1. PHPÀÇ ±âº»ÀûÀÎ µ¿ÀÛÀ̳ª ¼³Á¤È¯°æº¯°æÀ» °¡Áö°í´Â ÇöÀç ÀÌ·¯ÇÑ º¸¾È ¹®Á¦Á¡À»
ÇØ°áÇÏÁö ¸øÇÑ´Ù. µû¶ó¼ ÀÌ·¯ÇÑ Ãë¾àÁ¡À» ¹æÁöÇϱâ À§Çؼ´Â PHP¸¦ »ç¿ëÇÏÁö
¸øÇϵµ·Ï ¼³Á¤Çϰųª ±×·¸Áö ¾ÊÀ» °æ¿ì ÆÄÀÏÀ» Àü¼ÛÇÒ ¼ö ¾ø´Â °Ô½ÃÆÇÀ» »ç¿ëÇÒ °ÍÀ»
±ÇÀåÇÑ´Ù. ¶Ç´Â ÆÄÀÏ Àü¼ÛÀº °¡´ÉÇϵÇ, .php ³ª .php3 ¶Ç´Â cgi È®ÀåÀÚ¸¦
°¡Áø ÆÄÀÏÀº ±× ÆÄÀϸíÀ» ¹Ù²ã¼ ÀúÀåÇÏ´Â °Ô½ÃÆÇÀ» »ç¿ëÇØ¾ß ÇÑ´Ù.
2. ´Ù¸¥ ¹æ¹ý
¾ÆÆÄÄ¡ÀÇ httpd.conf Ãß°¡ ¼³Á¤
PHP3ÀÇ °æ¿ì¿¡´Â
<Directory "/home/php/public_html/upload">
php3_engine off
</Directory>
PHP4ÀÇ °æ¿ì¿¡´Â
<Directory "/home/php/public_html/upload">
php_admin_flag engine off
</Directory>
ȤÀº .php .php3 È®ÀåÀÚ¸¦ text·Î Ãë±ÞÇÏ°Ô ÇÕ´Ï´Ù.
<Directory "/home/php/public_html/upload">
AddType application/x-httpd-php3-source .php .php3
</Directory>
<Directory>.</Directory> »çÀÌ¿¡ includesNOEXEC ¿É¼Ç »ç¿ëÇصµ µÈ´Ù³×¿ä.
(Çغ¸Áö ¾Ê¾ÒÀ½..)
ÂüÁ¶ :
1. http://www.certcc.or.kr/advisory/ka2000/ka2000-031.txt
2. http://www.sis.or.kr/mdsol/q15hint.pdf
ÇãÁ¢ Á¤¸®¿´½À´Ï´Ù ¤Ñ¤Ñ;ÈÄ¿¡ Á¤¸®µÇ¸é...´Ù½Ã ¿Ã¸±²²¿ä.
|