{"id":478257,"date":"2023-08-09T09:29:53","date_gmt":"2023-08-09T09:29:53","guid":{"rendered":""},"modified":"2023-09-05T11:16:22","modified_gmt":"2023-09-05T11:16:22","slug":"ognl-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/ognl-injection\/","title":{"rendered":"OGNL \uc8fc\uc785"},"content":{"rendered":"<p>OGNL \uc8fc\uc785\uc5d0 \ub300\ud55c \uac04\ub7b5\ud55c \uc815\ubcf4<\/p>\n<p>OGNL(Object-Graph Navigation Language) \uc8fc\uc785\uc740 \uacf5\uaca9\uc790\uac00 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc11c\ubc84\uc5d0\uc11c \uc784\uc758\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uac8c \ud558\ub294 \uc77c\uc885\uc758 \ubcf4\uc548 \ucde8\uc57d\uc810\uc785\ub2c8\ub2e4. \uc774\ub7ec\ud55c \ud615\ud0dc\uc758 \uacf5\uaca9\uc5d0\ub294 \ud2b9\uc815 \uc6f9 \ud504\ub808\uc784\uc6cc\ud06c, \ud2b9\ud788 Apache Struts\uc5d0\uc11c \uc0ac\uc6a9\ub418\ub294 OGNL \ud45c\ud604\uc2dd\uc744 \uc774\uc6a9\ud558\ub294 \uac83\uc774 \ud3ec\ud568\ub429\ub2c8\ub2e4. OGNL \uc8fc\uc785\uc73c\ub85c \uc778\ud574 \ubb34\ub2e8 \uc815\ubcf4 \uacf5\uac1c, \ub370\uc774\ud130 \uc218\uc815 \ub610\ub294 \uc804\uccb4 \uc2dc\uc2a4\ud15c \uc190\uc0c1\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>OGNL \uc8fc\uc785\uc758 \uc720\ub798\uc640 \ucd5c\ucd08 \uc5b8\uae09\uc758 \uc5ed\uc0ac<\/h2>\n<p>OGNL \uc8fc\uc785\uc740 \ub370\uc774\ud130 \uc870\uc791 \ubc0f UI \ub80c\ub354\ub9c1\uacfc \uac19\uc740 \ub2e4\uc591\ud55c \ubaa9\uc801\uc73c\ub85c OGNL \ud45c\ud604\uc2dd\uc5d0 \uc758\uc874\ud558\ub294 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubc0f \ud504\ub808\uc784\uc6cc\ud06c\uc758 \uc131\uc7a5\uacfc \ud568\uaed8 \uc54c\ub824\uc84c\uc2b5\ub2c8\ub2e4. Java \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uac1c\ubc1c\uc744 \uc704\ud55c \uc778\uae30 \uc788\ub294 \uc624\ud508 \uc18c\uc2a4 \ud504\ub808\uc784\uc6cc\ud06c\uc778 Apache Struts\uac00 \uc774 \ucde8\uc57d\uc810\uc758 \uc8fc\uc694 \ud53c\ud574\uc790\uac00 \ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<p>OGNL \uc8fc\uc785\uc774 \ucc98\uc74c\uc73c\ub85c \uacf5\uac1c\uc801\uc73c\ub85c \uc5b8\uae09\ub41c \uac83\uc740 2011\ub144 \ud55c \uc5f0\uad6c\uc6d0\uc774 Apache Struts2\uc758 \ucde8\uc57d\uc810\uc744 \ubc1c\uacac\ud588\uc744 \ub54c\uc600\uc2b5\ub2c8\ub2e4. \uc774 \uacf5\uac1c\ub294 OGNL\uacfc \uad00\ub828\ub41c \uc704\ud5d8 \ubc0f \uacf5\uaca9 \ubca1\ud130\uc5d0 \ub300\ud55c \uc77c\ub828\uc758 \ucd94\uac00 \uc870\uc0ac \ubc0f \ubc1c\uacac\uc758 \uc2dc\uc791\uc744 \uc758\ubbf8\ud569\ub2c8\ub2e4.<\/p>\n<h2>OGNL \uc8fc\uc785\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4: OGNL \uc8fc\uc785 \uc8fc\uc81c \ud655\uc7a5<\/h2>\n<p>OGNL \uc8fc\uc785\uc740 Apache Struts\uc5d0\ub9cc \uad6d\ud55c\ub418\uc9c0 \uc54a\uace0 OGNL\uc744 \uc0ac\uc6a9\ud558\ub294 \ub2e4\ub978 \ud504\ub808\uc784\uc6cc\ud06c\uc5d0\ub3c4 \uc601\ud5a5\uc744 \ubbf8\uce60 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uac15\ub825\ud55c \ud45c\ud604 \uc5b8\uc5b4\ub294 Java \uac1c\uccb4\uc758 \uc18d\uc131\uc744 \uac00\uc838\uc624\uace0 \uc124\uc815\ud558\ub3c4\ub85d \uc124\uacc4\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uc11c\ubc84\uc5d0\uc11c \ud3c9\uac00\ud560 \ub54c \uc784\uc758\uc758 Java \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \uc545\uc758\uc801\uc778 OGNL \ud45c\ud604\uc2dd\uc744 \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3>\uc2ec\uac01\uc131<\/h3>\n<p>OGNL \uc8fc\uc785\uc740 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774\ub098 \uc2dc\uc2a4\ud15c\uc5d0 \uc2ec\uac01\ud55c \uc190\uc0c1\uc744 \ucd08\ub798\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 \ub2e4\uc74c\uc73c\ub85c \uc774\uc5b4\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\uc2b9\uc778\ub418\uc9c0 \uc54a\uc740 \uc811\uadfc<\/li>\n<li>\ub370\uc774\ud130 \uc870\uc791<\/li>\n<li>\uc2dc\uc2a4\ud15c \uc778\uc218<\/li>\n<\/ul>\n<h3>\uacf5\uaca9 \ubca1\ud130<\/h3>\n<p>\uacf5\uaca9\uc790\ub294 \uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \uc548\uc804\ud558\uc9c0 \uc54a\uc740 \ucc98\ub9ac\ub97c \uc545\uc6a9\ud558\uace0 OGNL \ud45c\ud604\uc2dd\uc744 \uc870\uc791\ud569\ub2c8\ub2e4. \uc77c\ubc18\uc801\uc778 \uacf5\uaca9 \ubca1\ud130\ub294 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>HTTP \uc694\uccad \uc870\uc791<\/li>\n<li>\uc545\uc131 URL \uc81c\uc791<\/li>\n<li>\uc591\uc2dd \ub9e4\uac1c\ubcc0\uc218 \ubcc0\uacbd<\/li>\n<\/ul>\n<h2>OGNL \uc8fc\uc785\uc758 \ub0b4\ubd80 \uad6c\uc870: OGNL \uc8fc\uc785 \uc791\ub3d9 \ubc29\uc2dd<\/h2>\n<p>OGNL \uc8fc\uc785\uc740 \uacf5\uaca9\uc790\uac00 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc758 \uc785\ub825\uc5d0 \uc545\uc131 OGNL \ud45c\ud604\uc2dd\uc744 \uc8fc\uc785\ud560 \uc218 \uc788\uc744 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4. OGNL \uc8fc\uc785 \uc791\ub3d9 \ubc29\uc2dd\uc5d0 \ub300\ud55c \ub2e8\uacc4\ubcc4 \ubd84\uc11d\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li><strong>\uc0ac\uc6a9\uc790 \uc785\ub825 \ucc98\ub9ac<\/strong>: \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 OGNL \ud45c\ud604\uc2dd\uc774 \ud3ec\ud568\ub41c \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \ubd80\uc801\uc808\ud558\uac8c \ucc98\ub9ac\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ud45c\ud604 \ubd84\uc11d<\/strong>: \uc11c\ubc84\uac00 \uc545\uc131 \ud45c\ud604\uc744 \ud30c\uc2f1\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ucf54\ub4dc \uc2e4\ud589<\/strong>: \ud45c\ud604\uc2dd\uc774 \ud3c9\uac00\ub418\uc5b4 \uc11c\ubc84\uc5d0\uc11c \uc784\uc758\uc758 \ucf54\ub4dc\uac00 \uc2e4\ud589\ub429\ub2c8\ub2e4.<\/li>\n<li><strong>\uacf5\uaca9 \uacb0\uacfc<\/strong>: \uacf5\uaca9\uc790\ub294 \uc911\uc694\ud55c \ub370\uc774\ud130\uc5d0 \ub300\ud55c \ubb34\ub2e8 \uc81c\uc5b4 \ub610\ub294 \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \uc5bb\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2>OGNL \uc8fc\uc785\uc758 \uc8fc\uc694 \ud2b9\uc9d5 \ubd84\uc11d<\/h2>\n<p>OGNL \uc8fc\uc785\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \uba87 \uac00\uc9c0 \uae30\ub2a5\uc73c\ub85c \uc778\ud574 \ub450\ub4dc\ub7ec\uc9d1\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\ub2e4\uc7ac<\/strong>: \ub370\uc774\ud130 \ub3c4\uc6a9\ubd80\ud130 \uc804\uccb4 \uc2dc\uc2a4\ud15c \uc81c\uc5b4\uae4c\uc9c0 \ub2e4\uc591\ud55c \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\ubcf5\uc7a1\uc131<\/strong>: \uc545\uc758\uc801\uc778 OGNL \ud45c\ud604\uc2dd\uc744 \uc791\uc131\ud558\ub824\uba74 Java \ud658\uacbd\uacfc \ud2b9\uc815 \ud504\ub808\uc784\uc6cc\ud06c\uc5d0 \ub300\ud55c \uc9c0\uc2dd\uc774 \ud544\uc694\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ud070 \uc601\ud5a5<\/strong>: \uc131\uacf5\uc801\uc778 \uacf5\uaca9\uc73c\ub85c \uc778\ud55c \uc7a0\uc7ac\uc801 \ud53c\ud574\ub294 \uc0c1\ub2f9\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc644\ud654\ud558\uae30 \uc5b4\ub824\uc6c0<\/strong>: OGNL \uc8fc\uc785\uc5d0 \ub300\ud574 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \uc801\uc808\ud558\uac8c \ubcf4\ud638\ud558\ub824\uba74 \uc2e0\uc911\ud55c \uc785\ub825 \uac80\uc99d\uacfc \ud504\ub808\uc784\uc6cc\ud06c\uc758 \uc801\uc808\ud55c \uad6c\uc131\uc774 \ud544\uc694\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>OGNL \uc8fc\uc785 \uc720\ud615: \ud14c\uc774\ube14\uacfc \ubaa9\ub85d\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc791\uc131<\/h2>\n<p>OGNL \uc8fc\uc785\uc5d0\ub294 \uc8fc\ub85c \ub450 \uac00\uc9c0 \uc720\ud615\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\uc720\ud615<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\ud074\ub798\uc2dd OGNL \uc8fc\uc785<\/td>\n<td>\uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \uc548\uc804\ud558\uc9c0 \uc54a\uc740 \ucc98\ub9ac\ub97c \uc545\uc6a9\ud558\uc5ec \uc784\uc758 \ucf54\ub4dc\uac00 \uc2e4\ud589\ub418\ub3c4\ub85d \ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\ube14\ub77c\uc778\ub4dc OGNL \uc8fc\uc785<\/td>\n<td>\uacf5\uaca9\uc790\uac00 \uc751\ub2f5 \uc2dc\uac04 \uad00\ucc30\uacfc \uac19\uc740 \uac04\uc811\uc801\uc778 \uc218\ub2e8\uc744 \ud1b5\ud574 \uc815\ubcf4\ub97c \ucd94\ub860\ud558\ub294 \ubcf4\ub2e4 \uc740\ubc00\ud55c \ubcc0\uc885\uc785\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>OGNL \uc778\uc81d\uc158 \uc0ac\uc6a9\ubc29\ubc95\uacfc \uc0ac\uc6a9\uc5d0 \ub530\ub978 \ubb38\uc81c\uc810 \ubc0f \ud574\uacb0\ubc29\ubc95<\/h2>\n<h3>\uc0ac\uc6a9 \ubc29\ubc95<\/h3>\n<ol>\n<li><strong>\uc815\ubcf4 \uacf5\uac1c<\/strong>: \uc11c\ubc84\uc5d0\uc11c \ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \ucd94\ucd9c\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc2b9\uc778\ub418\uc9c0 \uc54a\uc740 \uc811\uadfc<\/strong>: \uc778\uc99d \uba54\ucee4\ub2c8\uc998\uc744 \uc6b0\ud68c\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc2dc\uc2a4\ud15c \uc190\uc0c1<\/strong>: \uc804\uccb4 \uc2dc\uc2a4\ud15c\uc744 \uc778\uc218\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h3>\ubb38\uc81c \ubc0f \ud574\uacb0 \ubc29\ubc95<\/h3>\n<ul>\n<li><strong>\ubb38\uc81c<\/strong>: \uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \uc548\uc804\ud558\uc9c0 \uc54a\uc740 \ucc98\ub9ac\n<ul>\n<li><strong>\ud574\uacb0\ucc45<\/strong>: \uc5c4\uaca9\ud55c \uc785\ub825 \uac80\uc99d \ubc0f \uc0ad\uc81c\ub97c \uad6c\ud604\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n<li><strong>\ubb38\uc81c<\/strong>: \ud504\ub808\uc784\uc6cc\ud06c\uc758 \uc798\ubabb\ub41c \uad6c\uc131\n<ul>\n<li><strong>\ud574\uacb0\ucc45<\/strong>: \uc801\uc808\ud55c \ubcf4\uc548 \uad6c\uc131\uc744 \uc801\uc6a9\ud558\uace0 \uc815\uae30\uc801\uc73c\ub85c \ud504\ub808\uc784\uc6cc\ud06c\ub97c \ud328\uce58 \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8\ud558\uc138\uc694.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>\ud45c\uc640 \ubaa9\ub85d \ud615\ud0dc\uc758 \uc720\uc0ac \uc6a9\uc5b4\uc640\uc758 \uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uae30\ud0c0 \ube44\uad50<\/h2>\n<table>\n<thead>\n<tr>\n<th>\ud2b9\uc9d5<\/th>\n<th>OGNL \uc8fc\uc785<\/th>\n<th>SQL \uc8fc\uc785<\/th>\n<th>\uba85\ub839 \uc8fc\uc785<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uacf5\uaca9 \ub300\uc0c1<\/td>\n<td>OGNL \ud45c\ud604\uc2dd<\/td>\n<td>SQL \ucffc\ub9ac<\/td>\n<td>\uc2dc\uc2a4\ud15c \uba85\ub839<\/td>\n<\/tr>\n<tr>\n<td>\uc601\ud5a5<\/td>\n<td>\ub192\uc740<\/td>\n<td>\ub192\uc740<\/td>\n<td>\ub192\uc740<\/td>\n<\/tr>\n<tr>\n<td>\ubcf5\uc7a1\uc131<\/td>\n<td>\ubcf4\ud1b5\uc5d0\uc11c \ub192\uc74c<\/td>\n<td>\ubcf4\ud1b5\uc758<\/td>\n<td>\ubcf4\ud1b5\uc758<\/td>\n<\/tr>\n<tr>\n<td>\uc77c\ubc18\uc801\uc778 \uc644\ud654<\/td>\n<td>\uc785\ub825 \uac80\uc99d<\/td>\n<td>\uc900\ube44\ub41c \uc9c4\uc220<\/td>\n<td>\uc785\ub825 \uac80\uc99d, \uc774\uc2a4\ucf00\uc774\ud504<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>OGNL \uc8fc\uc785\uacfc \uad00\ub828\ub41c \ubbf8\ub798\uc758 \uad00\uc810\uacfc \uae30\uc220<\/h2>\n<p>\uc6f9 \ud504\ub808\uc784\uc6cc\ud06c \ubc0f \ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\uc758 \uc9c0\uc18d\uc801\uc778 \uac1c\ubc1c\uc740 OGNL \uc8fc\uc785\uc744 \ud3ec\ud568\ud55c \uc704\ud611 \ud658\uacbd\uc744 \uc9c0\uc18d\uc801\uc73c\ub85c \ubc1c\uc804\uc2dc\ud0b5\ub2c8\ub2e4. \ubbf8\ub798\uc758 \uad00\uc810\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><strong>\uace0\uae09 \ud0d0\uc9c0 \uae30\uc220<\/strong>: \uba38\uc2e0\ub7ec\ub2dd\uacfc AI\ub97c \ud65c\uc6a9\ud558\uc5ec OGNL \uc8fc\uc785\uc744 \ud0d0\uc9c0\ud558\uace0 \uc608\ubc29\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ud504\ub808\uc784\uc6cc\ud06c \uac1c\uc120<\/strong>: \ubcf8\uc9c8\uc801\uc73c\ub85c OGNL \uc8fc\uc785 \uc704\ud5d8\uc744 \ucd5c\uc18c\ud654\ud558\ub294 \ubcf4\ub2e4 \uc548\uc804\ud55c \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uad6c\ucd95\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ubcf4\uc548 \uc778\uc2dd<\/strong>: \ubcf4\uc548 \ucf54\ub529 \uad00\ud589\uc5d0 \uad00\ud574 \uac1c\ubc1c\uc790\ub4e4 \uc0ac\uc774\uc5d0 \uad50\uc721\uacfc \uc778\uc2dd\uc774 \ub192\uc544\uc9d1\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uac70\ub098 OGNL \uc8fc\uc785\uacfc \uc5f0\uacb0\ud558\ub294 \ubc29\ubc95<\/h2>\n<p>OneProxy\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \uac83\uacfc \uac19\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 OGNL \uc8fc\uc785\uacfc \uad00\ub828\ud558\uc5ec \uacf5\uaca9\uacfc \ubc29\uc5b4 \ubaa8\ub450\uc5d0\uc11c \uc5ed\ud560\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\ubc29\uc5b4\uc801 \uc5ed\ud560<\/strong>: \uc801\uc808\ud558\uac8c \uad6c\uc131\ub41c \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \ubc30\ud3ec\ud568\uc73c\ub85c\uc368 \uc870\uc9c1\uc740 \ud2b8\ub798\ud53d\uc744 \ud544\ud130\ub9c1\ud558\uace0 \ubaa8\ub2c8\ud130\ub9c1\ud558\uc5ec OGNL \uc8fc\uc785\uc5d0 \ub300\ud55c \ucd94\uac00 \ubcf4\ud638 \uacc4\uce35\uc744 \uc81c\uacf5\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uacf5\uaca9\uc801\uc778 \uc5ed\ud560<\/strong>: \uacf5\uaca9\uc790\ub294 OGNL \uc8fc\uc785 \uacf5\uaca9\uc744 \uc218\ud589\ud558\ub294 \ub3d9\uc548 \uc790\uc2e0\uc758 \uc2e0\uc6d0\uc744 \uc228\uae30\uae30 \uc704\ud574 \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uc5ec \ud0d0\uc9c0 \ubc0f \uc5b4\ud2b8\ub9ac\ubdf0\uc158\uc744 \ub354\uc6b1 \uc5b4\ub835\uac8c \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<ol>\n<li><a href=\"https:\/\/struts.apache.org\/security\/\" target=\"_new\" rel=\"noopener nofollow\">Apache Struts \ubcf4\uc548 \uac8c\uc2dc\ud310<\/a><\/li>\n<li><a href=\"https:\/\/owasp.org\/www-project-web-security-testing-guide\/latest\/4-Web_Application_Security_Testing\/07-Input_Validation_Testing\/12-Testing_for_OGNL_Injection\" target=\"_new\" rel=\"noopener nofollow\">OGNL \uc8fc\uc785 \ud14c\uc2a4\ud2b8\uc5d0 \uad00\ud55c OWASP \uac00\uc774\ub4dc<\/a><\/li>\n<li><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/917.html\" target=\"_new\" rel=\"noopener nofollow\">OGNL \uc8fc\uc785\uc5d0 \ub300\ud55c CWE \uc138\ubd80 \uc815\ubcf4<\/a><\/li>\n<\/ol>\n<p>\uc774 \uad11\ubc94\uc704\ud55c \uac00\uc774\ub4dc\ub294 OGNL \uc8fc\uc785\uc5d0 \ub300\ud55c \ud3ec\uad04\uc801\uc778 \uc774\ud574\ub97c \uc81c\uacf5\ud558\uace0 \uadf8 \uc5ed\uc0ac, \uba54\ucee4\ub2c8\uc998, \uae30\ub2a5, \uc720\ud615 \ubc0f OneProxy\uc640 \uac19\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84\uc640\uc758 \uad00\uacc4\ub97c \uac15\uc870\ud569\ub2c8\ub2e4. \uc774\ub294 \uc774\ub7ec\ud55c \uc815\uad50\ud558\uace0 \ud53c\ud574\uac00 \ud070 \uacf5\uaca9\uc744 \ubc29\uc5b4\ud558\uae30 \uc704\ud55c \uac15\ub825\ud55c \ubcf4\uc548 \uc870\uce58\uc758 \ud544\uc694\uc131\uc744 \uac15\uc870\ud569\ub2c8\ub2e4.<\/p>","protected":false},"featured_media":478258,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478257","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>OGNL Injection<\/mark>","faq_items":[{"question":"What is OGNL Injection?","answer":"<p>OGNL Injection is a type of security vulnerability that allows an attacker to execute arbitrary code on a web application's server by exploiting OGNL expressions, which are commonly used in certain web frameworks like Apache Struts. The impact can range from unauthorized information disclosure to complete system compromise.<\/p>"},{"question":"What are the main types of OGNL Injection?","answer":"<p>There are primarily two types of OGNL Injection: Classic OGNL Injection, which exploits insecure handling of user inputs and leads to arbitrary code execution, and Blind OGNL Injection, a stealthier variant where the attacker gains information through indirect means, such as response times.<\/p>"},{"question":"How does OGNL Injection work?","answer":"<p>OGNL Injection occurs when an attacker injects malicious OGNL expressions into the application's input, which the server then parses and evaluates. This leads to the execution of arbitrary code on the server, and the attacker may gain unauthorized control or access to sensitive data.<\/p>"},{"question":"What are the key features of OGNL Injection?","answer":"<p>The key features of OGNL Injection include its versatility in malicious purposes, the complexity in crafting malicious expressions, the high impact resulting from a successful attack, and the difficulty in mitigating the vulnerability.<\/p>"},{"question":"How can OGNL Injection be prevented?","answer":"<p>OGNL Injection can be prevented by implementing strict input validation and sanitization, applying proper security configurations, and regularly updating the framework to patched versions.<\/p>"},{"question":"How is OGNL Injection different from other injections like SQL Injection?","answer":"<p>While OGNL Injection targets OGNL expressions and can lead to arbitrary code execution, SQL Injection targets SQL queries and can manipulate database queries. Command Injection, on the other hand, targets system commands. The impact is high for all these injections, but the targets and mitigation strategies vary.<\/p>"},{"question":"What are the future perspectives related to OGNL Injection?","answer":"<p>Future perspectives related to OGNL Injection include the development of advanced detection techniques using machine learning and AI, enhancements in web frameworks to minimize the risk, and increasing security awareness among developers.<\/p>"},{"question":"How can proxy servers like OneProxy be associated with OGNL Injection?","answer":"<p>Proxy servers like OneProxy can play a defensive role by filtering and monitoring traffic to provide protection against OGNL Injection. Conversely, attackers might also use proxy servers to hide their identity while conducting an OGNL Injection attack.<\/p>"},{"question":"Where can I find more information about OGNL Injection?","answer":"<p>You can find more information about OGNL Injection from sources like Apache Struts Security Bulletins, the OWASP Guide on Testing for OGNL Injection, and CWE details on OGNL Injection, all of which provide detailed insights into the vulnerability.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478257\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/478258"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=478257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}