脆弱性を作ってみた

Transcript

1. ੬ऑੑΛ࡞ͬͯΈͨ !TPUB
   
   ͖ΓΜ
   ࡶฌ.FFU6Q
   

2. ࣗݾ঺հ w ͖ΓΜͰ͢
   w !TPUB
   w ໌೔͔Βࢮͷ೔͕ؒ࢝·Γ· ͕͢Έͳ͞ΜਐḿͲ͏Ͱ͔͢

3. ੬ऑੑΛ࡞ͬͪΌͬͨͰ͸ͳ͘
   ࡞ͬͯΈͨ࿩Ͱ͢ ̃䯡ՙ☭岩ՙՊլՖ㈕ՙՊլ

4. ߈ܸຊೳͷ࿩ w ਓ͸ਐԽ͢Δલ͸Ԑͩͬͨ
   w ՐΛ࢖͍ɺಓ۩Λ࢖͍ɺङΓΛߦ͏͜ͱͰੜ͖ Ԇͼ͖ͯͨ
   w ߈ܸ͢Δ͜ͱͱ͸ੜ͖Δ͜ͱͦͷ΋ͷ

5. ਓੜ
   JT Ԑͷ࿭੕γϦʔζΑΓ

6. ϓϩάϥϚʹ͓͚Δ߈ܸຊೳ w ϓϩάϥϚ΋ਓؒ
   w ౰વɺ߈ܸຊೳΛඋ͍͑ͯΔ
   w ࣮͸ϓϩάϥϚͱ߈ܸੑ͸ີ઀ʹؔ܎ͯ͠Δͱ ݴΘΕ͍ͯΔ

7. ·͊ӕͳΜͰ͚͢Ͳ IUUQKJHPLVOPDPNFJE@IUNM

8. ·͊ӕͳΜͰ͚͢Ͳ Ͱ΋෺૽ͳਓ͕ଟ͍ؾ͸͠·͢ΑͶ IUUQKJHPLVOPDPNFJE@IUNM

9. ݱ࣮͸ݫ͍͠ IUUQTUXJUUFSDPNIULC@TUBUVT

10. ݱ࣮͸ݫ͍͠ IUUQTUXJUUFSDPNIULC@TUBUVT

11. ఘΊΔ͔͠ແ͍ͷ͔ w ߹๏తʹ߈ܸຊೳΛຬͨ͢ํ๏͕ʜ
    w ͋Γ·͊ SZ

12. $BQUVSF
    5IF
    'MBH

13. $BQUVSF
    5IF
    'MBH w ضऔΓ߹ઓ
    w αʔόʹ৵ೖͨ͠ΓηΩϡϦςΟʹ·ͭΘΔ໰ ୊Λղ͍ͯضΛऔΔ
    w 4&$$0/ͱ͔༗໊Ͱ͢ΑͶ

14. ຊ୊ w ઌ೔ɺ਎಺޲͚ʹ$5'Λ΍ͬͨ
    w ඍົʹܦݧ͕͋ͬͨͷͰ໰୊࡞Γͱ͔΍ͬͨ

15. ༷ࢠ

16. ༷ࢠ

17. ग़୊δϟϯϧΛܾΊΔ w $5'ͷकඋൣғ͸ΊͪΌͪ͘Ό๲େ
    w ҉߸
    ϑΝΠϧղੳ
    ωοτϫʔΫ
    8FC
    'PSFOTJDT

    
    QXO
    FUD
    w ࠓճ͸8FCͷਓ͕ଟ͔ͬͨͷͰ8FCଟΊʹͨ͠

18. ໰୊Λߟ͑Δ w ͱ͍ͬͯ΋ࢲ΋ॳ৺ऀͳͷͰաڈ໰ͱ͔੬ऑੑ Λௐ΂ͳ͕Βߟ͑Δ
    w ͓΋͠Ζ͔ͬͨΓֶͼʹͳΓͦ͏ͳ΋ͷ͕͋Ε ͹࠾༻͍ͯ͘͠

19. ໰୊Λߟ͑Δ

20. γφϦΦΛҙࣝ͢Δ w ͜Μͳ੬ऑੑ͕͋ͬͨΒ͜Μͳ͜ͱ͕Ͱ͖ͪΌ ͏ΑͶɺΈ͍ͨͳͷΛߟ͑Δ

21. Կݸ͔঺հ

22. ྫ͑͹
    
    ψϧόΠτ߈ܸ w /6--จࣈΛจࣈྻͷऴ୺จࣈͱͯ͠ೝࣝ͢Δ ͜ͱΛར༻ͨ͠߈ܸ
    w ࠓճ͸1)1Ͱ࣮૷ͨ͠

23. ψϧόΠτ߈ܸ <?php $filename = $_GET['filename'].'png'; echo file_get_contents($filename);

24. ψϧόΠτ߈ܸ <?php $filename = $_GET['filename'].'png'; echo file_get_contents($filename); // /index.php?filename=/etc/passwd //

    Ͱ΋.png͕अຐͦ͏…

25. ψϧόΠτ߈ܸ w ͓΋ΉΖʹJOEFYQIQ pMFOBNFUD QBTTXEʹΞΫηε͢Δ
    w ͢ΔͱpMF@HFU@DPOUFOUT͸Λऴ୺จࣈͱ ͯ͠ೝࣝ͢ΔͷͰQOH͕ࣺͯΒΕΔ

26. ψϧόΠτ߈ܸ <?php $filename = $_GET['filename'].'png'; echo file_get_contents($filename); // /index.php?filename=/etc/passwd%00 //

    ϢʔβҰཡൈ͚Δͧʂ

27. ྫ͑͹
    
    /P42-
    *OKFDUJPO w υΩϡϝϯτ%#Ͱى͖͏Δ੬ऑੑ
    w 1)1
    
    NPOHP%#Ͱ࣮૷Ͱ͖Δ

28. /P42-ΠϯδΣΫγϣϯ <?php $name = $_GET['name']; return $db->find(['name' => $name]); //

    /index.php?name=kirin

29. /P42-ΠϯδΣΫγϣϯ <?php $name = $_GET['name']; return $db->find(['name' => $name]); //

    /index.php?name[$ne]=xͬͯ΍Δͱ…

30. ྫ͑͹
    
    /P42-
    *OKFDUJPO w 1)1Ͱ͸(&5ΫΤϦετϦϯάΛ࿈૝഑ྻͰड ͚औΕΔ
    w OBNF<OF>Yͬͯ΍ΔͱҎԼͷΑ͏ͳ஋͕ ౉ͬͯ͘Δ

31. ྫ͑͹
    
    /P42-
    *OKFDUJPO w ͜ͷΫΤϦ͕ͦͷ··NPOHPʹ౉Δͱ42-Ͱ ݴ͏ͱ͜Ζͷ8)&3&
    OBNF
    
    bY`ͱ͍͏৚݅ ͕੒ཱͯ͠͠·͏

32. ͳΜͰ1)1͹͔ͬΓ͔ͬͯʁ w ؾ෇͍ͯ͠·ͬͨਓ͸ফ͞ΕΔͷͰؾ͔ͮͳ͍ ϑϦΛ͠·͠ΐ͏Ͷ ?Т?
    w 1)1Yd࢖͓͏ɺܑ͓͞Μͱͷ໿ଋͩ ?Т?

33. ଞʹ΋ʜ w ύεϫʔυ͖ͭ;*1ղੳ
    w %JHFTU#BTJD
    BVUIFOUJDBUJPO
    w 944
    w ҉߸ղੳ 305ͱ͔୯Ұ׵ࣈࣜͱ͔

34. ਅ໘໨ͳ࿩ w ࡞໰͢Δʹ͸ͭͷࢹ఺͕ඞཁ
    w ߈ܸऀࢹ఺
    w ։ൃऀࢹ఺
    w ʮప໌͚ʹ։ൃͯͨ͠ΒΪϦΪϦ͋Γ͏ΔʯΈ ͍ͨͳ΍ͭΛ࡞Δͷ͸ָ͍͠͠ษڧʹͳΔΑ

35. ·ͱΊɿ$5'͠Α͏ w ߹๏తʹ߈ܸຊೳΛຬͨͤΔͷͰΦεεϝ
    w 8FCʹݶΒͣ෯޿͍஌ࣝΛٻΊΒΕΔͷͰษڧ ʹͳΔ
    w ৗறܕ$5'΋͋ΔͷͰڵຯ͕͋Δํ͸ͥͻ