¹Ù·Î°¡±â

Áñ°Üã±â 

[ÄÄÇ»ÅÍ/ÀÎÅͳÝ]

ÀÚ¹Ù½ºÅ©¸³Æ® ³»¿ëÁ» ¼³¸í ÇØÁÖ¼¼¿ä

rank ±òºÀ 2019-01-18 (±Ý) 04:58 Á¶È¸ : 667
var module = {
  name: "Blind SQL Injection Arithmetic Evaluation Differential Checks",
  category: "Injection Modules",
  differential: true
};

function initialize(ctx) {

  var ps = ctx.getPathState();
  var numeric = isNumericParameter(ps);

  if (ps.isParametric()) {

    var uri = String(ps.getPath().getUri());
    var uripart = uri.replace(/\?.*/, "");
    var param = ps.getFuzzableParameter().name;
    var pathkey;

    if (ps.getPath().isPostTarget() == true) {
      pathkey = "vinfo-sql-inject:" + uripart + "?" + "post" + "?" + param;
    }
    else
    {
      pathkey = "vinfo-sql-inject:" + uripart + "?" + "get" + "?" + param;
    }

    var k= pathkey;


    if (ctx.alertExists(k)) {
      return;
    }

    if (numeric) {
      ctx.submitAlteredRequest(process, "-0", true, 0);
      ctx.submitAlteredRequest(process, "-0-0", true, 1);
      ctx.submitAlteredRequest(process, "-0-9", true, 2);
    } else {
      ctx.submitAlteredRequest(process, "9-8", 0);
      ctx.submitAlteredRequest(process, "8-7", 1);
      ctx.submitAlteredRequest(process, "9-1", 2);
    }
    submit(ctx, 3, "\\\'\\\"");
    submit(ctx, 4, "\'\"");
    submit(ctx, 5, "\\\\\'\\\\\"");

    if (numeric) {
      ctx.submitAlteredRequest(process, " - 0 - 0", true, 6);
      ctx.submitAlteredRequest(process, " 0 0 - -", true, 7);
    } else {
      ctx.submitAlteredRequest(process, "9 - 1", 6);
      ctx.submitAlteredRequest(process, "9 1 -", 7);
    }
  }
}

function submit(ctx, idx, val) {
  var req = ctx.getPathState().createAlteredRequest(val, true);
  var s1 = "vega" + val;
  var s2 = s1 + ",en";
  req.addHeader("User-Agent", s1);
  req.addHeader("Referer", s1);
  req.addHeader("Accept-Language", s2);
  ctx.submitRequest(req, process, idx);
}


function isNumericParameter(ps) {
  if (!ps.isParametric()) return false;
  var p = ps.getFuzzableParameter();
  if (!(p && p.value)) return false;
  var v = p.value;
  var numchars = "01234567890.+-";
  for (var i = 0; i < v.length; i++) {
    if (numchars.indexOf(v[i]) == -1) return false;
  }
  return true;

}

function process(req, res, ctx) {
  if (ctx.hasModuleFailed()) return;
  var ps = ctx.getPathState();

  if (res.fetchFail) {
    ctx.error(req, res, "During SQL injection checks");
    ctx.setModuleFailed();
    return;
  }

  ctx.addRequestResponse(req, res);
  if (ctx.incrementResponseCount() < 8) return;

  var uri = String(ps.getPath().getUri());
  var uripart = uri.replace(/\?.*/, "");
  var param = ps.getFuzzableParameter().name;
  var pathkey;

  if (ps.getPath().isPostTarget() == true) {
    pathkey = "vinfo-sql-inject:" + uripart + "?" + "post" + "?" + param;
  }
  else
  {
    pathkey = "vinfo-sql-inject:" + uripart + "?" + "get" + "?" + param;
  }

  if (ctx.isFingerprintMatch(0, 1) && !ctx.isFingerprintMatch(0, 2)) {

    ctx.alert("vinfo-sql-inject", ctx.getSavedRequest(0), ctx.getSavedResponse(0), {
      output: ctx.getSavedResponse(0).bodyAsString,
      key: pathkey,
      resource: uripart,
      detectiontype: "Blind Arithmetic Evaluation Differential"

    });

    ctx.responseChecks(0);
    ctx.responseChecks(2);
  }

  if (ctx.isFingerprintMatch(1, 6) && !ctx.isFingerprintMatch(6, 7)) {

    ctx.alert("vinfo-sql-inject", ctx.getSavedRequest(7), ctx.getSavedResponse(7), {
      output: ctx.getSavedResponse(7).bodyAsString,
      key: pathkey,
      resource: uripart,
      detectiontype: "Blind Arithmetic Evaluation Differential"
    });
    ctx.responseChecks(6);
    ctx.responseChecks(7);
  }

  if (!ctx.isFingerprintMatch(3, 4) && !ctx.isFingerprintMatch(3, 5)) {

    ctx.alert("vinfo-sql-inject", ctx.getSavedRequest(4), ctx.getSavedResponse(4), {
      output: ctx.getSavedResponse(4).bodyAsString,
      key: pathkey,
      resource: uripart,
      detectiontype: "Blind Arithmetic Evaluation Differential"
    });

    ctx.responseChecks(3);
    ctx.responseChecks(4);
  }
}

¿äûÀÚ°¡ ÀÚ½ÅÀÇ 500Æ÷ÀÎÆ®¸¦ °É¾ú½À´Ï´Ù. ´äº¯ÀÌ Ã¤ÅõǸé 250Æ÷ÀÎÆ®¸¦ µå¸³´Ï´Ù.
´ñ±Û 7°³ ´ñ±Û¾²±â
rankÀ¯¶ûõÇÏ 2019-01-18 (±Ý) 10:35
Ȥ½Ã ÇÁ·Î±×·¡¹Ö ¾ð¾î¿¡ ´ëÇØ ¹è¿ï ±âȸ°¡ ÀÖ¾ú´ÂÁö¿ä?
var = variable º¯¼ö°í¿ä.
function À̶ó°í ÀÖ´Â ºÎºÐÀÌ ½ÇÇà ÇÏ´Â ±â´É ´ÜÀ§µéÀÔ´Ï´Ù.
È£Ãâ¿¡ ÀÇÇؼ­ ÀÛµ¿ÇÏ°í if ¶ó´Â Á¶°ÇÀýÀ» ÃæÁ·Çϸé if ¾È¿¡ ÀÖ´Â ¸í·ÉµéÀ» ½ÇÇàÇÏÁÒ. ÀÌ·± ±âº» Áö½ÄÀÌ ÀÖÀ¸¸é ±×°Å¸¦ ¹ÙÅÁÀ¸·Î µû¶ó °¡´Â°Å¶ó ±Û·Î ¼³¸íÇϱⰡ ³ì·ÏÇÏÁö°¡ ¾Ê³×¿ä..
     
       
rank±òºÀ ±Û¾´ÀÌ 2019-01-18 (±Ý) 15:37
»ó´Ü Äڵ带 ÀÐÀ» Á¤µµÀÇ ½Ç·ÂÀÌ µÇÁö ¾Ê¾Æ¼­ µ¿ÀÛ¿ø¸®¸¦ ¾Ë°í½Í¾î¼­ Áú¹® µå·È½À´Ï´ç..
rankda1011 2019-01-18 (±Ý) 12:45
µé¾î¿À´Â ÀԷ°ªÀÌ ÇØÅ·À» À§ÇÑ Äڵ尡 ½É¾îÁ® ÀÖ´ÂÁö È®ÀÎÇÏ´Â ÄÚµåÀÔ´Ï´Ù
     
       
rank±òºÀ ±Û¾´ÀÌ 2019-01-18 (±Ý) 15:36
SQL Injection °ü·Ã °ø°Ý ÄÚµåÀÔ´Ï´Ù.
¾î¶»°Ô µ¹¾Æ°¡´ÂÁö µ¿ÀÛ¿ø¸®¸¦ ¾Ë°í ½Í¾î¼­¿ë..
          
            
rankda1011 2019-01-20 (ÀÏ) 19:25
https://github.com/subgraph/Vega/wiki/Basic-Module-Context-Object

Page Fingerprints
ÆäÀÌÁö Áö¹®

Vega¸¦ ºñ·ÔÇÑ ¸¹Àº À¥ ÀÀ¿ë ÇÁ·Î±×·¥ º¸¾È °Ë»ç´Â ÆäÀÌÁö À¯»ç¼ºÀ» ±â¹ÝÀ¸·Î Èï¹Ì·Î¿î µ¿ÀÛÀ» ½Äº°ÇÕ´Ï´Ù. Vega´Â ºÐ¼® µÈ °¢ ÆäÀÌÁö¿¡¼­ ÆäÀÌÁö Áö¹®À» ÃßÃâÇÕ´Ï´Ù. ÆäÀÌÁö À¯»ç¼ºÀ» ÆǺ°ÇÏ´Â °ÍÀº ¼­·Î ºñ±³µÇ´Â Áö¹®ÀÔ´Ï´Ù.

¿¹¸¦ µé¾î, SQL ÀÎÁ§¼ÇÀ» Å×½ºÆ®ÇÏ°í ¿¬»êÀ» »ç¿ëÇÏ¿© ¼öÇàÇÏ´Â °æ¿ì, ÇϳªÀÇ Å×½ºÆ®´Â ´ÙÀ½°ú °°ÀÌ ÀÛµ¿ÇÕ´Ï´Ù.

SQL ÀÎÁ§¼ÇÀÌ ¹ß»ýÇÏ¸é µ¥ÀÌÅͺ£À̽º¿¡¼­ ÂüÀÎ °ÍÀ¸·Î Æò°¡µÇ´Â SQLÀÇ »ê¼ú Ç¥Çö½Ä°ú ÇÔ²² µÎ °³ÀÇ ¿äû (1, 2)À» º¸³À´Ï´Ù.
SQL ÀÎÁ§¼ÇÀÌ ¹ß»ýÇϸé true·Î Æò°¡Çؼ­´Â ¾ÈµÇ´Â Ç¥Çö½ÄÀ» »ç¿ëÇÏ¿© ÇϳªÀÇ ¿äû (3)À» º¸³À´Ï´Ù.
ÆäÀÌÁö Áö¹® 1°ú 2°¡ µ¿ÀÏÇÏÁö¸¸ 1°ú 3ÀÌ ´Ù¸¥ °æ¿ì SQL ÁÖÀÔ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÒ ¼ö ÀÖ½À´Ï´Ù.
               
                 
rankda1011 2019-01-20 (ÀÏ) 19:32
function process(req, res, ctx) <--À̺κÐÀÌ °ËÁõ Äڵ尡 ÀÖ´Â ºÎºÐÀεí ÇÏ°í
ctx.addRequestResponse(req, res); <--context object ¿¡ req¿Í res¸¦ »ðÀÔÇÑ ÈÄ¿¡
if (ctx.isFingerprintMatch(0, 1) && !ctx.isFingerprintMatch(0, 2)) <--°ËÁõ Å×½ºÆ® Äڵ尡 µé¾î°¡¹Ç·Î
process¸¦ È£ÃâÇÏ´Â ºÎºÐÀ» º¸¼Å¾ß ÇÒ µí Çϳ׿ä
                    
                      
rank±òºÀ ±Û¾´ÀÌ 2019-01-22 (È­) 01:23
°¨»çÇÕ´Ï´Ù µµ¿òÀÌ ¸¹ÀÌ µÇ¾ú½À´Ï´Ù ^^

¹øÈ£ Á¦¸ñ ±Û¾´ÀÌ »óÅ Æ÷ÀÎÆ® ³¯Â¥ Á¶È¸
[°øÁö]  ¡Ø Áö½ÄiN °Ô½ÃÆÇ ÀÌ¿ë¾È³» rankeToLAND
0 03-28
[°øÁö]  ¡Ø Å䷻Ʈ»çÀÌÆ®Áú¹®,ÀúÀÛ±Ç ÀÚ·á¿äû ±ÝÁö rankeToLAND
0 08-25
[ÀÎÅͳݻó´ã]  kt¿¡¼­ skt ·Î ÀÎÅͳÝÀ̵¿ÇÏ°í ½Í½À´Ï´Ù. À͸í
129532 [À½¾Ç]  Çª¹Ù 2000 »ç¿ë¹ý rank¿Àºü³ª¾ß
5000 04:33 63
129531 [°ÔÀÓ]  ¿¾³¯ ¿Â¶óÀΰÔÀÓ Á¦¸ñ ã½À´Ï´Ù. rankºù±Ûºù±×¸£
1000 03:59 56
129530 [Ãë¹Ì/»ýÈ°]  ¸ðµç ¸ñÀç Á¶°ÇÀÌ ÁÁÀ¸¸é 50³â ÀÌ»ó °¡³ª¿ä ??? rankÀÏ»ó»ýÈ°¸ðÇè
369 00:13 84
129529 [±³À°/Çй®]  ºÎóöÇÐ °øºÎ ¹æ¹ý? (2) rankÅ»ê°õ
200 03-28 63
129528 [Ãë¹Ì/»ýÈ°]  ¹è ³ó»ç¸¦ ½ÃÀÛÇÏ·Á°í ÇÕ´Ï´Ù. °£·«ÇÑ ¼³¸íºÎŹµå·Á¿ä (1) rankÀÏ»ó»ýÈ°¸ðÇè
369 03-28 79
129527 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  pc±¸¸Å ÈÄ ¸ð´ÏÅÍ ½ÅÈ£¾øÀ½.. ¾î¶»Çϳª¿ä?.txt (13) rank¿©Àڿ;ÆÀ̴³öÁà
5000 03-27 119
129526 [°ÔÀÓ]  ¸®´ÏÁö ¼­¹ö±¸ÃàÀ̶û ¼­¹öÆÑ ¾î¶»°Ô ±¸ÃàÇÏ°í ±¸Çϳª¿ä [Á¤º¸±Û] (1) rankÄ¿ÇÇÇÑÀÜÀÇ¿©À¯
3000 03-27 131
129525 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ÄÄÇ»ÅÍ ·¥ xmp Àß ¾Æ½Ã´ÂºÐ °è½Å°¡¿ä?.txt (8) rank¿©Àڿ;ÆÀ̴³öÁà
5000 03-27 111
129524 [Ãë¹Ì/»ýÈ°]  ³» BIZ Áöµµ¾îÇÿ¡ ¶ß°Ô ¸¸µé·Á¸é ¾î¶»°Ô Çϳª¿ä ??? rankÀÏ»ó»ýÈ°¸ðÇè
369 03-26 78
129523 [¼îÇÎ]  ½ºÅ¸¹÷½º ¹ÙÄÚµå Áú¹®Á» µå·Á¿ä (2) rankenrilj
1000 03-26 88
129522 [°Ç°­/ÀÇÇÐ]  ½ºÅ×·ÎÀ̵å ÁÖ»ç ¹®ÀÇ ÀÔ´Ï´Ù.. (1) rank·°Å°³Ñ¹ö¼¼ºì
300 03-26 88
129521 [±âŸ]  ¿ÀÇǽºÅÚ¿¡ »ó°¡ ·»Æ®Ä«ÀÔÁ¡ÇÏ¿© ÁÖ°ÅÁö¿ªÀ» ħ¹üÇÏ¿© ÁÖÂ÷ÇÏ´Â °æ¿ì (1) rank°í¼¼±¸
500 03-26 164
129520 [Ãë¹Ì/»ýÈ°]  ÀÌ°Å ¹«½¼ ¹ú·¹ÁÒ (3) rankº¹Á¶¸®
200 03-25 167
129519 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ¹æ¾È¿¡¼­ ¿ÍÀÌÆÄÀÌ°¡ ³Ê¹« ´À·Á¿ä (3) À̹ÌÁö rank±×¸®¿î±×³¯
300 03-25 226
129518 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  À¯Æ©ºê ¸ô¶§ È­¸éÀÌ ¸¹ÀÌ ±ôºýÀÔ´Ï´Ù (3) rank°¡ÀÏ
200 03-25 154
129517 [¼îÇÎ]  ÀÌ°¡¹æ ¾îµð¼­ ÆÄ´ÂÁö Ȥ½Ã ã¾ÆÁÖ½Ç ´É·ÂÀںР°è½Ç±î¿ä (2) À̹ÌÁö rank»ß»Ç»ß
1000 03-24 204
129516 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ¸ÞÀκ¸µå Á¡ÆÛ¼±ÀÌ º´·Ä·Î µþ ¼ö ÀÖ°Ô ³ª¿Â°Ô ÀÖÀ»±î¿ä? À̹ÌÁö rank°õ³ª¶óÅÊ
2000 03-24 133
129515 [¼îÇÎ]  ½ãÅ©¸² ¹«½¼ Á¦Ç°Àϱî¿ä? (1) À̹ÌÁö rank±¤°í¹ÌħÀÌ
2000 03-23 106
129514 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ÀÌ Æ÷ÅäÇÁ¸°ÅÍ Á¦Ç°¸í ¾Æ½Ã´Â ºÐ? (1) À̹ÌÁö rank±¤°í¹ÌħÀÌ
2000 03-23 126
129513 [°Ç°­/ÀÇÇÐ]  ¼¿ÇÁ ¼Òº¯°Ë»ç.. ÇÇ°Ë»ç.. (2) rankÀÏ»ó»ýÈ°¸ðÇè
369 03-23 123
129512 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ¿¢¼¿ ¿¬¼ÓµÈ ÇÏÀÌÆÛ¸µÅ© ¼öÁ¤ (7) rank´Þºû³ëÀ»
300 03-22 153
129511 [±âŸ]  ¾²·¹±â ºÐ¸®¼ö°Å Àß ¾Æ½Ã´ÂºÐ °è½Å°¡¿ä?.txt (2) rank¿©Àڿ;ÆÀ̴³öÁà
1500 03-21 143
129510 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ¤· ºí·Î±×¸¦ ÇÏ°í ½ÍÀº Ã浿ÀÌ ÀϾ½À´Ï´Ù. ¤· À̹ÌÁö rankÀÏ»ó»ýÈ°¸ðÇè
369 03-20 106
129509 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  ¸ð´ÏÅÍ¾Ï ÃßõÇØÁÖ¼¼¿ä. (6) rank¶×»Ç
1000 03-20 143
129508 [°ÔÀÓ]  À¥°ÔÀÓ(Browser game) ÃßõÇØ ÁÖ¼¼¿ä (1) rankWangch
1600 03-20 133
129507 [±âŸ]  »ï±¹Áö º¸·Á°í Çϴµ¥¿ä (4) rankÈ¿¼ºÇϾÌ
5000 03-20 144
129506 [±âŸ]  ÃµÇýÇâ °õÆÎÀÌ Àΰ¡¿ä? (3) À̹ÌÁö rankmabury
200 03-19 222
129505 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  8 Ãþ °Ç¹° 7Ãþ â¹®¿¡¼­ Èí¿¬½Ã ¿¬±â È帧¿¡ ´ëÇÑ ¹®ÀÇ (4) À̹ÌÁö rankÀÏ»ó»ýÈ°¸ðÇè
369 03-19 153
129504 [ÀüÀÚ±â±â]  Àΰ­¿ë Å×ºí¸´ Ãßõ ºÎŹ µå¸³´Ï´Ù. [ÀÚÇÊ] (3) À̹ÌÁö rankKhaos
5000 03-19 133
129503 [±âŸ]  ¼Ò±Ô¸ð ¾ÆÆÄÆ® Àå±â¼ö¼±Ãæ´ã±Ý »ç¿ë°èȹ¼­ ÀÛ¼º¹ý (4) À̹ÌÁö rank¹Ù¸£´Ù
400 03-18 161
129502 [Ãë¹Ì/»ýÈ°]  ¤· ÃæÀü½Ä Àüµ¿°ø±¸ ¸íĪ ¹®ÀÇ (4) À̹ÌÁö rankÀÏ»ó»ýÈ°¸ðÇè
369 03-18 159
129501 [Ãë¹Ì/»ýÈ°]  ¿Â¼ö ÄÚÀϳ­¹æ ½ÃÀÛµÈ ½Ã±â ¾Æ½Ã´ÂºÐ - ±¹³» - ÇØ¿Ü - (2) À̹ÌÁö rankÀÏ»ó»ýÈ°¸ðÇè
369 03-18 155
129500 [°æÁ¦/ÀçÅ×Å©]  ¸»¼Ò±âÁرǸ® Àü/ÈÄ·Î ÀüÀÔ/È®Á¤ÀÏÀÚ°¡ ºÐ¸®µÈ °æ¿ì¿¡ ´ëÇØ Áú¹® µå¸³´Ï´Ù. rank¼ö¸·ÀÌ
500 03-18 77
129499 [¼îÇÎ]  ½ÅÇÑ ÄíÆÎüũīµå..½ÇÀû (2) rank±³¹Ì³×ÀÌÅÍ
5000 03-18 205
129498 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  mp4 ÆÄÀÏ ¿¡ ÀÖ´Â ¹è°æ À½¾Ç¸¸ Á¦°ÅÇÑ ÆÄÀÏ·Î ÆíÁý ÇÒ¼ö ÀÖ´Â ¹«·á »çÀÌÆ®³ª ÇÁ·Î±×·¥ ¾Ë°í ½Í½À´Ï´Ù. (530MB) (2) À̹ÌÁö rank¤±µñ¤±µð°í¤Ã
1000 03-18 130
129497 [±³À°/Çй®]  ºÒõ³ë - ºÐ³ë¸¦ ¿Å±âÁö ¾Ê´Â´Ù - ¿µ¾î·Î ¸¸µé¾îÁÖ¼¼¿ä (1) rankÀÏ»ó»ýÈ°¸ðÇè
586 03-18 80
129496 [ÄÄÇ»ÅÍ/ÀÎÅͳÝ]  Æù °ÔÀÓ ¼Óµµ°¡ ´À·ÁÁö´ÂÀÌÀ¯°¡ ¹»±î¿ä? (4) rank¾ÆÀÓ´Ð
1000 03-17 115
129495 [ÀüÀÚ±â±â]  È¤½Ã RCA ÄÉÀÌºí¿¡ ´ëÇؼ­ ¾Æ½Ã´Â ºÐ ÀÖÀ¸½Å°¡¿ä? (4) À̹ÌÁö rankÀ̶ó·Î±×¿À
200 03-17 149
129494 [°ÔÀÓ]  mvp ¾ß±¸ °ÔÀÓ [ÀÚÇÊ] rankºñ¹ÐÈ­¿ø
200 03-17 117
129493 [±âŸ]  Æ÷Àå ÀÌ»çÇÒ¶§ ¾î¶»°Ô ÇϽóª¿ä?.txt (4) rank¿©Àڿ;ÆÀ̴³öÁà
1500 03-17 110

Áú¹®°ú´äº¯ ¿ù°£ ÃÖ´ÙäÅà ¿ì¼ö´äº¯È¸¿ø

  • rank±×±îÀ̲¨¹¹¶ó°í äÅô亯¼ö (11)
  • rank¿©Àڿ;ÆÀ̴³öÁà äÅô亯¼ö (6)
  • rankÀÌÈ­¿¡¿ù´ãÇÏ°í äÅô亯¼ö (3)
  • rankdasari äÅô亯¼ö (3)
  • rank¹ÐÁö¸¶ äÅô亯¼ö (2)
  • rank35mm äÅô亯¼ö (1)
  • rankNarxia äÅô亯¼ö (1)
  • rankÀû¿ì»ï äÅô亯¼ö (1)
  • rankÃÖ´ë8ÀÚ Ã¤Åô亯¼ö (1)
     1  2  3  4  5  6  7  8  9  10  ´ÙÀ½
    ¸Ç À§·Î
    ¸Ç ¾Æ·¡·Î

    °øÀ¯Çϱâ

    ÀÌÅä·£µå ·Î°í

    °èÁ¤ ã±â ȸ¿ø°¡ÀÔ
    ¼Ò¼È·Î±×ÀÎ