[~ing] Editor 취약점 경로 정리

에디터를 사용할 때, 설치 후 샘플페이지 및 주요취약점이 발생하는 페이지를 삭제하지 않고 사용할 경우 해당 경로를 통해 취약점이 발생합니다.

아래는 대표적으로 취약점이 발생하는 경로입니다.

[추가할 방화벽(snort) 정책(룰)]

"외부에서 내부의 test페이지로의 접근을 차단하고, 내부에서 test페이지로의 접근을 탐지한다."

1. drop tcp any any -> $내부_네트워크 any (content:"test"; sid=10000001;)

2. alert tcp $내부_네트워크 any -> any any (msg:"wp-login access"; content:"test"; sid=10000003;)

CHEditor	/editor/popup/image.html
	/cheditor/
	/core/editor/
	/board/cheditor/
	/js/cheditor/
	/cheditor4/
	/ko/cheditor4/
	/cheditor5/
	/cheditor/example/newpost.html
	/cheditor/example/modifiy.html
	/cheditor/example/multi.html
	/cheditor/imageUpload/upload.jsp
CKEditor	/ckeditor/
	/ckfinder/
	/ckfinder/ckfinder.html
	ckeditor/upload.jsp
	/ckeditor/_samples/
	/ckeditor/samples/
	/ckeditor/_samples/index.html
	/ckeditor/samples/index.html
	/skins/ckeditor/
	/_sys/_plugin/cke
Namo CrossEditor	/namo/
	/namo/index.html
	/namo/manage/index.html
	/crosseditor/
	/crosseditor/manager/
	/crosseditor/index.html
	/crosseditor/manage/index.html
	/crosseditor/manage/jsp/manager_setting.jsp
	/crosseditor/binary/upload/devshell.jsp
	/crosseditor/binary/upload/cmd.jspx
	/resources/crosseditor/
	/resources/crosseditor/index.html
	/resources/component/crosseditor/index.html
DaumEditor	/daumeditor/
	/_moduel/daumeditor/
	/daumeditor/editor.html
dext5Editor	/DEXTUpload/
	/dext5/
	/dext5upload/
	/dext5upload/sample/
	/com/dext5upload/
	/dext5upload/sample/index.html
	/dext5Upload/sample/html/sample_upload.html
	/dext5editor/admin/jsp/login.jsp
	/dext5editor/admin/jsp/uploader_setting.jsp
	/samples/index.html
	/aspupload/
	/aspupload/file_upload.html
FCKEditor	/fck/editor/
	/FCKeditor/
	/js/fckeditor/
	/feditor/editor/fckeditor.html
	/fckeditor/editor/filemanager/browser/default/browser.html
	/fckeditor/editor/filemanager/connectors/test.html
	/fckeditor/editor/filemanager/connectors/uploadtest.html
	/fckeditor/editor/filemanager/upload/test.html
	/editor/filemanager/browser/default/browser.html
	/editor/editor/filemanager/browser/default/browser.html
	/HtmlEditor/_samples/default.html
SmartEditor	/js/se2/SmartEditor2.html
	/nse/SmartEditor2.html
	/SmartEditor2.html
	/SmartEditorBasic/
	/SmartEditor2/
	/SmartEditorBasic/SEditorDemo.html
	/SEditor/popup/quick_photo/imgupload.jsp
	/smarteditor/photo_uploader/popup/file_uploader_html5.php
	/SE2/photo_uploader/popup/file_uploader_html5.php
	/smarteditor2/photo_uploader/popup/file_uploader_html5.php
	/smarteditor/popup/quick_photo/FileUploader_html5.php
	/plugin/smarteditor2/photo_uploader/popup/file_uploader_html5.php
	/photo_uploader/popup/attach_photo.js

>>에디터 취약점 사례 : https://webhack.dynu.net/?idx=20161220.001
>>참조: https://taesun1114.tistory.com/entry/주요-Editor-샘플페이지-및-취약점-발생경로

>>실습 : https://redscreen.tistory.com/69

>>에디터 종류별 특징 : https://itinformation.tistory.com/125