Web Hacking

공격기법

SQL Injection

• [Special Report] 웹 취약점과 해킹 매커니즘 #5 Blind SQL Injection
• OWASP - SQL Injection

XSS, Cross-site scripting

• XSS 공격을 직접 해보면서 알아보기(dangerouslySetInnerHTML는 얼마나 위험할까?)

LFI, Local File Inclusion

• [취약점] File Inclusion 취약점: LFI (Local File Inclusion)

RFI, Remote File Inclusion

RCE, Remote Code Execution

WebShell

EL(Expression Language) Injection at Java Spring

• EL Injection
• Expression Language Injection
• EL inejection in Spring framework
• Stefano Di Paola 등의 Expression Language Injection 보고서

CVE 관련

in Python

• Arbitrary Code Execution in Pillow / CVE-2023-50447
  • AhnLab - python pillow 패키지 보안 업데이트 권고 (CVE-2023-50447, CVE-2022-22817)

in Java Spring

• Spring 제품 보안 업데이트 권고(CVE-2024-38816)
  • NIST - CVE-2024-38816
  • Spring - CVE-2024-38816: Path traversal vulnerability in functional web frameworks