I study security and share my knowledge.

Recent posts

Log Poisoning

ํ•ด๋‹น ์ทจ์•ฝ์ ์€ ๋ฌด์—‡์ธ๊ฐ€? log Poisoning์€ ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ ๋ฐœ์ƒํ•˜๋Š” ์ทจ์•ฝ์ ์œผ๋กœ, LFI ์ทจ์•ฝ์ ์ด ์กด์žฌํ•˜๋ฉฐ, Log ํŒŒ์ผ์„ ์—ด๋žŒ์ด ๊ฐ€๋Šฅํ•  ๋•Œ ๋ฐœ์ƒํ•˜๋ฉฐ, log injection๊ณผ LFI ์ทจ์•ฝ์ ์ด ์„ ํ–‰๋˜์–ด์•ผ ํ•œ๋‹ค. ์ด๋ฅผ ํ†ตํ•ด RCE ๊นŒ์ง€๋กœ ์ด์–ด์งˆ ์ˆ˜ ์žˆ๋Š” ์ทจ์•ฝ์ ์ด๋‹ค....

Open redirect (redirect for PHP header() vulnerability)

ํ•ด๋‹น ์ทจ์•ฝ์ ์€ ๋ฌด์—‡์ธ๊ฐ€? Redirection ํ›„ PHP๊ฐ€ ์ง€์†์ ์œผ๋กœ ์‹คํ–‰๋˜๋Š” ์ทจ์•ฝ์ ์ด๋ผ๊ณ  ๋ณผ ์ˆ˜ ์žˆ์œผ๋ฉฐ, ํ•ด๋‹น ์ทจ์•ฝ์ ์€ ํŠน์ • ์›น ์‚ฌ์ดํŠธ์—์„œ Redirection์„ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ์‹์˜ ์˜ค๋ฅ˜๋กœ ๋ฐœ์ƒ๋œ๋‹ค. ํ•ด๋‹น ์ทจ์•ฝ์ ์œผ๋กœ ์ธํ•œ ํ”ผํ•ด๋Š”? ์ธ์ฆ ๋ฐ ์ธ๊ฐ€ ๋˜์ง€ ์•Š๋Š” ํŽ˜์ด์ง€์— ๋Œ€...

Archangel - WriteUP

ํ•ด๋‹น ๋ฌธ์ œ๋Š” https://tryhackme.com/room/archangel ์—์„œ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Archangel ์‹œ์Šคํ…œ ๋ชจ์˜ ์นจํˆฌ ์ˆ˜ํ–‰ ๋‚ด์šฉ ์ •๋ณด ์ˆ˜์ง‘ ์›น ์„œ๋ฒ„ ๋””๋ ‰ํ„ฐ๋ฆฌ์ค‘ /test.php ๊ฒฝ๋กœ ๋ฐœ๊ฒฌ /test.php ์—์„œ LFI ์ทจ์•ฝ์  ๋ฐœ๊ฒฌ Apa...