|
|
0
0
µ¹¾Æ¿Âµðµå
ÀÌ°Ô µÇ¸é ¾Ç¼º½ºÅ©¸³Æ® ½É¾î³õÀº ÆäÀÌÁö¸¦ »Ë»Ñ °Ô½ÃÆÇDB¿¡ ³ÖÀ» ¼ö ÀÖ½À´Ï´Ù. Ŭ¸¯Çϸé, ¹«½¼ ÁþÀ» ´çÇß´ÂÁö ´À³¥ ¼öµµ ¾ø½À´Ï´Ù. ¹é½Åµé Àß ±ò¾ÆµÎ¼¼¿ä..\'¤µ\'
2015-10-01
|
0
0
»ó¾î¹ä
¸·À»¼ö´ÂÀִµ¥ ¾ÆÁ÷ Àû¿ëÀ»¾ÈÇß³ªº¸³×¿ä
|
0
0
zzoobi
¤»¤»¤»¤»¤»¤» Àç¹Ô³×¿ä
|
0
0
¿À¿ÀÄ«¹Ì¿Õ¿Õ
»Ë»Ñ ¿©±â ÇØÅ· ¿¬½ÀÇÏ´Â »çÀÌÆ®Àΰ¡¿ä
|
0
0
ÃÖÈ®¼ö¹ý
°¨»çÇÕ´Ï´Ù ¤¾¤¾¤¾¤¾¤¾¤¾¤¾
|
0
0
ÀÌ ±ÛÀº Ç°Àý/Á¾°á/Ãë¼Ò µÇ¾ú³×¿ä ^^
ÀÌ ÄÚ¸àÆ®°¡ 2°³°¡ µÇ¸é ÀÚµ¿À¸·Î Á¾°áµË´Ï´Ù. µî·ÏÇϽŠºÐ : µ¿ÀÌ´ÔÀÌ´Ù |
0
0
ÇêÂî
XSS°í ¹¹°í ¾Æ¸ô¶û ³ªÀÇ »Ë°Ô¸¦ ÁöÄÑÁÖ¼¼¿ä ÇϾÇÇϾÇ
|
0
2
µÎ¹ø°¸ÁÇÑ»çÀÌÆ®
XSS : cross Site Scripting [Ãâó:http://anyflow.net/271)
XSSÀÇ Á¤ÀÇ - µ¿Àû »ý¼º À¥ ÆäÀÌÁö¿¡ ¾ÇÀÇÀûÀÎ ½ºÅ©¸³Æ®¸¦ ³Ö¾î, »ç¿ëÀÚ°¡ ÇØ´ç ÆäÀÌÁö¸¦ ¿¶÷ÇßÀ» °æ¿ì »ðÀÔÇÑ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇϵµ·Ï ÇÔÀ¸·Î½á »ç¿ëÀÚÀÇ µ¥ÀÌÅ͸¦ Å»ÃëÇÏ´Â À¥ ÇØÅ· ±â¹ý. * OWASP(Open Web Application Security Project)¿¡¼ ¹ßÇ¥ÇÑ Web ApplicationÀÇ 10´ë Ãë¾àÁ¡ ÁßÀÇ Çϳª. XSSÀÇ °ø°Ý ´ë»ó 1. °ø°Ý½Ã »ç¿ëµÇ´Â HTML ÅÂ±× : <script> µî. 2. °ø°Ý ´ë»ó script ¹× ¾ð¾î : Javascript, VBScript, ActiveX, HTML, Flash 3. °ø°Ý ´ë»ó ÄÚµå : CGI ½ºÅ©¸³Æ®, °Ë»ö ¿£Áø, °Ô½ÃÆÇ, ¿À·ù ÆäÀÌÁö µî 4. °ø°Ý ´ë»ó ÄÚµåÀÇ ÁÖ¿ä °ø°Ý À§Ä¡ : ÀÔ·Â ºÎºÐ. ¿¹¸¦ µé¾î URL parameter, Form elements, ÄíÅ°, DB Äõ¸® µî. XSSÀÇ À§Ç輺 - XSS¸¦ ÀÌ¿ëÇÑ °ø°ÝÀº ¾ÆÁÖ Ä¡¸íÀû. °ø°Ý ´ë»óÀÇ ½Ã½ºÅÛÀÇ °ü¸®ÀÚ ±ÇÇѱîÁö Çà»ç °¡´É. - °ø°Ý ´ë»óÀÌ ¸ðÈ£Çؼ ¹æȺ® µîÀÇ º¸¾È ¼Ö·ç¼ÇÀ¸·Î´Â ¹æÁöÇÏ´Â °Í ÀÚü°¡ ºÒ°¡´É. - µû¶ó¼ º¸¾È¿¡ ÁÖÀÇ ±íÀº °³¹ß ¹× À¯Áöº¸¼ö °ü¸® ü°è¸¦ ÅëÇØ XSSÀÇ À§ÇèÀ» ±Øº¹Çؾß. |
|
1 2 |
|
¡â ÀÌÀü±Û¡ä ´ÙÀ½±Û | ¸ñ·Ïº¸±â |