Home | Data Center | Contact US | Login

Á¦¸ñ WebKnight 2.2¹öÀü¿ë Â÷´Ü »ùÇ÷ê
÷ºÎÆÄÀÏ WebKnight_2_2_081030.zip ÀÛ¼ºÀÏ 2008-11-03 09:54:38

¾È³çÇϼ¼¿ä.
³Ø½ºÆ®¶óÀÎ ±â¼úºÎÀÔ´Ï´Ù.
 
2008³â 10.30ÀÏÀÚ·Î À¥³ªÀÌÆ® »ùÇ÷ÑÀÌ ¾÷µ¥ÀÌÆ® µÇ¾ú½À´Ï´Ù.

À̹ø ¾÷µ¥ÀÌÆ®´Â ÃÖ±Ù ±ÞÁõÇÏ°í ÀÖ´Â ´ë·® ¾Ç¼ºÄÚµå »ðÀÔ°ø°Ý(Mass SQL Injection)¿¡ ÀÇÇØ WebKnight¸¦ ¼³Ä¡ÇÏ¿´À½¿¡µµ °ø°ÝÀÌ Çã¿ëµÇ´Â °æ¿ì°¡ ºó¹øÈ÷ ¹ß»ýÇÏ¿© ÃÖ¼ÒÇÑÀÇ ´ëÀÀÀ» ÇϱâÀ§ÇÑ ¾÷µ¥ÀÌÆ®ÀÔ´Ï´Ù.
 
½ÇÁ¦ WebKnight¸¦ ¼³Ä¡ÇÏ´Â °æ¿ì IIS ¹öÀü¿¡ µû¶ó ÇÊÅ͸µ¿¡ Á¦ÇÑÀÌ ¹ß»ýÇÕ´Ï´Ù.
IIS 6 ÀÌ»ó ¹öÀü¿¡¼­ Global Filter ·Î ¼³Ä¡Çϱâ À§Çؼ­´Â 'Is Installed as global filter' ¿É¼ÇÀ» üũÇÏÁö ¸øÇÏ°Ô µÇ¾î POST ÇÊÅ͸µÀÌ ºÒ°¡ÇØÁý´Ï´Ù.. -IIS 5.0 °Ý¸®¸ðµå·Î ÀüȯÇØ¾ß °¡´ÉÇÔ.

½ÇÁ¦ °ø°ÝÀÌ ÁÖ·Î µé¾î¿À´Â Injection Æ÷ÀÎÆ®´Â Cookie, POST ÀÔ´Ï´Ù.
Header, Cookie ¿¡ ´ëÇÑ SQL Injection ¿É¼ÇÀ» È°¼ºÈ­ÇÏ¿© »ç¿ëÇÏ½Ã±æ ±ÇÀåÇÕ´Ï´Ù.
POST ÇÊÅ͸µ¿¡ ´ëÇÑ ºÎºÐÀº ÇöÀç Á¦ÀÛ»ç AQTRONIX¿¡ ¹®ÀÇÁßÀÔ´Ï´Ù.
 
±×¸®°í WebKnight°¡ ½ÇÁ¦ ÇÊÅ͸µÀÌ µ¿ÀÛÇÏ¿© Â÷´ÜµÇ¾úÀ»¶§ ±âº» °æ°íÆäÀÌÁö¸¦ ¼öÁ¤ÇÏÁö ¾Ê°í º¸¿©ÁÖ´Ùº¸´Ï °ø°ÝÀÚ°¡ WebKnight ¼³Ä¡¿©ºÎ¸¦ ÆÇ´ÜÇÏ¿© À̸¦ ¿ìȸÇÏ´Â ±â¹ýµéµµ µîÀåÇÏ°í ÀÖ½À´Ï´Ù.
»ùÇà ¿¡·¯ÆäÀÌÁö¸¦ Ãß°¡·Î ¾÷µ¥ÀÌÆ® ÇÏ¿´À¸´Ï Àû¿ë ÈÄ¿¡ ¸ð´ÏÅ͸µÀ» Çغ¸½Ã±â ¹Ù¶ø´Ï´Ù.

¾Æ¿ï·¯ À¥³ªÀÌÆ® 2.1 ¹öÀü°ú 2.2 ¹öÀüÀº ȣȯµÇÁö ¾ÊÀ¸´Ï ¸¹Àº ÁÖÀÇ ¹Ù¶ø´Ï´Ù.
À¥³ªÀÌÆ® 2.2 ¹öÀüÀ» »õ·Î ¼³Ä¡ÇϽŠµÚ 2.2¹öÀü¿ë »ùÇ÷êÀ» »ç¿ëÇÏÁö ¾Ê°í ÀÌÀü¿¡ »ç¿ëÇϽôø ±¸ »ùÇ÷ê ÆÄÀÏÀ» Àû¿ëÇÏ½Ç °æ¿ì ¾Æ·¡¿Í °°Àº ¹®Á¦°¡ ¹ß»ýÇÕ´Ï´Ù.

"'C:\Program Files\AQTRONIX Webknight\WebKnight.dll' ÇÊÅ͸¦ ·ÎµåÇÏ·Á°í ½ÃµµÇßÁö¸¸ ¿©±â¿¡´Â
SF_NOTIFY_READ_RAW_DATA ÇÊÅÍ ¾Ë¸²ÀÌ ÇÊ¿äÇѵ¥ ÀÌ ¾Ë¸²Àº  ÀÛ¾÷ÀÚ ÇÁ·Î¼¼½º °Ý¸® ¸ðµå¿¡¼­ Áö¿øµÇÁö ¾Ê½À´Ï´Ù"


ÀÌ°ÍÀº À¥³ªÀÌÆ® 2.2¿¡¼­ ÀÌÀü ·êÆÄÀÏ°ú ȣȯµÇÁö ¾Ê¾Æ ¹ß»ýÇÏ´Â ¹®Á¦·Î WebKnight.xml ÆÄÀÏÀÌ ÇØ´ç Æú´õ¿¡ Á¸ÀçÇÏ´õ¶óµµ WebKnight ÇÊÅÍ°¡ Á¤»óÀûÀÎ ·êÆÄÀÏ·Î ÀνÄÇÏÁö ¸øÇÕ´Ï´Ù.
»õ·Î¿î ¹öÀüÀ» Àû¿ëÇÒ °æ¿ì ÇØ´ç ¹öÀü¿¡ ¸Â´Â ·êÆÄÀÏÀ» Àû¿ëÇϼž߸¸ WebKnight°¡ Á¤»óÀûÀ¸·Î µ¿ÀÛÇÒ ¼ö ÀÖ½À´Ï´Ù.
 
  WebKnight 2.1¹öÀü¿ë Â÷´Ü »ùÇ÷ê
  Apache À¥¼­¹ö¿ë °ø°³ À¥¹æÈ­º® - ModSecurity 2.5.6





ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ
ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ