´Â SF_NOTIFY_READ_RAW_DATA ÇÊÅÍ ¾Ë¸²ÀÌ ÇÊ¿äÇѵ¥ ÀÌ ¾Ë¸²Àº ÀÛ¾÷ÀÚ ÇÁ·Î¼¼½º °Ý¸® ¸ðµå¿¡¼ Áö¿øµÇÁö ¾Ê½À´Ï´Ù"
ÀÌ°ÍÀº À¥³ªÀÌÆ® 2.2¿¡¼ ÀÌÀü ·êÆÄÀÏ°ú ȣȯµÇÁö ¾Ê¾Æ ¹ß»ýÇÏ´Â ¹®Á¦·Î WebKnight.xml ÆÄÀÏÀÌ ÇØ´ç Æú´õ¿¡ Á¸ÀçÇÏ´õ¶óµµ WebKnight ÇÊÅÍ°¡ Á¤»óÀûÀÎ ·êÆÄÀÏ·Î ÀνÄÇÏÁö ¸øÇÕ´Ï´Ù. »õ·Î¿î ¹öÀüÀ» Àû¿ëÇÒ °æ¿ì ÇØ´ç ¹öÀü¿¡ ¸Â´Â ·êÆÄÀÏÀ» Àû¿ëÇϼž߸¸ WebKnight°¡ Á¤»óÀûÀ¸·Î µ¿ÀÛÇÒ ¼ö ÀÖ½À´Ï´Ù.
|
|