์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ“  Secure

Secure coding

  • -
๋ฐ˜์‘ํ˜•

์›น ํ•ดํ‚น์„ ๋Œ€์‘ํ•˜๋Š” ๋ฐฉ๋ฒ•

1. ๋ฌผ๋ฆฌ์ ์ธ ์žฅ๋น„๋‚˜ ์†Œํ”„ํŠธ์›จ์–ด๋ฅผ ์ด์šฉํ•œ ๋Œ€์‘๋ฐฉ๋ฒ•

๋ฐฉํ™”๋ฒฝ // WAF(Web Application Firewall) L7 ๋ฐฉํ™”๋ฒฝ

IDS,IPS

 

2. ์‹œํ์–ด ์ฝ”๋”ฉ

2-1. Prepared Statement --> SQL Injection ๊ณต๊ฒฉ์„ ๋ฐฉ์–ดํ•˜๋Š” ๋Œ€ํ‘œ์ ์ธ ๊ธฐ๋ฒ•

2-2. ์ž…๋ ฅ๊ฐ’ ๊ฒ€์ฆ -->

2-3. ์ž…๋ ฅ ๊ธธ์ด ์ œํ•œ --> ๊ทผ๋ณธ์ ์ธ ๋ฐฉ๋ฒ•์€ ์•„๋‹ˆ์ง€๋งŒ, ๋งค์šฐ ํšจ๊ณผ์ ์ž„

 

์ž…๋ ฅ๊ฐ’ ๊ฒ€์ฆ ๋ฐฉ๋ฒ•

1. ์น˜ํ™˜ ' -> \'

  # Search Logic
  $search_type = $db_conn->real_escape_string($_POST["search_type"]);
  $keyword = $db_conn->real_escape_string($_POST["keyword"]);

' ๊ฐ€ ์‚ฌ์šฉ๋˜์ง€ ์•Š๋Š”๊ฒƒ์„ ํ™•์ธ

index.php

$search_type : real_escape_string(), ์ •๊ทœ ํ‘œํ˜„์‹ preg_match()

$keyword : real_escape_string()

$sort : ASC // DESC ์ž…๋ ฅ ์ œํ•œ

$sort_column : ์ •๊ทœ ํ‘œํ˜„์‹ preg_match()

# index.php
<?
  include_once("./common.php");
  
  $db_conn = mysql_conn();

  # Search Logic
  $search_type = $db_conn->real_escape_string($_POST["search_type"]);
  $keyword = $db_conn->real_escape_string($_POST["keyword"]);

  if(empty($search_type) && empty($keyword)) {
    $query = "select * from {$tb_name}";
  } else {
    if($search_type == "all") {
      $query = "select * from {$tb_name} where title like '%{$keyword}%' or writer like '%{$keyword}%' or content like '%{$keyword}%'";
    } else {
      $query = "select * from {$tb_name} where {$search_type} like '%{$keyword}%'";
    }
  }

  # Sort Logic
  $sort =strtoupper($_GET["sort"]); // ASC or DESC ๋งŒ ๋˜๋„๋ก
  $sort_column = $_GET["sort_column"];
  //strtoupper() ๋ชจ๋‘ ๋Œ€๋ฌธ์ž๋กœ ์น˜ํ™˜
  //strtolower() ๋ชจ๋‘ ์†Œ๋ฌธ์ž๋กœ ์น˜ํ™˜
  if ($sort == "ASC"){
    $sort = "ASC";
  }else{
    $sort = "DESC";
  }


  if(empty($sort_column)) {
    $query .= " order by idx desc";
  } else {
    $query .= " order by {$sort_column} {$sort}";
  }

  # ์‚ฌ์šฉํ•  ๋ฌธ์ž์—ด
  if((!preg_match("/^[0-9a-zA-Z-]*$/",$search_type)&& !empty($search_type)) || ((!preg_match("/^[0-9a-zA-Z-]*$/",$sort_column)&& !empty($sort_column)))){

    echo "<script>alert('์ž˜๋ชป๋œ ์ž…๋ ฅ์ž…๋‹ˆ๋‹ค'); history.back(-1); </script>";
    exit();

  }

  $result = $db_conn->query($query) or die("์—๋ŸฌํŽ˜์ด์ง€์ž…๋‹ˆ๋‹ค");
  
  $num = $result->num_rows;
?>

 

view.php

$password : ์น˜ํ™˜ real_escape_string()

# view.php
<?
	include_once("./common.php");

	$db_conn = mysql_conn();
	$idx = $_REQUEST["idx"];
	$password =$db_conn->real_escape_string($_POST["password"]);

	# if ๋ณ€์ˆ˜ idx๊ฐ€ numeric(์ˆซ์ž๊ฐ€) !(์•„๋‹ˆ๋ฉด)
	if(!is_numeric($idx)){
		echo "<script>alert('์ž˜๋ชป๋œ ์ž…๋ ฅ์ž…๋‹ˆ๋‹ค'); history.back(-1); </script>";
	}


	if(empty($password)) {
		$query = "select * from {$tb_name} where idx={$idx} and secret='n'";
	} else {
		$query = "select * from {$tb_name} where idx={$idx} and password='{$password}'";
	}
	$result = $db_conn->query($query) or die($db_conn->error);
	
	$num = $result->num_rows;
?>

 

( CASE WHEN ์กฐ๊ฑด๋ฌธ THEN ์ฐธ ELSE ๊ฑฐ์ง“ END )

( CASE WHEN 1=1 THEN 0x7469746c65 ELSE 0x696478 END )

(CASE WHEN (SELECT substr((SELECT database()),1,1))=0x62 THEN (SELECT 0x41 UNION SELECT 0x42) END)

(SELECT substr((SELECT database()),1,1))=0x62

> ์ฐธ์ผ ๊ฒฝ์šฐ : ์—๋ŸฌํŽ˜์ด์ง€ ๋ฐœ์ƒ

> ๊ฑฐ์ง“์ผ ๊ฒฝ์šฐ : ์ •์ƒํŽ˜์ด์ง€ ์ถœ๋ ฅ

0x7469746c65 > title

0x696478 > idx

 

 

๋ฐ˜์‘ํ˜•

'๐Ÿ“  Secure' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

XSS ๊ณต๊ฒฉ ํ”„๋กœ์„ธ์Šค  (0) 2022.07.13
XSS - Cross Site Script  (0) 2022.07.12
SQL Injection ์‹ค์Šต  (0) 2022.07.08
CODE Injection  (0) 2022.07.07
SQL Injection ์ธ์ฆ ์šฐํšŒ  (0) 2022.07.07
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.