{"id":1674,"date":"2023-04-07T15:46:18","date_gmt":"2023-04-07T15:46:18","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=1674"},"modified":"2024-05-31T23:46:17","modified_gmt":"2024-05-31T23:46:17","slug":"2023%eb%85%84%ea%b9%8c%ec%a7%80%ec%9d%98-%ec%95%8c%eb%a0%a4%ec%a7%84-%ec%82%ac%ec%9d%b4%eb%b2%84-%ea%b3%b5%ea%b2%a9-%ec%9c%a0%ed%98%95-%ec%83%81%ec%84%b8","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/ko\/%ec%82%ac%ec%9d%b4%eb%b2%84-%eb%b3%b4%ec%95%88\/2023%eb%85%84%ea%b9%8c%ec%a7%80%ec%9d%98-%ec%95%8c%eb%a0%a4%ec%a7%84-%ec%82%ac%ec%9d%b4%eb%b2%84-%ea%b3%b5%ea%b2%a9-%ec%9c%a0%ed%98%95-%ec%83%81%ec%84%b8\/","title":{"rendered":"2023\ub144\uae4c\uc9c0 \uc54c\ub824\uc9c4 \uc0ac\uc774\ubc84 \uacf5\uaca9\uc758 \uc138\ubd80 \uc720\ud615"},"content":{"rendered":"

\uc0ac\uc774\ubc84 \uacf5\uaca9\uacfc \uc704\ud5d8\uc73c\ub85c\ubd80\ud130 \uc131\uacf5\uc801\uc73c\ub85c \ubc29\uc5b4\ud558\ub824\uba74 \uadf8\ub4e4\uc758 \ud2b9\uc131\uacfc \ud589\ub3d9\uc744 \uc774\ud574\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. \uc0ac\uc774\ubc84 \uacf5\uaca9\uc758 \uc8fc\uc694 \uce74\ud14c\uace0\ub9ac\ub294 SQL \uc778\uc81d\uc158 \uacf5\uaca9, \uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305 \ubc0f \uc11c\ube44\uc2a4 \uac70\ubd80 (DoS)\uc785\ub2c8\ub2e4. \uc774 \uae30\uc0ac\uc5d0\uc11c\ub294 \uc774\ub7ec\ud55c \uc911\uc694\ud55c \uc0ac\uc774\ubc84 \ubcf4\uc548 \ubb38\uc81c\ub97c \ud0d0\uad6c\ud560 \uac83\uc785\ub2c8\ub2e4.<\/p>\n\n\n

SQL \uc778\uc81d\uc158 \uacf5\uaca9<\/strong><\/h2>\n\n\n

SQL\uc740 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc800\uc7a5\ub41c \ub370\uc774\ud130\uc640\uc758 \ud1b5\uc2e0\uc744 \uac00\ub2a5\ud558\uac8c \ud569\ub2c8\ub2e4. \ub370\uc774\ud130\uac00 \ub85c\uceec\uc5d0 \uc800\uc7a5\ub418\uc5c8\ub4e0 \uc6d0\uaca9 \uc6f9 \uc11c\ubc84\uc5d0 \ud638\uc2a4\ud305\ub418\uc5c8\ub4e0 \uc0c1\uad00\uc5c6\uc774 \uc774 \uc5b8\uc5b4\ub294 \uc2a4\ud06c\ub9bd\ud2b8\ub098 \uc791\uc740 \ud504\ub85c\uadf8\ub7a8\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc815\ubcf4\ub97c \ucd94\ucd9c\ud558\uace0 \uc218\uc815\ud560 \uc218 \uc788\uac8c \ud574\uc90d\ub2c8\ub2e4. \uc11c\ube44\uc2a4\ub098 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \uc704\ud55c \uc815\ubcf4\ub97c \uc800\uc7a5\ud558\ub294 \ub9ce\uc740 \uc11c\ubc84\ub4e4\uc774 SQL\uc5d0 \uc758\uc874\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

OPSWAT\uac00 \uc124\uba85\ud558\ub294 \uac83\ucc98\ub7fc SQL \uc778\uc81d\uc158 \uacf5\uaca9\uc740 \uc774\ub7ec\ud55c \uc11c\ubc84\ub97c \ub300\uc0c1\uc73c\ub85c \uc545\uc131 \ucf54\ub4dc\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc800\uc7a5\ub41c \ub370\uc774\ud130\ub97c \ucd94\ucd9c\ud569\ub2c8\ub2e4. \uc800\uc7a5\ub41c \ub370\uc774\ud130\uc5d0 \uc2e0\uc6a9 \uce74\ub4dc \ubc88\ud638, \uc0ac\uc6a9\uc790 \uc774\ub984, \ube44\ubc00\ubc88\ud638 \ub610\ub294 \uae30\ubc00 \uc815\ubcf4\uc640 \uac19\uc740 \uac1c\uc778 \uace0\uac1d \uc815\ubcf4\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc73c\uba74 \uc774 \uc0c1\ud669\uc740 \ud2b9\ud788 \uc6b0\ub824\uc2a4\ub7ec\uc6b8 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

\"SQL<\/figure>\n\n\n\n

\uc77c\ubd80 \uc77c\ubc18\uc801\uc778 SQL \uc778\uc81d\uc158 \uc608\uc2dc\ub294 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4:<\/p>\n\n\n\n

    \n
  1. \uc228\uaca8\uc9c4 \ub370\uc774\ud130\uc5d0 \uc561\uc138\uc2a4\ud558\ub824\uba74 \ucd94\uac00 \uacb0\uacfc\ub97c \uc0dd\uc131\ud558\uae30 \uc704\ud574 SQL \ucffc\ub9ac\ub97c \ubcc0\uacbd\ud574\uc57c \ud569\ub2c8\ub2e4.<\/li>\n\n\n\n
  2. \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc758\ub3c4\ub41c \uae30\ub2a5\uc5d0 \uac04\uc12d\ud558\uae30 \uc704\ud574 \ucffc\ub9ac\ub97c \uc218\uc815\ud558\uc5ec \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ub85c\uc9c1\uc744 \ubc29\ud574\ud569\ub2c8\ub2e4.<\/li>\n\n\n\n
  3. UNION \uacf5\uaca9\uc740 \ub2e4\uc591\ud55c \ub370\uc774\ud130\ubca0\uc774\uc2a4 \ud14c\uc774\ube14\uc5d0\uc11c \ub370\uc774\ud130 \uac80\uc0c9\uc744 \uac00\ub2a5\ud558\uac8c \ud569\ub2c8\ub2e4.<\/li>\n\n\n\n
  4. \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \uc870\uc0ac\ud558\uc5ec \ud574\ub2f9 \ubc84\uc804\uacfc \uc870\uc9c1\uc5d0 \ub300\ud55c \uc138\ubd80 \uc815\ubcf4\ub97c \uc218\uc9d1\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n\n\n\n
  5. \ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158, \uc81c\uc5b4\ub41c \ucffc\ub9ac \uacb0\uacfc\uac00 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc751\ub2f5\uc5d0 \ud45c\uc2dc\ub418\uc9c0 \uc54a\ub294 \uacbd\uc6b0.<\/li>\n<\/ol>\n\n\n

    \uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305 (XSS)<\/strong><\/h2>\n\n\n

    \uc774 \uc720\ud615\uc758 \uc0ac\uc774\ubc84 \uacf5\uaca9\uc5d0\uc11c\ub294 \uc11c\ubc84\uac00 \uc544\ub2c8\ub77c \uc0ac\uc6a9\uc790\uac00 \ud45c\uc801\uc774 \ub429\ub2c8\ub2e4. \uacf5\uaca9\uc740 \uc0ac\uc6a9\uc790\uac00 \uc811\uadfc\ud560 \ub54c \uc0ac\uc6a9\uc790\uc758 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c \uc2e4\ud589\ub418\uba70 \uc11c\ubc84 \uc790\uccb4\uc5d0\uc11c \uc2e4\ud589\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uad50\ucc28 \uc0ac\uc774\ud2b8 \uacf5\uaca9\uc744 \uc704\ud55c \ubc29\ubc95 \uc911 \ud558\ub098\ub294 \uc790\ub3d9\uc73c\ub85c \uc2e4\ud589\ub418\ub294 \ub313\uae00\uc774\ub098 \uc2a4\ud06c\ub9bd\ud2b8\uc5d0 \uc545\uc131 \ucf54\ub4dc\ub97c \uc0bd\uc785\ud558\ub294 \uac83\uc785\ub2c8\ub2e4. \uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305 \uacf5\uaca9\uc740 \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc758 \ud754\uc801\uc774\ub098 \uc9d5\ud6c4\ub97c \ub0a8\uae30\uc9c0 \uc54a\uace0 \uc0ac\uc6a9\uc790 \uc815\ubcf4\ub97c \uce68\ud574\ud558\uc5ec \uc6f9\uc0ac\uc774\ud2b8\uc758 \ud3c9\ud310\uc744 \uc2ec\uac01\ud558\uac8c \ud6fc\uc190\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

    \"\uad50\ucc28<\/figure>\n\n\n\n

    \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305(XSS)\uc740 \uc545\uc758\uc801\uc778 \uac1c\uc778\uc774 \uc6f9\uc0ac\uc774\ud2b8\uc5d0 \ud574\ub85c\uc6b4 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0bd\uc785\ud558\uc5ec \ucc98\ub9ac \ubc0f \uc2e4\ud589\ub418\ub3c4\ub85d \ud558\ub294 \uc0ac\uc774\ubc84 \uacf5\uaca9\uc758 \uc77c\uc885\uc785\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc740 \uc77c\ubc18\uc801\uc73c\ub85c \uc6f9\uc0ac\uc774\ud2b8\uac00 \uc0ac\uc6a9\uc790 \uc785\ub825 \ub370\uc774\ud130\ub97c \uc2e0\ub8b0\ud558\ub294 \uac83\uc5d0 \uc758\uc874\ud558\uba70, \uc545\uc131 \ud398\uc774\ub85c\ub4dc\uac00 \ud3ec\ud568\ub41c URL\uc744 \ud0c0\uac9f \uc0ac\uc6a9\uc790\uc5d0\uac8c \ubcf4\ub0b4\ub294 \uac83\uacfc \uad00\ub828\uc774 \uc788\uc2b5\ub2c8\ub2e4. XSS \uacf5\uaca9\uc758 \uc8fc\uc694 \ubaa9\ud45c\ub294 \uac1c\uc778 \ub370\uc774\ud130, \uc138\uc158 \ucfe0\ud0a4\ub97c \ud6d4\uce58\uace0 \uc0ac\ud68c \uacf5\ud559 \uae30\uc220\uc744 \uc0ac\uc6a9\ud558\ub294 \uac83 \ub4f1\uc744 \ud3ec\ud568\ud569\ub2c8\ub2e4. XSS \uacf5\uaca9\uc5d0\ub294 \uc138 \uac00\uc9c0 \uc8fc\uc694 \uc720\ud615\uc774 \uc788\uc73c\uba70, \uc774\uc81c \uac01 \uc720\ud615\uacfc \uc774\ub97c \ubc29\uc5b4\ud558\uae30 \uc704\ud55c \ud544\uc694\ud55c \ub2e8\uacc4\uc5d0 \ub300\ud574 \ub17c\uc758\ud558\uaca0\uc2b5\ub2c8\ub2e4:<\/p>\n\n\n\n