|
Á¦¸ñ |
±¹³» °ø°³ À¥ °Ô½ÃÆÇ(Á¦·Îº¸µåXE) º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
Á¶È¸¼ö |
4,882°Ç |
¡à °³¿ä
o ÃÖ±Ù ±¹³» PHP ±â¹ÝÀÇ °ø°³ À¥ °Ô½ÃÆÇ Á¦·Îº¸µå XE¿¡ ´ëÇÑ XSS °ü·Ã º¸¾È Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ[1]
o ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÑ È¨ÆäÀÌÁö º¯Á¶ ¹× ¿ø°Ý ½ÇÇà À§ÇùÀÌ ¹ß»ýÇÔ¿¡ µû¶ó, »ç¿ëÀÚ ÁÖÀÇ ¹×
Á¶¼ÓÇÑ ÆÐÄ¡°¡ ÇÊ¿äÇÔ
¡à ¿µÇâ
o ¿ø°ÝÀÇ »ç¿ëÀÚ°¡ Á¦·Îº¸µå XE °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖÀ½
o ȹµæÇÑ °ü¸®ÀÚ ±ÇÇÑÀ» ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ³»ÀÇ ÀÓÀÇÀÇ ÆÄÀÏ Àбâ, PHP ¸í·É½ÇÇà µîÀÌ °¡´ÉÇϸç,
À̸¦ ÀÌ¿ëÇÑ À¥ º¯Á¶, ¿ø°Ý ½ÇÇà µîÀÌ ¹ß»ýÇÒ ¼ö ÀÖÀ½
¡à ÇØ´ç½Ã½ºÅÛ
o ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ
- Á¦·Îº¸µå XE 1.4.0.9 ÀÌÇÏ ¹öÀü
o ¿µÇâ ¹Þ´Â ¾Ê´Â ½Ã½ºÅÛ
- Á¦·Îº¸µå XE 1.4.0.10 ¹öÀü
¡à ÇØ°á¹æ¾È
o ½Å±Ô Á¦·Îº¸µå XE ¼³Ä¡ »ç¿ëÀÚÀÇ °æ¿ì [3]
- "°ø½Ä»çÀÌÆ®(www.xpressengine.com) - Download - ÀÚ·áºÐ·ù(XE Core)" ¸Þ´º¿¡¼ Ãë¾àÁ¡ÀÌ
ÆÐÄ¡µÈ XpressEngine Core ver. 1.4.0.10 ¹öÀüÀ» ´Ù¿î·ÎµåÇÏ¿© ¼³Ä¡
o Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ¹öÀüÀÇ ±âÁ¸ Á¦·Îº¸µå XE »ç¿ëÀÚÀÇ °æ¿ì [1]
- º¯°æµÈ ÀϺΠÆÄÀÏ ¾÷µ¥ÀÌÆ®
* °ø½Ä»çÀÌÆ®(www.xpressengine.com)¿¡ Ãë¾àÁ¡ÀÌ ÆÐÄ¡µÈ xe.1.4.0.10.changed.tgz ¸¦
´Ù¿î·Îµå ¹Þ¾Æ ¾ÐÃàÀ» ÇØÁ¦ÇÏ¿© config.inc.php ÆÄÀÏ°ú func.inc.php ÆÄÀÏÀ» ¿î¿µÁßÀÎ XEÀÇ
config µð·ºÅ丮¿¡ ¼³Ä¡
- ¶Ç´Â ¼Ò½º ÄÚµå ¼öÁ¤
* ±âÁ¸ ./config/func.inc.php ÆÄÀÏ ³»¿ë ÀϺθ¦ ¾Æ·¡¿Í °°ÀÌ ¼öÁ¤
-> $attrs = preg_replce('/(\rl\nl )+on
->(click l db l click l mouse down l mouseup l mouseover l mouseout l mousemove l keydown l keyup l keypress l
load l unload l abort l error l select l change l submit l restart l resize l scorll l focus l blur lforminput l
input l invaild l drag l dragend l dragenter l dragleave l dragover l dragstart l drop l mousewheel l scroll l
canplaythrough ldurationchange l emptied l ended l error l loadeddata l loadstart l pause l play l playing l progress l
durationchange l readystartechange l seeked l seeking l stalled l suspend l timeupdate l vilumedchange l waiting l
message l show) + ( [= ] +) /is', ' _on$w-',$attrs);
¡à »ç¿ëÀÚ ÁÖÀÇ»çÇ×
o »ç¿ëÀÚµéÀº Á¦·Îº¸µå XEÀÇ °ø½Ä °øÁö»çÇ×[2]À» ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ½Å±Ô Ãë¾àÁ¡¿¡ ´ëÇÑ Á¤º¸¸¦
¼÷ÁöÇÏ°í ÀÌ¿¡ µû¸¥ Á¶Ä¡¸¦ ÃëÇؾßÇÔ
¡à ¿ë¾î Á¤¸®
o Á¦·Îº¸µå(ZeroBoard) XE: PHP ¾ð¾î·Î ÀÛ¼ºµÈ ȨÆäÀÌÁö¿ë °Ô½ÃÆÇ ¼ÒÇÁÆ®¿þ¾î ¶Ç´Â ÇÁ·¹ÀÓ¿öÅ©
o XSS(Cross Site Scripting) Ãë¾àÁ¡ : À¥»çÀÌÆ® °ü¸®ÀÚ°¡ ¾Æ´Ñ ÀÌ°¡ À¥ ÆäÀÌÁö¿¡ Ŭ¶óÀ̾ðÆ®
»çÀÌµå ½ºÅ©¸³Æ®¸¦ »ðÀÔÇÏ¿© ´Ù¸¥ »ç¿ëÀÚ°¡ À̸¦ ½ÇÇàÇÏ°Ô²û Çã¿ëÇÏ´Â Ãë¾àÁ¡
o PHP: µ¿ÀûÀÎ À¥»çÀÌÆ®¸¦ À§ÇÑ ¼¹ö Ãø ½ºÅ©¸³Æ® ¾ð¾î
¡à ±âŸ ¹®ÀÇ»çÇ×
o IE(Internet Explorer)°¡ ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ³ª¿ä?
- ¾Æ´Õ´Ï´Ù. ÇØ´ç Ãë¾àÁ¡Àº HTML5·Î ÀÎÇÑ Ãë¾àÁ¡À̹ǷΠÇöÀç HTML5¸¦ Áö¿øÇÏÁö ¾Ê´Â IE
(Internet Explorer)´Â ÇØ´çµÇÁö ¾Ê½À´Ï´Ù. ÇÏÁö¸¸ ´Ù¸¥ ½Å±Ô Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇظ¦ ÀÔÀ¸½Ç ¼ö
ÀÖÀ¸¹Ç·Î ÀÌ¿ëÀÚ ÁÖÀÇ»çÇ×À» ¼÷ÁöÇÏ½Ã±æ ¹Ù¶ø´Ï´Ù.
o Á¦·Îº¸µå XEÀÇ º¸¾È°ü·Ã °øÁö»çÀÌÆ®¸¦ ¿î¿µ Çϳª¿ä?
- ³× ¿î¿µµË´Ï´Ù. Á¦·Îº¸µå XE °ø½Ä °øÁö»çÇ× »çÀÌÆ®[2]´Â Á¦·Îº¸µå XEÀÇ Ãë¾àÁ¡ Á¤º¸ ¹×
±âŸ Á¤º¸ °øÀ¯¸¦ ¸ñÀûÀ¸·Î ¿î¿µµÇ°í ÀÖ½À´Ï´Ù.
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] http://www.xpressengine.com/18776625
[2] http://www.xpressengine.com/notice
[3] http://www.xpressengine.com/?mid=download&category_srl=18322907&package_srl=18325662
|
|