d0ky0_ch@071c

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정[case7]public static void main(String args[]) throws IOException { List allowedCommands = new ArrayList(); allowedCommands.add("notepad"); allowedCommands.add("calc"); String cmd = args[0]; if (!allowedCommands.contains(cmd)) { System.err.println("Error"); return; } Process ps = null; try { ps = Runtime.getRuntime().exec(cmd); ......취약점Command Injection양호/취..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정[case4]if (FileUploadCtr.PostedFile.ContentType == "image/jpeg"){ if (FileUploadCtr.PostedFile.ContentLength 취약점파일 업로드 (File Upload)양호/취약양호사유화이트리스트 기반 파일 타입 검증과 파일 크기 검증 모두 진행하기 때문 [case5]String id = (String)session.getValue("id");String bn = request.getParameter("gubun");String rd = request.getParameter("redirect");if (id.length() > 0) { String sql = "sele..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정[case1]String fileName = request.getParameter("P");BufferedInputStream bis = null;BufferedOutputStream bos = null;FileInputStream fis = null;try { response.setHeader("Content-Disposition", "attachment;filename=" + fileName + ";"); ... fis = new FileInputStream("C:/datas/" + fileName); bis = new BufferedInputStream(fis); bos = new BufferedOutp..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/access-control/lab-referer-based-access-control Lab: Referer-based access control | Web Security AcademyThis lab controls access to certain admin functionality based on the Referer header. You can familiarize yourself with the admin panel by logging in using ...portswigger.net 가. 문제점[CASE 12] 인증 우회 Web Security Academy 서..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/access-control/lab-unprotected-admin-functionality Lab: Unprotected admin functionality | Web Security AcademyThis lab has an unprotected admin panel. Solve the lab by deleting the user carlos. Solution Go to the lab and view robots.txt by appending /robots.txt to ...portswigger.net 가. 문제점[CASE 11] 인증 우회 Web Security Aca..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/file-path-traversal/lab-superfluous-url-decode Lab: File path traversal, traversal sequences stripped with superfluous URL-decode | Web Security AcademyThis lab contains a path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It then ...portswigge..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/file-path-traversal/lab-simple Lab: File path traversal, simple case | Web Security AcademyThis lab contains a path traversal vulnerability in the display of product images. To solve the lab, retrieve the contents of the /etc/passwd file. Solution ...portswigger.net 가. 문제점[CASE 9] Directory TraversalWeb Security Academy ..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-extension-blacklist-bypass Lab: Web shell upload via extension blacklist bypass | Web Security AcademyThis lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed due to a fundamental flaw in ...portswigger..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload Lab: Remote code execution via web shell upload | Web Security AcademyThis lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's ...portswigger.net 가. 문제점[CASE ..

[SK쉴더스 Rookies 19기] 클라우드 기반 스마트 융합보안 과정https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses Lab: Blind SQL injection with conditional responses | Web Security AcademyThis lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value ...portswigger.net해당 정보들이 미리 주어졌다고 가정한다. 가. 문제점..