Cullinan

Cullinan is a wiki for hacking/security/bugbounty

HTTP Request Smuggling

  • 8 min read

๐Ÿ” Introduction

HTTP Request Smuggling์€ network hops๋กœ ๊ตฌ์„ฑ๋œ ํ™˜๊ฒฝ์—์„œ ๊ฐ ๊ตฌ๊ฐ„์˜ ์„œ๋ฒ„, ์žฅ๋น„ ๋“ฑ์—์„œ HTTP Request๋ฅผ ์ฒ˜๋ฆฌํ•  ๋•Œ ์ฐจ์ด์ ์œผ๋กœ ์ธํ•ด ๋ฐœ์ƒํ•˜๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค. ๋ณดํŽธ์ ์œผ๋กœ Content-Length์™€ Transfer-Encoding์„ ๋™์‹œ์— ์ „๋‹ฌํ•˜์—ฌ ๊ตฌ๊ฐ„ ๋ณ„๋กœ HTTP Reuqest์˜ ๊ธธ์ด๋ฅผ ์ž˜ ๋ชป ์ธ์ง€ํ•˜๋„๋ก ์œ ๋„ํ•ฉ๋‹ˆ๋‹ค.

Read More

Axiom

  • 1 min read

Introduction

The dynamic infrastructure framework for anybody! Distribute the workload of many different tools with ease, including nmap, ffuf, masscan, nuclei and many more!

Read More

CSRF

  • 7 min read

๐Ÿ” Introduction

CSRF๋Š” Cross-Site Request Forgery ์˜ ์•ฝ์ž๋กœ ์ฟ ํ‚ค์˜ ๋™์ž‘ ๋ฐฉ์‹์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์œผ๋กœ ์‚ฌ์šฉ์ž์˜ ์„ธ์…˜ ์ฟ ํ‚ค ๋˜๋Š” ๋‹ค๋ฅธ ์ธ์ฆ์ •๋ณด๋ฅผ ์ด์šฉํ•˜์—ฌ ์‚ฌ์šฉ์ž ๋ชจ๋ฅด๊ฒŒ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ์„œ๋น„์Šค ์š”์ฒญ์„ ์ฒ˜๋ฆฌํ•˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

XSS

  • 12 min read

๐Ÿ” Introduction

XSS๋Š” Cross-Site Scripting์˜ ์•ฝ์ž๋กœ ์›น ์„œ๋น„์Šค์— Javascript ๋“ฑ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ๋Š” ์ฝ”๋“œ๋ฅผ ์‚ฝ์ž…ํ•˜์—ฌ ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž ๋“ฑ์—๊ฒŒ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์‹คํ–‰ํ•˜๊ฒŒ ํ•˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. OWASP TOP10์—๋„ ๋งค๋ฒˆ ํฌํ•จ๋  ๋งŒํผ ์•„์ฃผ ์ „ํ†ต์ ์ธ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ด์ง€๋งŒ ํ˜„์žฌ๊นŒ์ง€ ์ž์ฃผ ๋ฐœ์ƒํ•˜๋Š” ์ทจ์•ฝ์ ์œผ๋กœ ์›น ํ•ดํ‚น์„ ๋Œ€ํ‘œํ•˜๋Š” ๊ณต๊ฒฉ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

Read More

Git

  • ~1 min read

Introduction

๊นƒ์€ ์˜คํ”ˆ์†Œ์Šค ๋ถ„์‚ฐ ๋ฒ„์ „ ๊ด€๋ฆฌ ์‹œ์Šคํ…œ์œผ๋กœ svn ์ดํ›„์— ๊ฐœ๋ฐœ ํŠธ๋ Œ๋“œ์—์„œ ๊ฐ€์žฅ ์ค‘์š”ํ•œ ์œ„์น˜์— ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ์—ฌ๋Ÿฌ ์‚ฌ์šฉ์ž๋“ค์˜ ๊ณต๋™ ๊ฐœ๋ฐœ์— ์žˆ์–ด์„œ ํŒŒ์ผ์˜ ๋ณ€๊ฒฝ ์‚ฌํ•ญ์„ ์ง€์†์ ์œผ๋กœ ์ถ”์ ํ•˜๊ณ  ์ถฉ๋Œ๋‚˜์ง€ ์•Š๋„๋ก ๊ด€๋ฆฌํ•ด์ฃผ๋Š” ์—ญํ• ์„ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

Read More

H2C Smuggling

  • 4 min read

๐Ÿ” Introduction

HTTP/2 Protocol and H2C Switching

HTTP2 ํ”„๋กœํ† ์ฝœ์€ ๊ตฌ๊ธ€์—์„œ ๊ฐœ๋ฐœ ๋ฐ ์‹œ๋ฒ” ์‚ฌ์šฉ์ค‘์ด๋˜ SPDY ํ”„๋กœํ† ์ฝœ์˜ ์‚ฌ์–‘์„ ๊ธฐ๋ฐ˜์œผ๋กœ HTTP-WG์—์„œ ์ง„ํ–‰ํ•œ ํ”„๋กœํ† ์ฝœ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  2015๋…„ HTTP/2 ํ‘œ์ค€์œผ๋กœ ์ฑ„ํƒ๋จ๊ณผ ๋™์‹œ์— SPDY๋Š” ์ง€์› ์ค‘๋‹จ์„ ํ•˜๊ฒŒ ๋˜์—ˆ์ง€์š”. ์•„๋ฌดํŠผ HTTP/2๋‚œ ์ฐจ์„ธ๋Œ€ ์›น ํ”„๋กœํ† ์ฝœ๋กœ ๋ณด์‹œ๋ฉด ๋  ๊ฒƒ ๊ฐ™๊ณ , 1.x ๋ฒ„์ „๋Œ€๋ณด๋‹ค ์„ฑ๋Šฅ์ ์œผ๋กœ ํฐ ๊ฐœ์„ ๋“ค์ด ์žˆ์–ด์„œ ์„œ์„œํžˆ ๋งŽ์€ ์„œ๋ฒ„๋“ค์ด HTTP2 ์ง€์›์„ ํ•˜๊ณ  ์žˆ๋Š” ์ƒํƒœ์ž…๋‹ˆ๋‹ค. HTTP2์— ๋Œ€ํ•œ ๋‚ด์šฉ์€ google developers ๋ฌธ์„œ๋ฅผ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”.

Read More

Nmap

  • 2 min read

Introduction

Nmap์€ ์˜คํ”ˆ์†Œ์Šค ๊ธฐ๋ฐ˜์˜ Network discovery ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ํฌํŠธ์Šค์บ๋„ˆ๋กœ ์•Œ๋ ค์ ธ ์žˆ์œผ๋ฉฐ, Lua script(NSE)๋ฅผ ํ†ตํ•ด ๋ณ„๋„์˜ ํ…Œ์ŠคํŒ… ๋กœ์ง์„ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ์–ด ์›น๋ถ€ํ„ฐ ๋„คํŠธ์›Œํฌ๋‹จ ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ์Šค์บ๋‹๊นŒ์ง€ ์ถฉ๋ถ„ํžˆ ์ปค๋ฒ„ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Parallel

  • ~1 min read

Introduction

Parallel์€ ๋ณ‘๋ ฌ ์‹คํ–‰์„ ์œ„ํ•œ cli ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ์ด๋ฅผ ํ™œ์šฉํ•˜๋ฉด ๋‹ค์ˆ˜์˜ ๋ฐ˜๋ณต ์ž‘์—…๋“ฑ์„ ๋ณ‘๋ ฌ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ์–ด์„œ cli ๊ธฐ๋ฐ˜์˜ ์ž๋™ํ™”์— ํฐ ๋„์›€์„ ์ค„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Reverse Tabnabbing

  • 1 min read

๐Ÿ” Introduction

Reverse tabnabbing์€ ํŠน์ • ์กฐ๊ฑด์—์„œ a, iframe ๋ฐ window.open() ๋“ฑ์œผ๋กœ ์ƒ์„ฑ๋œ child page๊ฐ€ parents page๋ฅผ ์ผ๋ถ€ ์ œ์–ดํ•  ์ˆ˜ ์žˆ๋Š” ํŠน์„ฑ์„ ์ด์šฉํ•ด ํ”ผ์‹ฑ ์‚ฌ์ดํŠธ๋กœ parents page๋ฅผ ๋ณ€๊ฒฝํ•˜๋Š” ์ทจ์•ฝ์ ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

COOP

  • ~1 min read

COOP(Cross-Origin-Opener-Policy)๋Š” top-level document๊ฐ€ cross-origin ์ƒํƒœ์˜ document์™€ browsing context group์„ ๊ณต์œ ํ•˜์ง€ ๋ชปํ•˜๋„๋ก ์ œํ•œํ•˜๋Š” ๋ณด์•ˆ ์ •์ฑ…์ด์ž ํ—ค๋”์ž…๋‹ˆ๋‹ค. ์ด๋Ÿฌํ•œ ํ—ค๋”๋Š” document๋ฅผ ๊ฒฉ๋ฆฌ์‹œ์ผœ XS-Leaks ๊ฐ™์€ ๊ณต๊ฒฉ์„ ํ†ตํ•ด document ๋‚ด๋ถ€๋ฅผ ์—‘์„ธ์Šคํ•  ์ˆ˜ ์—†๋„๋ก ์ œํ•œํ•ฉ๋‹ˆ๋‹ค.

Read More

SSRF

  • 5 min read

๐Ÿ” Introduction

SSRF๋Š” Server-Side Request Forgery์˜ ์•ฝ์ž๋กœ ๋ฐฑ์—”๋“œ ์„œ๋ฒ„๋‹จ์—์„œ ์š”์ฒญ์„ ๋ฐœ์ƒ์‹œ์ผœ ๋‚ด๋ถ€์‹œ์Šคํ…œ์— ์ ‘๊ทผํ•˜๊ฑฐ๋‚˜ ์™ธ๋ถ€๋กœ ๋ฐ์ดํ„ฐ๋ฅผ ์œ ์ถœํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

Websocket Connection Smuggling

  • 3 min read

๐Ÿ” Introduction

WebSocket

์›น ์†Œ์ผ“์€ ๋‹จ์ผ ์š”์ฒญ ๋น„ ์—ฐ๊ฒฐํ˜•์ธ HTTP์˜ ๋‹จ์ ์„ ๋ณด์™„ํ•˜๊ธฐ ์œ„ํ•œ ํ”„๋กœํ† ์ฝœ๋กœ HTTP ๊ธฐ๋ฐ˜์˜ Handshake ๊ณผ์ •๊ณผ ์ดํ›„ TCP/TLS ํ†ต์‹ ์„ ์ด์šฉํ•˜์—ฌ ์„œ๋ฒ„์™€ ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์ง€์†์ ์œผ๋กœ ์†Œ์ผ“ ํ†ต์‹ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

SQLMap

  • ~1 min read

Installation

Macos

brew install sqlmap

Read More

Amass

  • 4 min read

Installation

Macos ``` brew tap caffix/amass brew install amass

Read More

CSWSH Attack

  • 1 min read

๐Ÿ” Introduction

CSWSH๋Š” Cross-Site WebSocket Hijacking์˜ ์•ฝ์ž๋กœ WebSocket์—์„œ Cross domain๊ฐ„ ์‚ฌ์šฉ ์ •์ฑ…์ธ Origin ํ—ค๋”์— ๋Œ€ํ•œ ๊ฒ€์ฆ ๋ฏธํก์œผ๋กœ ๋ฐœ์ƒํ•˜๋Š” ๋ฌธ์ œ์ž…๋‹ˆ๋‹ค.

Read More

JSON Hijacking

  • 5 min read

๐Ÿ” Introduction

JSON Hijacking์€ SOP์˜ ์˜ˆ์™ธ๋ฅผ ์œ„ํ•œ CORS ์„ค์ •์ด ๋ฏธํกํ•œ ๊ฒฝ์šฐ ๊ณต๊ฒฉ์ž๊ฐ€ ์‚ฌ์šฉ์ž์˜ ๋ฐ์ดํ„ฐ ๋“ฑ์„ ์ž„์˜๋กœ ํƒˆ์ทจํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

JSONP Hijacking

  • 1 min read

๐Ÿ” Introduction

JSONP Hijacking์€ ๋ฏผ๊ฐ ์ •๋ณด๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ํŽ˜์ด์ง€๊ฐ€ JSONP๋ฅผ ์ง€์›ํ•˜๋Š” ๊ฒฝ์šฐ ๊ณต๊ฒฉ์ž๊ฐ€ ์‰ฝ๊ฒŒ ์ •๋ณด๋ฅผ ํƒˆ์ทจํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

CRLF Injection

  • ~1 min read

๐Ÿ” Introduction

CRLF Injection์€ Carriage Return Line feed Injection์˜ ์•ฝ์ž๋กœ ๊ฐ ๊ฐœํ–‰๋ฌธ์ž๋ฅผ ์˜๋ฏธํ•˜๋Š” CR(\r) LF(\n)์„ ์ด์šฉํ•˜์—ฌ HTTP Request ๋˜๋Š” Response๋ฅผ ๋ถ„๋ฆฌํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ๋™์ž‘์„ ์ˆ˜ํ–‰์‹œํ‚ค๋Š” ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

CSV Injection

  • 1 min read

๐Ÿ” Introduction

CSV Injection์€ Formula Injection์œผ๋กœ๋„ ๋ถˆ๋ฆฌ๋ฉฐ ์ผ๋ฐ˜์ ์œผ๋กœ CSV ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ ๋“ฑ์˜ ๊ธฐ๋Šฅ์—์„œ ๋ฐœ์ƒ๋˜๋Š” ์ทจ์•ฝ์ ์ด์ž, ๊ณต๊ฒฉ๊ธฐ๋ฒ•์ž…๋‹ˆ๋‹ค. MS Excel, Libre Office ๋“ฑ์—์„œ CSV ํŒŒ์ผ์„ ์—ด ๋•Œ ํŠน์ • ๊ตฌ๋ฌธ์„ ์ด์šฉํ•˜์—ฌ ์‹œ์Šคํ…œ ๋ช…๋ น๋“ฑ์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋Š”๋ฐ, ์ด๋ฅผ ์•…์˜์ ์ธ ํŒŒ์ผ์ด ์•„๋‹Œ ์ •์ƒ์ ์ธ ํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œํ•  ๋•Œ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ๊ตฌ๋ฌธ์ด CSV ํŒŒ์ผ ๋‚ด๋ถ€์— ๋ฐ˜์˜๋˜๋„๋ก ํ•˜์—ฌ ํ”ผํ•ด์ž๊ฐ€ ์˜์‹ฌ์—†์ด ํŒŒ์ผ์„ ์—ด๋ฉด์„œ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ์ฝ”๋“œ๊ฐ€ ์‹คํ–‰๋˜๋„๋ก ํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค.

Read More

Path Traversal (Directory traversal)

  • 3 min read

๐Ÿ” Introduction

Path traversal(Directory traversal)์€ ์„œ๋น„์Šค์—์„œ ์‚ฌ์šฉ์ž๋กœ๋ถ€ํ„ฐ ๋ฐ›์€ ์ž…๋ ฅ์ด path ํ˜•ํƒœ์˜ ๋ฐฑ์—”๋“œ์—์„œ ์ฒ˜๋ฆฌ ๋กœ์ง์„ ๊ฐ€์ง€๋Š” ๊ฒฝ์šฐ, ์ด๋ฅผ ์กฐ์ž‘ํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์›ํ•˜๋Š” ๊ฒฝ๋กœ๋กœ ์ ‘๊ทผํ•˜์—ฌ ๋™์ž‘์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๊ณต๊ฒฉ๊ธฐ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

Open Redirect

  • 1 min read

๐Ÿ” Introduction

Open Redirect๋Š” ์›น ์„œ๋น„์Šค์—์„œ ์‚ฌ์šฉ์ž์˜ ์ž…๋ ฅ์„ ๊ธฐ๋ฐ˜์œผ๋กœ redirect ํ•˜๋Š” ๊ธฐ๋Šฅ์„ ์ด์šฉํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ๋„๋ฉ”์ธ์œผ๋กœ ์‚ฌ์šฉ์ž๋ฅผ ์ด๋™์‹œํ‚ค๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

Command Injection

  • 3 min read

๐Ÿ” Introduction

Command Injection์€ ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์ด systemcall ๋“ฑ OS command๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋ถ€๋ถ„์ด ์žˆ๊ฑฐ๋‚˜, application๋‹จ์—์„œ ๋ณ„๋„์˜ command๋ฅผ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒฝ์šฐ ๊ณต๊ฒฉ์ž๊ฐ€ Injection์„ ํ†ตํ•ด ์˜๋„ํ•œ ๋ช…๋ น์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

Zip Slip

  • 1 min read

๐Ÿ” Introduction

ZIP Slip์€ Path traversal(directory traversal) ๊ตฌ๋ฌธ์ด ํฌํ•จ๋œ Archive ํŒŒ์ผ(zip, tar, jar, etc..)์„ extractํ•  ๋–„ ์ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ๊ฒฝ๋กœ๋กœ ์›ํ•˜๋Š” ํŒŒ์ผ์„ ์ด๋™์‹œํ‚ค๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

HTTP Parameter Pollution

  • 1 min read

๐Ÿ” Introduction

HTTP Parameter Pollution(HPP)๋Š” ์ค‘๋ณต๋œ ํŒŒ๋ผ๋ฏธํ„ฐ๋ฅผ ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์ด ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ์‹์˜ ์ฐจ์ด๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์ •ํ™•ํ•˜๊ฒŒ๋Š” ํŠน์ • ๋ฆฌ์Šคํฌ๋ฅผ ๊ฐ€์ง„ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ด๋ผ๊ธฐ ๋ณด๋‹จ ๋‹ค๋ฅธ ์ทจ์•ฝ์ ์œผ๋กœ ์—ฐ๊ฒฐํ•˜๊ธฐ ์œ„ํ•œ ํŠธ๋ฆญ์œผ๋กœ ์‚ฌ์šฉ๋˜๋ฉฐ, ๋™์ผํ•œ ์ด๋ฆ„์˜ ํŒŒ๋ผ๋ฏธํ„ฐ๋ฅผ ์ค‘๋ณต์œผ๋กœ ์ „์†กํ•˜์—ฌ ์„œ๋น„์Šค์˜ ์˜๋„ํ•˜์ง€ ์•Š์€ ์ฒ˜๋ฆฌ๋ฅผ ์œ ๋„ํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

JWT Security

  • 4 min read

๐Ÿ” Introduction

JWT(JSON Web Token)์€ ์ „์ž ์„œ๋ช…์„ ํฌํ•จํ•œ JSON ํ˜•ํƒœ์˜ ํ‘œ์ค€ ํฌ๋งท์ž…๋‹ˆ๋‹ค. RFC7519์— ์ •์˜๋˜์–ด ์žˆ์œผ๋ฉฐ ์ด๋ฅผ ํ†ตํ•ด ์„œ๋ฒ„, ํด๋ผ์ด์–ธํŠธ ๋“ฑ ์ƒํ˜ธ๊ฐ„์˜ ํ†ต์‹  ์‹œ ์‹œ๊ทธ๋‹ˆ์ฒ˜๋ฅผ ๊ฒ€์ฆํ•˜์—ฌ ์œ„๋ณ€์กฐ ์—ฌ๋ถ€๋ฅผ ์ฒดํฌํ•  ์ˆ˜ ์žˆ๊ณ  expire ๊ฐ’์„ ํ†ตํ•ด ๋งŒ๋ฃŒ ์—ฌ๋ถ€๋„ ์ฒดํฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

XST

  • 1 min read

๐Ÿ” Introduction

XST(Cross-Site Tracing)๋Š” HTTP TRACE Method๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์ด๋ฅผ ํ†ตํ•ด์„œ HttpOnly ๋“ฑ์œผ๋กœ ๋ณดํ˜ธ๋œ ์„ธ์…˜์ฟ ํ‚ค๋ฅผ ํƒˆ์ทจํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

DOM Clobbering

  • 3 min read

๐Ÿ” Introduction

DOM Clobbering์€ Javascript์—์„œ์˜ DOM ์ฒ˜๋ฆฌ ๋ฐฉ์‹์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์ž…๋‹ˆ๋‹ค. Clobbering์€ ์˜๋ฏธ ๊ทธ๋Œ€๋กœ ์†Œํ”„ํŠธ์›จ์–ด ๊ณตํ•™์—์„œ ์˜๋„์ ,๋น„์˜๋„์ ์œผ๋กœ ํŠน์ • ๋ฉ”๋ชจ๋ฆฌ๋‚˜ ๋ ˆ์ง€์Šคํ„ฐ๋ฅผ ์™„์ „ํžˆ ๋ฎ์–ด์“ฐ๋Š” ํ˜„์ƒ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

SQL Injection

  • 2 min read

๐Ÿ” Introduction

SQL Injection์€ ๊ณต๊ฒฉ์ž๊ฐ€ Application์—์„œ ์‚ฌ์šฉ๋˜๋Š” SQL Query ๋ฒ—์–ด๋‚˜ ์˜๋„ํ•œ SQL Query๋ฅผ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ SQL Query๋กœ ์—ฐ๊ฒฐ๋˜๋Š” ์‚ฌ์šฉ์ž ์ž…๋ ฅ ๊ตฌ๊ฐ„์ด ์ฃผ๋กœ ์ทจ์•ฝํ•œ ๋ถ€๋ถ„์ด๋ฉฐ, ์ด๋ฅผ ํ†ตํ•ด DB๋‚ด ๋‹ค๋ฅธ ๋ฐ์ดํ„ฐ๋ฅผ ์กฐํšŒํ•˜๊ฑฐ๋‚˜, ์„ค์ •์— ๋”ฐ๋ผ ์‹œ์Šคํ…œ ๊ถŒํ•œ๊นŒ์ง€ ํƒˆ์ทจํ•  ์ˆ˜ ์žˆ๋Š” ์ทจ์•ฝ์ ์ž…๋‹ˆ๋‹ค.

Read More

Cookie Bomb Attack

  • 1 min read

๐Ÿ” Introduction

Cookie bomb์€ ๋น„์ •์ƒ์ ์œผ๋กœ ํฐ ์ฟ ํ‚ค ๊ฐ’์„ ์ด์šฉํ•ด์„œ DOS๋ฅผ ์œ ๋„ํ•˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ๊ฐ€์šฉ์„ฑ์„ ์นจํ•ดํ•˜๋Š” DOS ๊ณต๊ฒฉ์ด ์ฃผ๋ฅผ ์ด๋ฃจ๋ฉฐ, ์ด์™ธ์—๋„ ๋‹ค๋ฅธ ์ทจ์•ฝ์ ๊ณผ Chain attack ํ˜•ํƒœ๋กœ ์‚ฌ์šฉ๋  ๊ฐ€๋Šฅ์„ฑ์ด ์กด์žฌํ•ฉ๋‹ˆ๋‹ค.

Read More

LDAP Injection

  • 1 min read

๐Ÿ” Introduction

LDAP Injeciton์€ LDAP(Lightweight Directory Access Protocol)์— ๋Œ€ํ•œ Injection ๊ณต๊ฒฉ์œผ๋กœ ์‚ฌ์šฉ์ž์˜ ์ž…๋ ฅ๊ฐ’์ด LDAP Query์— ์ง์ ‘ ์˜ํ–ฅ์„ ๋ผ์น  ์ˆ˜ ์žˆ์„ ๋•Œ ์ด๋ฅผ ํ†ตํ•ด ๋น„์ •์ƒ์ ์ธ LDAP ๋™์ž‘์„ ์œ ๋„ํ•˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต์˜ Injection ์ทจ์•ฝ์ ๊ณผ ๋น„์Šทํ•˜๊ฒŒ ์ „๋ฐ˜์ ์ธ ๊ณต๊ฒฉ ๋งค์ปค๋‹ˆ์ฆ˜์€ SQL Injection ๋“ฑ ๋Œ€๋‹ค์ˆ˜ Injection ๋ฐฉ์‹๊ณผ ๋™์ผํ•ฉ๋‹ˆ๋‹ค.

Read More

History of OWASP TOP 10

  • 1 min read

Read More

Click Jacking

  • 2 min read

๐Ÿ” Introduction

ClickJacking์€ frame ๋“ฑ์˜ ํ™˜๊ฒฝ์—์„œ User Interaction์„ ์œ ๋„ํ•˜์—ฌ ์‚ฌ์šฉ์ž๊ฐ€ ์ธ์ง€ํ•˜์ง€ ๋ชปํ•œ ์ƒํƒœ์—์„œ ์ค‘์š” ๊ธฐ๋Šฅ์„ ์ˆ˜ํ–‰์‹œํ‚ค๋„๋ก ํ•˜๋Š” ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋ก  ํ”ผ์‹ฑ๊ณผ ๊ฐ™์ด User Interaction์ด ํ•„์š”ํ•˜์ง€๋งŒ, Frame ๋‚ด ํฌ์ธํ‹ด, ํˆฌ๋ช… ๋ ˆ์ด์–ด ๋“ฑ CSS ๋‹จ ์ฒ˜๋ฆฌ๋กœ ์ด๋ฅผ ์‰ฝ๊ฒŒ ์ธ์ง€ํ•˜์ง€ ๋ชปํ•˜๋„๋ก ๊ตฌ์„ฑํ•˜์—ฌ ์ƒ๋Œ€์ ์œผ๋กœ ์„ฑ๊ณต ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์Šต๋‹ˆ๋‹ค.

Read More

Web Cache Poisoning

  • 2 min read

๐Ÿ” Introduction

Web Cache Poisoning์€ ์บ์‹œ ์„œ๋ฒ„๋“ค์˜ ์บ์‹œ ์ •์ฑ…์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์œผ๋กœ ํŠน์ •ํ•œ HTTP Request๋ฅผ ํ†ตํ•ด ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž์˜ ์„œ๋น„์Šค ๋™์ž‘์— ์˜ํ–ฅ์„ ์ค„ ์ˆ˜ ์žˆ๋Š” ๋ถ€๋ถ„๋“ค์„ Cache ์‹œ์ผœ ์„œ๋น„์Šค๋ฅผ ์ •์ƒ์ ์„ ์‚ฌ์šฉํ•˜์ง€ ๋ชปํ•˜๊ฒŒ ํ•˜๊ฑฐ๋‚˜(DOS), ๋‹ค๋ฅธ ์ทจ์•ฝ์ ๊ณผ์˜ ์—ฐ๊ณ„๋ฅผ ์œ„ํ•œ ๋ถ€๋ถ„์œผ๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

RFD Attack

  • 2 min read

๐Ÿ” Introduction

RFD(Remote File Download)๋Š” ํ™•์žฅ์ž, ํŒŒ์ผ ๋‚ด์šฉ์— ๋Œ€ํ•ด ํ†ต์ œ ๊ฐ€๋Šฅํ•œ ๋‹ค์šด๋กœ๋“œ ๊ธฐ๋Šฅ์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์œผ๋กœ ์‹ ๋ขฐ ๋„๋ฉ”์ธ์—์„œ ์‚ฌ์šฉ์ž๊ฐ€ ๊ณต๊ฒฉ์ฝ”๋“œ๊ฐ€ ํฌํ•จ๋œ ํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œํ•˜๊ณ  ์‹คํ–‰ํ•˜๋„๋ก ์œ ๋„ํ•˜์—ฌ ์‚ฌ์šฉ์ž๋‹จ ์˜์—ญ์—์„œ ๋ช…๋ น์„ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Dependency Confusion

  • 2 min read

๐Ÿ” Introduction

Dependency Confusion์€ supply chain substitution attack ์œผ๋กœ๋„ ๋ถˆ๋ฆฌ๋ฉฐ ์„œ๋น„์Šค์—์„œ ์‚ฌ์šฉ์ค‘์ธ ๋‚ด๋ถ€ ํŒจํ‚ค์ง€์™€ ๋™์ผํ•œ ์ด๋ฆ„์˜ ํŒจํ‚ค์ง€๋ฅผ ๋“ฑ๋กํ•˜์—ฌ ์•…์˜์ ์ธ ํŒจํ‚ค์ง€๊ฐ€ ์„ค์น˜ ๋˜๋„๋ก ์œ ๋„ํ•˜๋Š” ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค.

Read More

CSTI Attack

  • 1 min read

๐Ÿ” Introduction

CSTI(Client-Side Template Injection)์€ ๊ณต๊ฒฉ์ž๊ฐ€ Template ์ฝ”๋“œ๋ฅผ ๊ธฐ์กด template์— include ์‹œ์ผœ์„œ ์›ํ•˜๋Š” ์•ก์…˜์„ ์ˆ˜ํ–‰ํ•˜๋„๋ก ํ•˜๋Š” ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ์ด ๋•Œ template injection์ด ๋ฐœ์ƒํ•˜๋Š” ์œ„์น˜๊ฐ€ client-side์ธ ๊ฒฝ์šฐ CSTI๋ผ๊ณ  ๋ถ€๋ฆ…๋‹ˆ๋‹ค.

Read More

ESI Injection

  • 3 min read

๐Ÿ” Introduction

ESIi๋Š” ESI(Edge Side Include) Injection์œผ๋กœ ESI ์‚ฌ์šฉํ•˜๋Š” ํ™˜๊ฒฝ์—์„œ ํ•ด๋‹น Markup์— ๋Œ€ํ•œ Injection ๊ณต๊ฒฉ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

Relative Path Overwrite

  • 2 min read

๐Ÿ” Introduction

RPO(Relative Path Overwrite)๋Š” relative URL, ์ฆ‰ ์ƒ๋Œ€ ๊ฒฝ๋กœ ๊ธฐ๋ฐ˜์˜ URL์„ ๋ฎ์–ด์จ์„œ ์˜๋„ํ•˜์ง€ ์•Š์€ ๋™์ž‘์„ ์ˆ˜ํ–‰ํ•˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. Relative Path Confusion์ด๋ผ๊ณ ๋„ ๋ถˆ๋ฆฌ๋ฉฐ ๋ณธ ๋ฌธ์„œ์—์„œ๋Š” RPO๋กœ ํ†ต์ผํ•˜์—ฌ ์ž‘์„ฑํ•˜๊ณ˜์Šต๋‹ˆ๋‹ค.

Read More

Threat Modeling

  • 2 min read

๐Ÿšง ์ €๋„ ๊ณต๋ถ€์ค‘์ธ ๋ถ€๋ถ„์ด ๋งŽ์•„์„œ ์ž˜๋ชป๋˜๊ฑฐ๋‚˜ ์ด์ƒํ•œ ๋ถ€๋ถ„์ด ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด ๊ธ€์„ ์‹ ๋ขฐํ•˜์ง„ ๋งˆ์‹œ๊ณ , ํ˜น์‹œ๋‚˜ ์ž˜๋ชป๋œ ๋ถ€๋ถ„์ด ์žˆ์„ ๊ฒฝ์šฐ ๋Œ“๊ธ€๋กœ ์•Œ๋ ค์ฃผ์‹œ๋ฉด ์ •๋ง ๊ฐ์‚ฌํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค :D

Read More

XSHM Attack

  • 1 min read

๐Ÿ” Introduction

XSHM (Cross Site History Manipulation)์€ ์‚ฌ์šฉ์ž์˜ ๋ธŒ๋ผ์šฐ์ € ํžˆ์Šคํ† ๋ฆฌ๋ฅผ ์ด์šฉํ•œ ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์œผ๋กœ ๋‹จ์ˆœํžˆ ์ด์ „ history๋ฅผ ๋ณ€๊ฒฝํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ํŽ˜์ด์ง€๋กœ ์ด๋™๋˜๋„๋ก ํ•˜๋Š” ํ”ผ์‹ฑ ๋ฐฉ๋ฒ•๋ถ€ํ„ฐ, SOP๋ฅผ ์šฐํšŒํ•˜๊ฑฐ๋‚˜ CSRF ๋˜๋Š” IFRAME์„ ์ด์šฉํ•˜์—ฌ ์ค‘์š” ์ •๋ณด๋ฅผ ํƒˆ์ทจํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

LaTex Injection

  • 1 min read

๐Ÿ” Introduction

LaTex๋Š” TeX ๋ฌธ๋ฒ•์„ ์‚ฌ์šฉํ•˜๋Š” typesetting system ์œผ๋กœ ์ด๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ์‹œ์Šคํ…œ์—์„œ TeX ๋ฌธ๋ฒ•์„ ์ฃผ์ž…ํ•˜์—ฌ ๊ณต๊ฒฉ์ž๊ฐ€ ์›ํ•˜๋Š” ์•ก์…˜์„ ์ฒ˜๋ฆฌํ•˜๋„๋ก ์œ ๋„ํ•˜๋Š” ๊ฒƒ์œผ๋กœ LaTex Injection์ด๋ผ๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Brute Force

  • 3 min read

๐Ÿ” Introduction

Brute Force ๊ณต๊ฒฉ์€ ์ง€์ •๋œ wordlist ๋˜๋Š” ๋ฌธ์ž ํŒจํ„ด์„ ๊ธฐ๋ฐ˜์œผ๋กœ ๋ฐ˜๋ณต์ ์ธ ์›น ์š”์ฒญ์„ ๋ฐœ์ƒ์‹œ์ผœ ๋ณด์•ˆ์ ์ธ ๋ฌธ์ œ๋ฅผ ๋งŒ๋“ค์–ด๋‚ด๋Š” ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์ž…๋‹ˆ๋‹ค. ์ด๋Ÿฌํ•œ ๊ฐœ๋…์€ Fuzzing๊ณผ ์œ ์‚ฌํ•˜๋‚˜ Fuzzing์€ ์ž˜๋ชป๋œ ํ˜•์‹์„ ๋ฐ์ดํ„ฐ๋ฅผ ๋ณด๋‚ด ์„œ๋น„์Šค์˜ ๊ฒฐํ•จ์„ ์œ ๋„ํ•œ๋‹ค๋ฉด, Brute force๋Š” Password์— ๋Œ€ํ•œ ๊ณต๊ฒฉ๊ณผ ๊ฐ™์ด ํ—ˆ์šฉ๋œ ๊ฐ’์„ ์ฐพ๊ธฐ ์œ„ํ•ด ๋‹ค์ˆ˜์˜ ๋ฐ์ดํ„ฐ๋ฅผ ๋ณด๋‚ด๋Š” ๋ฐฉ์‹์ž…๋‹ˆ๋‹ค.

Read More

SSE Security

  • 3 min read

๐Ÿ” Introduction

SSE(Server-Sent Event)๋Š” Server Push ๊ธฐ์ˆ ๋กœ ์›น ์†Œ์บฃ๊ณผ ์œ ์‚ฌํ•˜๊ฒŒ ์„œ๋ฒ„์™€ Javascript๊ฐ€ ์„œ๋กœ ํ†ต์‹ ํ•˜์—ฌ ๋ฐ์ดํ„ฐ๋ฅผ ๋ฐ›์•„์˜ฌ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค๋งŒ ์›น์†Œ์ผ“์˜ ๊ฒฝ์šฐ ์–‘๋ฐฉํ–ฅ ํ†ต์‹ ์ด ๊ฐ€๋Šฅํ•˜์ง€๋งŒ, SSE๋Š” ์„œ๋ฒ„โ†’ํด๋ผ์ด์–ธํŠธ๋กœ ๋ฐ›๋Š” ์š”์ฒญ๋งŒ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Kiterunner

  • 1 min read

๐Ÿ” Introduction

Kiterunner๋Š” Assetnote์—์„œ ๋งŒ๋“  Content-Discovery ๋„๊ตฌ๋กœ ์ง€์ •ํ•œ ์œ„์น˜์— Fuzz/BruteForce ๋ฐฉ์‹์˜ ์ผ๋ฐ˜์ ์ธ ๋„๊ตฌ๊ฐ€ ์•„๋‹Œ, ์•Œ๋ ค์ง„ Swagger Spec ๋ฐ์ดํ„ฐ์™€ ์ž์ฒด ์Šคํ‚ค๋งˆ๋กœ ์••์ถ•๋œ ๋ฐ์ดํ„ฐ ์„ธํŠธ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ API ์ŠคํŽ™์„ ์ถ”์ธกํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์•Œ๋ ค์ง„ HTTP Method, Header, Path, Param ๋“ฑ์„ ์ „์†กํ•˜๋ฉฐ API Endpoint๋ฅผ ์ฐพ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More

Prototype Pollution

  • 3 min read

๐Ÿ” Introduction

Prototype Pollution์€ Javascript ์ฒ˜๋ฆฌ ๋กœ์ง์˜ ๋ฌธ์ œ๋กœ Object ๋“ค์˜ prototype์„ ์ˆ˜์ •ํ•  ์ˆ˜ ์žˆ์„ ๋•Œ ๋ฐœ์ƒํ•˜๋Š” ๋ณด์•ˆ ๋ฌธ์ œ๋ฅผ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. Object์˜ protype์„ ๋ณ€๊ฒฝํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒฝ์šฐ ์˜๋„๋œ ๋กœ์ง์„ ๋ฒ—์–ด๋‚˜๊ฑฐ๋‚˜ DOM์— ๊ด€์—ฌํ•˜์—ฌ XSS ๋“ฑ์˜ ์ถ”๊ฐ€์ ์ธ ๋ฌธ์ œ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ฌ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

IDOR Attack

  • 2 min read

๐Ÿ” Introduction

IDOR(Insecure Direct Object References)๋Š” Access Control์—์„œ ๋ฐœ์ƒํ•˜๋Š” ์ทจ์•ฝ์  ์ค‘ ์™ธ๋ถ€์— ๋…ธ์ถœ๋˜๊ฑฐ๋‚˜ ์ œ๊ณต๋˜๋Š” ์ž…๋ ฅ์ด Object์— ์ง์ ‘ ์ฐธ๊ณ ํ•˜๊ณ  ์—‘์„ธ์Šคํ•  ๋•Œ ์ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋ณธ์ธ์˜ ๊ถŒํ•œ์„ ๋„˜์–ด์„œ๋Š” ์•ก์…˜์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Type Juggling

  • 1 min read

๐Ÿ” Introduction

Type Juggling์€ ๋ณต์ˆ˜์˜ ๋ณ€์ˆ˜๋ฅผ ๋น„๊ตํ•  ๋•Œ ์‚ฌ์šฉ๋˜๋Š” Loose/Strict Comparison์— ๋”ฐ๋ผ ๊ฐœ๋ฐœ์ž๊ฐ€ ์˜๋„ํ•˜์ง€ ์•Š์€ ๊ฐ’์œผ๋กœ if ๋ฌธ ๋“ฑ์„ ํ†ต๊ณผํ•  ์ˆ˜ ์žˆ๋Š” ์ทจ์•ฝ์ ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ PHP๊ฐ€ ์˜ํ–ฅ์„ ๋ฐ›๋Š” ๊ฒƒ์œผ๋กœ ์•Œ๋ ค์ ธ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต PHP type juggling ๋˜๋Š” Magic hashes attack์œผ๋กœ ๋งŽ์ด ์•Œ๋ ค์ ธ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

SAML Injection

  • 1 min read

๐Ÿ” Introduction

SAML Injection์€ Security Assertion Markup Language (SAML) ์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” Injection ๊ณต๊ฒฉ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. SAML Process์—์„œ XML ๊ตฌ๋ฌธ ๋‚ด ๊ณต๊ฒฉ์ฝ”๋“œ๋ฅผ ํ†ตํ•ด SSO ๋“ฑ ์ธ์ฆ ๊ณผ์ •์„ ์šฐํšŒํ•˜๊ฑฐ๋‚˜ Signature ๊ฒ€์ฆ์„ ํ†ต๊ณผํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

XS-Leaks

  • 2 min read

๐Ÿ” Introduction

XS-Leaks๋Š” Cross-site Leaks๋กœ CSP, SOP์™€ ๊ฐ™์€ ๋ณด์•ˆ ์ •์ฑ…์„ ์œ„๋ฐ˜ํ•˜์ง€ ์•Š์œผ๋ฉด์„œ ๋‹ค๋ฅธ ์‚ฌ์ดํŠธ์™€์˜ ์ƒํ˜ธ์ž‘์šฉ์„ ํ†ตํ•ด ์ •๋ณด๋ฅผ ์ถ”๋ก ํ•˜๊ณ  ๊ฒฐ๊ณผ์ ์œผ๋กœ ๋ฐ์ดํ„ฐ๋ฅผ ์œ ์ถœํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ๋ฐฉ๋ฒ•์„ ๋งํ•ฉ๋‹ˆ๋‹ค. ์ „์ฒด์ ์ธ ๋Š๋‚Œ์€ CSRF์™€ ์œ ์‚ฌํ•œ ๋ถ€๋ถ„์ด ๋งŽ์ด ์žˆ์ง€๋งŒ, CSRF๊ฐ€ ์‚ฌ์šฉ์ž ๋Œ€์‹  Action์„ ์ฒ˜๋ฆฌํ•œ๋‹ค๋ฉด, XS-Leaks๋Š” ์‚ฌ์šฉ์ž์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์œ ์ถ”ํ•˜๊ณ  ์ถ”๋ก ํ•˜๋Š”๋ฐ ํฌ์ปค์‹ฑ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Github-Action Injection

  • 2 min read

๐Ÿ” Introduction

Github actions์—์„œ ์‚ฌ์šฉ์ž๊ฐ€ ์ž‘์„ฑํ•˜๋Š” workflow, ๊ฐœ๋ฐœ์ž๊ฐ€ ์ œ๊ณตํ•˜๋Š” custom actions์—์„œ ์‚ฌ์šฉ์ž ์ž…๋ ฅ ๊ฐ’์— ๋Œ€ํ•ด ์ •ํ™•ํ•˜๊ฒŒ ๊ฒ€์ฆํ•˜๊ณ  ์‚ฌ์šฉํ•˜์ง€ ์•Š์œผ๋ฉด Command Injection์˜ ๊ฐ€๋Šฅ์„ฑ์ด ์กด์žฌํ•˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ Github action injection, Github action script injection ๋“ฑ์œผ๋กœ ๋ถˆ๋ฆฝ๋‹ˆ๋‹ค.

Read More

Email Injection

  • 1 min read

๐Ÿ” Introduction

Email Injection์€ Application์—์„œ ์‚ฌ์šฉ์ž๋กœ ๋ถ€ํ„ฐ ๋ฐ›์€ ์ž…๋ ฅ ๊ฐ’์ด Email์„ ์ฒ˜๋ฆฌํ•˜๋Š”๋ฐ ์‚ฌ์šฉ๋˜๊ณ  ์ž…๋ ฅ ๊ฐ’์— ๋Œ€ํ•œ ๊ฒ€์ฆ์ด ๋ฏธํกํ•œ ๊ฒฝ์šฐ ๊ณต๊ฒฉ์ž๊ฐ€ ์•…์˜์ ์ธ ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋ฉ”์ผ ๋‚ด์šฉ ๋“ฑ์„ ๋ณ€์กฐํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

NoSQL Injection

  • 2 min read

๐Ÿ” Introduction

NoSQL Injection์€ SQL์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์œผ๋กœ ์•Œ๋ ค์ง„ DBMS๋ฅผ ์ œ์™ธํ•œ ๋‚˜๋จธ์ง€ Database์— ๋Œ€ํ•œ Injection ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ NoSQL ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋Š” ๊ธฐ์กด SQL ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋ณด๋‹ค consistency check๊ฐ€ ๋Š์Šจํ•ฉ๋‹ˆ๋‹ค. NoSQL ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋Š” relational constraints์™€ consistency check๋ฅผ ๋œ ์š”๊ตฌํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์„ฑ๋Šฅ์ด๋‚˜ ํ™•์žฅ์—์„œ์˜ ์ด์ ์ด ํฝ์ง€๋งŒ SQL ๋ฌธ๋ฒ•์ด ์•„๋‹Œ ๊ฐ๊ฐ์˜ ์‹œ์Šคํ…œ์˜ ์ฟผ๋ฆฌ ๋ฌธ๋ฒ• ๋“ฑ์— ๋Œ€ํ•œ Injection ๊ณต๊ฒฉ์€ ๋™์ผํ•˜๊ฒŒ ์˜ํ–ฅ์„ ๋ฐ›์Šต๋‹ˆ๋‹ค.

Read More

OGNL Injection

  • 1 min read

๐Ÿ” Introduction

OGNL Injection์€ OGNL(Object-Graph Navigation Language)์—์„œ ์ฝ”๋“œ๋ฅผ ์ฃผ์ž…ํ•˜๋Š” Injection ๊ณต๊ฒฉ์„ ์˜๋ฏธํ•˜๋ฉฐ, OGNL ์ž์ฒด๊ฐ€ Expression Language์˜ ์„ฑ๊ฒฉ์„ ๋„๊ธฐ ๋•Œ๋ฌธ์— SSTI ๋˜๋Š” EL Injection ๊ณผ ์œ ์‚ฌํ•ฉ๋‹ˆ๋‹ค.

Read More

EL Injection

  • 1 min read

๐Ÿ” Introduction

EL(Expression Language) Injection์€ Expression์„ ์ฒ˜๋ฆฌํ•˜๋Š” EL interpreter์— ๋Œ€ํ•œ Injection ๊ณต๊ฒฉ์œผ๋กœ SSTI, OGNL Injection๊ณผ ์œ ์‚ฌํ•จ์„ ๊ฐ€์ง‘๋‹ˆ๋‹ค.

Read More

Metasploit Framework

  • 5 min read

๐Ÿ” Introduction

Metasploit์€ ๋Œ€ํ‘œ์ ์ธ Penetration testing framework๋กœ Recon, Scan, Exploit ๋“ฑ Pentest์˜ ๊ธฐ์ˆ ์ ์ธ ๋ถ€๋ถ„์„ ๋งŽ์ด ์ปค๋ฒ„ํ•  ์ˆ˜ ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. H.D Moore๊ฐ€ ์ดˆ๊ธฐ ๊ฐœ๋ฐœํ•˜์˜€์œผ๋ฉฐ, ํ˜„์žฌ๋Š” Rapid7์—์„œ ๊ด€๋ฆฌ๋˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

File Inclusion

  • 2 min read

๐Ÿ” Introduction

File Inclusion์€ ๋™์ ์œผ๋กœ File์„ ์ฝ๊ฑฐ๋‚˜ Include(์†Œ์Šค์ฝ”๋“œ ๋‚ด Built) ํ•˜๋Š” ๊ธฐ๋Šฅ์ด ์žˆ๋Š” ๊ฒฝ์šฐ ์ด๋ฅผ ์•…์šฉํ•˜์—ฌ ์‹œ์Šคํ…œ ํŒŒ์ผ์„ ์ฝ์–ด ํƒˆ์ทจํ•˜๊ฑฐ๋‚˜ ๊ณต๊ฒฉ์ž๊ฐ€ ๋งŒ๋“ค์–ด๋‘” ์†Œ์Šค์ฝ”๋“œ๋ฅผ Include ํ•˜๋„๋ก ์œ ๋„ํ•˜๋Š” ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต LFI(Local File Inclusion)์™€ RFI(Remote File Inclusion)๋กœ ๋งŽ์ด ์•Œ๋ ค์ ธ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

How to Hack a MacOS Application

  • 4 min read

๐Ÿ” Introduction

โ€œHow to Hack a MacOS Applicationโ€์€ Apple์˜ MacOS์—์„œ ๋™์ž‘ํ•˜๋Š” ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ํ…Œ์ŠคํŒ…ํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์ „๋ฐ˜์ ์ธ ํ…Œ์ŠคํŒ… ๋ฉ”์ปค๋‹ˆ์ฆ˜๊ณผ ํ™˜๊ฒฝ ๊ตฌ์„ฑ์— ๋Œ€ํ•œ ๋‚ด์šฉ์„ ์ฃผ๋กœ ๋‹ค๋ฃน๋‹ˆ๋‹ค.

Read More

Ruby on Rails

  • 3 min read

๐Ÿ” Introduction

Rails(Ruby on Rails, RoR)๋Š” Ruby์˜ ๋Œ€ํ‘œ์ ์ธ ํ”„๋ ˆ์ž„์›Œํฌ๋กœ MVC ๋ชจ๋ธ์„ ์‚ฌ์šฉํ•˜๋Š” ํ’€์Šคํƒ ์›น ํ”„๋ ˆ์ž„์›Œํฌ์ž…๋‹ˆ๋‹ค. Ruby ํŠน์œ ์˜ ์‰ฝ๊ณ  ์ง๊ด€์ ์ธ ๋ฌธ๋ฒ•์œผ๋กœ ์ธํ•ด Rails ๋˜ํ•œ ์ฝ”๋“œ๋ฅผ ์ดํ•ดํ•˜๋Š”๋ฐ ์–ด๋ ต์ง€ ์•Š์œผ๋ฉฐ scaffold ๋“ฑ์˜ ๊ธฐ๋Šฅ์œผ๋กœ ๋น ๋ฅด๊ฒŒ ์›น ์„œ๋น„์Šค๋ฅผ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Jekyll

  • 8 min read

Introduction

Jekyll์€ Hugo, Hexo์™€ ํ•จ๊ป˜ ๊ต‰์žฅํžˆ ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” SSG(Static Site Genertor) ์ž…๋‹ˆ๋‹ค. Ruby๋กœ ๊ฐœ๋ฐœ๋˜์—ˆ๊ณ  Liquid ๋ฌธ๋ฒ•์„ ์‚ฌ์šฉํ•˜์—ฌ ํ…œํ”Œ๋ฆฟ์„ ํ†ต์ œํ•  ์ˆ˜ ์žˆ๊ณ , ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๊ธฐ๋Šฅ๋“ค ๋‹ด์€ Gem(RubyGem)์„ ์ถ”๊ฐ€ํ•˜์—ฌ ์‰ฝ๊ฒŒ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๊ธฐ๋Šฅ๋“ค์„ ๋งŒ๋“ค์–ด๋‚ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ORM Injection

  • 1 min read

๐Ÿ” Introduction

ORM Injection์€ ORM(Object Relational Mapping) Layer์—์„œ ๋ฐœ์ƒํ•˜๋Š” Injection ๊ณต๊ฒฉ์œผ๋กœ SQL Injection๊ณผ ๋ฐ€์ ‘ํ•œ ์—ฐ๊ด€์„ฑ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Subdomain Takeover

  • 1 min read

๐Ÿ” Introduction

Subdomain Takeover๋Š” Subdomain์— ๋งคํ•‘๋œ ์„œ๋ฒ„๊ฐ€ ์ œ๊ฑฐ ๋˜๋Š” ์‚ญ์ œ๋ฌ์„ ๋–„ ๊ณต๊ฒฉ์ž๊ฐ€ ํ•ด๋‹น IP, ์„ค์ • ๋“ฑ์„ ์ ์œ ํ•˜์—ฌ ์ธ์ˆ˜ํ•  ์ˆ˜ ์žˆ๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๋Œ€ํ‘œ์ ์œผ๋กœ S3, Github Page, Heroku ๋“ฑ์˜ ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•  ๋•Œ ์ž์ฃผ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค.

Read More

Zip Bomb

  • 1 min read

๐Ÿ” Introduction

Zip Bomb๋Š” Decompression bomb๋กœ๋„ ๋ถˆ๋ฆฌ๋ฉฐ ์••์ถ•์„ ํ’€์—ˆ์„ ๋•Œ ์—„์ฒญ๋‚œ ๋ฆฌ์†Œ์Šค๋ฅผ ์†Œ๋ชจํ•˜๊ฒŒ ๋งŒ๋“œ๋Š” ํŒŒ์ผ์„ ์ด์šฉํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค. ์—ฌ๋Ÿฌ๊ฒน์˜ ํŒŒ์ผ ๊ตฌ์กฐ๋ฅผ ๊ฐ€์ง€๋Š” Zip ํŒŒ์ผ์„ ๋งŒ๋“ค๊ณ  ์ด๋ฅผ ํ•ด์ œํ•˜๋Š” ์ปดํ“จํ„ฐ์— ๋ฆฌ์†Œ์Šค๋ฅผ ํฌ๊ฒŒ ์‚ฌ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์œผ๋กœ Zip์„ ํ•ด์ œํ•˜๋Š” ๊ธฐ๋Šฅ์„ ๊ฐ€์ง„ ์†Œํ”„ํŠธ์›จ์–ด๋Š” ์ฒดํฌ๊ฐ€ ํ•„์š”ํ•œ ๊ณต๊ฒฉ์ž…๋‹ˆ๋‹ค.

Read More